Can't install Malwarebytes

[ItielMaN]

C:\TEST>JUNCTION -S C:\

 

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

 

Failed to open \\?\C:\\pagefile.sys: The process cannot access the file because

it is being used by another process.

 

Failed to open \\?\C:\\System Volume Information: Access is denied.

 

...\\?\C:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11

d50a3a: JUNCTION

   Print Name     : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d5

0a3a_2.0.0.0_x-ww_7d5f3790

   Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d5

0a3a_2.0.0.0_x-ww_7d5f3790

 

\\?\C:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTI

ON

   Print Name     : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0

_x-ww_6e57c34e

   Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0

_x-ww_6e57c34e

 

 

---

Needless to say, CF didn't work. Same Compatibility Mode message.

[ItielMaN]

I think I'm on to something.

I've tried isolating what causes restoredefaultperms to crash (not sure if it's crashing) so I added 'pasue' command after every line, and the batch file seems to stop at:

for /f "tokens=2,*" %%a in ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage" /v "OEMCP" 2^>NUL ^| findstr OEMCP') do set OEMCP=%%b

 

It gives "Unable to set locale." error. Same happened when I ran JRT. Saw many of those lines there.

I'm not sure what it means but I don't think it's a good sign.

And for the record, OEMCP has 862 value.

As follows, the batch file would go to NOT_NT, which means my OS is not supported.

And maybe that's why CF fail to run everytime (?).

 

FWIW, I've updated my AVAST antivirus to the latest version and installed IE8. Nothing changed after a reboot. Same errors for MBAM & CF.

 

Thanks.

[AdvancedSetup]

Well since we're close to having to flatten and reinstall let me have you uninstall Avira antivirus and reboot.

Then go to the Microsoft site below and run that. Let me know how that goes.

 

Please visit the following site and run the fixit tool from Microsoft.
Fix Windows Desktop Search when it crashes or not showing results


Microsoft Fix it Solution Center
 

[AdvancedSetup]

After that then try to run the following.

 

 

 

Download Portable Windows Repair (all in one) from one of the following:
 
http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/
 
Unzip the contents into a newly created folder on your desktop.
 
Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"
 
 

 
From the main GUI do the following:
 
 
Select Tab 5 and Create System Restore Point
 
 

 
Select Start Repairs tab => Click the Start
 
 

 
The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...
 
 

 
DON'T use the computer while each scan is in progress.
 
Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log
 
 

 
 
Let me see that log, any improvement?
 

[ItielMaN]

1. Avira is not installed. Are you confusing it with AVAST? If you meant AVAST, do I have to uninstall it? It's a pain to install it all over again afterwards.

2. Will try the fixit later today.

3a. I already tried Tweaking.com fixes. Do I need to do it again?

3b. I'm running Windows XP. If you answer to #3a is yes, do I need to check the 3 last checkboxes in the picture you've provided? (Windows 8 stuff)

 

Thanks.

[AdvancedSetup]

Yes, I'm sorry I meant Avast and yes please uninstall it fully. After you remove it then run their tool to fully remove left overs.

http://files.avast.com/files/eng/aswclear.exe

 

Get Avast off of the system first, then we'll review. At this point you don't have a lot of options (again in my opinion you're wasting your time but that's up to you as a format and reinstall within a few hours would fix this guaranteed)

 

Once you've removed Avast then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs

 

Thanks

[ItielMaN]

Running FRST after fixing with the fixit thingy + uninstalling AVAST + running aswclear.exe.

The logs are attached.

No change BTW in MBAM & CF.

FRST.txt

Addition.txt

[AdvancedSetup]

Let me have you run the updated fix please.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

[ItielMaN]

FRST crashed in the middle of the fix.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015

Ran by sofia_d at 2015-07-15 23:17:35 Run:1

Running from C:\Documents and Settings\sofia_d\desktop

Loaded Profiles: sofia_d & Administrator (Available Profiles: sofia_d & Administrator)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)

HKU\S-1-5-21-515967899-583907252-682003330-1003\...\MountPoints2: {be372b5f-87be-11e0-8495-002618a3a436} - F:\KODAK_Software_Downloader.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/he-il/?ocid=iehp

HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.il/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-515967899-583907252-682003330-1003 -> DefaultScope {16F43FB5-3057-47D3-9BC5-39529247511B} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-515967899-583907252-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-515967899-583907252-682003330-1003 -> {16F43FB5-3057-47D3-9BC5-39529247511B} URL = https://www.google.com/search?q={searchTerms}

BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: bw+0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw+0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw-0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw-0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw00 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw00s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw10 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw10s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw20 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw20s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw30 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw30s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw40 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw40s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw50 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw50s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw60 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw60s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw70 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw70s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw80 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw80s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw90 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bw90s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwa0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwa0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwb0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwb0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwc0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwc0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwd0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwd0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwe0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwe0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwf0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwf0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwg0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwg0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwh0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwh0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwi0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwi0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwj0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwj0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwk0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwk0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwl0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwl0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwm0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwm0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwn0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwn0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwo0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwo0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwp0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwp0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwq0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwq0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwr0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwr0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bws0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bws0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwt0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwt0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwu0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwu0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwv0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwv0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bww0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bww0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwx0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwx0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwy0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwy0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwz0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: bwz0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

Handler: offline-8876480 - {549F974D-7733-4E30-8139-FE232E9AF0C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Tcpip\..\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773}: [DhcpNameServer] 10.0.0.138

FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]

S3 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)

S3 eapihdrv; C:\Documents and Settings\sofia_d\Local Settings\Temp\ehdrv.sys [135760 2015-06-25] (ESET)

C:\32788R22FWJFW

C:\Documents and Settings\sofia_d\Local Settings\Temp\IadHide5.dll

SetDefaultFilePermissions: "C:\Program Files"

Unlock: C:\

CMD: CMD.EXE /C ECHO Y | CHKDSK C: /R

EmptyTemp:

Reboot:

 

 

*****************

 

C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => moved successfully.

C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => moved successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => moved successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => moved successfully.

C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully.

C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully.

HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully.

"HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be372b5f-87be-11e0-8495-002618a3a436}" => key removed successfully.

HKCR\CLSID\{be372b5f-87be-11e0-8495-002618a3a436} => key not found. 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.

HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 

HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully.

HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

"HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 

"HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16F43FB5-3057-47D3-9BC5-39529247511B}" => key removed successfully.

HKCR\CLSID\{16F43FB5-3057-47D3-9BC5-39529247511B} => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}" => key removed successfully.

"HKCR\CLSID\{0347C33E-8762-4905-BF09-768834316C61}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => key removed successfully.

"HKCR\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}" => key removed successfully.

"HKCR\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}" => key removed successfully.

HKCR\CLSID\{31435657-9980-0010-8000-00AA00389B71} => key not found. 

"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully.

"HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully.

"HKCR\PROTOCOLS\Handler\bw+0" => key removed successfully.

"HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5}" => key removed successfully.

"HKCR\PROTOCOLS\Handler\bw+0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw-0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw-0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw00" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw00s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw10" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw10s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw20" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw20s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw30" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw30s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw40" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw40s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw50" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw50s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw60" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw60s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw70" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw70s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw80" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw80s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw90" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bw90s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwa0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwa0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwb0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwb0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwc0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwc0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwd0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwd0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwe0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwe0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwf0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwf0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwfile-8876480" => key removed successfully.

"HKCR\CLSID\{9462A756-7B47-47BC-8C80-C34B9B80B32B}" => key removed successfully.

"HKCR\PROTOCOLS\Handler\bwg0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwg0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwh0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwh0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwi0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwi0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwj0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwj0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwk0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwk0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwl0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwl0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwm0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwm0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwn0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwn0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwo0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwo0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwp0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwp0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwq0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwq0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwr0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwr0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bws0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bws0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwt0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwt0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwu0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwu0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwv0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwv0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bww0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bww0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwx0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwx0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwy0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwy0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwz0" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\bwz0s" => key removed successfully.

HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. 

"HKCR\PROTOCOLS\Handler\ms-itss" => key removed successfully.

"HKCR\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}" => key removed successfully.

"HKCR\PROTOCOLS\Handler\offline-8876480" => key removed successfully.

HKCR\CLSID\{549F974D-7733-4E30-8139-FE232E9AF0C5} => key not found. 

"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully.

"HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" => key removed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{56F9679E-7826-4C84-81F3-532071A8BCC5} => value not found.

HKCR\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5} => key not found. 

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773}\\DhcpNameServer => value removed successfully.

C:\Program Files\AVAST Software\Avast\WebRep\FF => not found.

msvsmon80 => Service removed successfully.

eapihdrv => Service removed successfully.

C:\32788R22FWJFW => moved successfully.

C:\Documents and Settings\sofia_d\Local Settings\Temp\IadHide5.dll => moved successfully.

"C:\Program Files" => Default permissions restored successfully.

 

 

Note that I've deliberately removed the C:\Program Files\Trend Micro entry since it contains only HJT and not leftovers of previous security product.

[ItielMaN]

BTW I've noticed that somehow some folders in C:\ drive were inaccessible after running the fix.

Ran some SetDefaultFilePermissions commands on them + ran Tweaking.com fix (reset file permissions) and it's OK now.

 

And of course MBAM & CF won't run.

[AdvancedSetup]

Okay, let's try 2 more tools and then we'll move onto a monitoring tool if it's still an issue.

 

Please delete every file, folder, etc that you can find including installers for MBAM and for Combofix. Don't want to find a trace of any of them.

 

Then ensure your antivirus is still removed and run the following.

 

 

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

 

 

Next,

 

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit
 

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.

 

 

 

[ItielMaN]

JRT was closed halfway scanning.

As I said before, many "Unable to set locale" lines appeared.

 

RogueKiller finished scanning but after closing it, no log was found on the desktop.

I scanned again but this times opened the Report button, Open TXT and this is the log it provided:

RogueKiller V10.9.1.0 [Jul  9 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : sofia_d [Administrator]

Started from : C:\Documents and Settings\sofia_d\Desktop\RogueKiller.exe

Mode : Scan -- Date : 07/16/2015 23:18:58

 

₪₪₪ Processes : 0 ₪₪₪

 

₪₪₪ Registry : 4 ₪₪₪

[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)])  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)])  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)])  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)])  -> Found

 

₪₪₪ Tasks : 0 ₪₪₪

 

₪₪₪ Files : 0 ₪₪₪

 

₪₪₪ Hosts File : 1 ₪₪₪

[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost

 

₪₪₪ Antirootkit : 0 (Driver: Loaded) ₪₪₪

 

₪₪₪ Web browsers : 0 ₪₪₪

 

₪₪₪ MBR Check : ₪₪₪

+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 +++++

--- User ---

[MBR] 5317fc5811c61de512b25d04e8677b4e

[bSP] 48bb833052546b4e3d5ff8890dabc262 : Windows XP|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB [Windows XP Bootstrap | Windows XP Bootloader]

1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 312560640 | Size: 152617 MB

User = LL1 ... OK

User = LL2 ... OK

[AdvancedSetup]

At this point I'm wondering if you're having a hardware issue. I'm not seeing anything that should be stopping or preventing these tools from running. I think you should do a hard drive test to verify no issues with the drive.

 

Please see the following link which has all sorts of links and topics for hard drive diagnostics
Hard Drive Diagnostics Tools and Utilities
 

[ItielMaN]

I thought about that already.

http://i60.tinypic.com/ndoawg.jpg

[AdvancedSetup]

I don't see anything in your picture. Please either attach it here or use a site that I'm not blocking.

 

Please download Process Monitor from Microsoft. Then run it and monitor MBAM while trying to install it and look for access denied or other errors.

https://technet.microsoft.com/en-us/Library/bb896645.aspx

 

 

You can watch this video if needed (used for a different reason but gives the basics of using it)

https://forums.malwarebytes.org/index.php?/topic/124715-runtime-error-0-440-and-339-automation-errors/

 

 

The links below are videos that go into more detail on how to use and how to try to track down issues using the tool.

Case of the Unexplained: Troubleshooting with Mark Russinovich

Case of the Unexplained: Troubleshooting with Mark Russinovich

TWC: Malware Hunting with Mark Russinovich and the Sysinternals Tools

Process Monitor Filter Tips

 

[ItielMaN]

 

I've filtered out any process that do not contain 'mbam' and filtered 'Result' to show anything that is NOT 'success'.

I can see many "NAME NOT FOUND" lines.

I've exported the results and the logfile is attached.

Logfile.rar

[AdvancedSetup]

I don't want or need MBAM filtered in or out. I need an unfiltered file of when the error happens please.

 

 

Please download aswMBR ( 4.5MB ) to your desktop.

• Double click the aswMBR.exe icon, and click Run.
• There will be a short delay before the next dialog box comes up.  Please just wait a minute or two.
• When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
• Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
• Click the Scan button to start the scan once the update has finished downloading
• On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now.  It is an actual backup of the MBR (master boot record).
 

 

 

Please zip up that MBR.dat file and attach on your next reply.

[ItielMaN]

So no filter at all?

It's attached here.

 

 

The log:

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-18 20:54:05
-----------------------------
20:54:05.734    OS Version: Windows 5.1.2600 Service Pack 3
20:54:05.734    Number of processors: 2 586 0x170A
20:54:05.734    ComputerName: SOFIA  UserName: 
20:54:06.859    Initialize success
20:54:06.937    VM: initialized successfully
20:54:06.937    VM: Intel CPU supported 
20:54:14.687    VM: supported disk I/O atapi.sys
20:59:39.078    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-12
20:59:39.078    Disk 0 Vendor: WDC_WD3200AAKS-00L9A0 01.03E01 Size: 305245MB BusType: 3
20:59:39.218    VM: Disk 0 MBR read successfully
20:59:39.218    Disk 0 MBR scan
20:59:39.218    Disk 0 Windows XP default MBR code
20:59:39.218    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       152617 MB offset 63
20:59:39.234    Disk 0 default boot code
20:59:39.250    Disk 0 Partition - 00     0F   Extended LBA            152617 MB offset 312560640
20:59:39.265    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       152617 MB offset 312560703
20:59:39.265    Disk 0 scanning sectors +625121280
20:59:39.328    Disk 0 scanning C:\WINDOWS\system32\drivers
20:59:43.578    Service scanning
20:59:50.750    Modules scanning
20:59:50.750    Disk 0 trace - called modules:
20:59:50.750    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:59:50.765    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a98cab8]
20:59:50.765    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a9909e8]
20:59:50.765    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-12[0x8a9aed98]
20:59:50.765    Disk 0 statistics 41959/0/273 @ 5.89 MB/s
20:59:50.765    Scan finished successfully
21:00:45.812    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sofia_d\Desktop\MBR.dat"
21:00:45.828    The log file has been saved successfully to "C:\Documents and Settings\sofia_d\Desktop\aswMBR.txt"
 
Just for you to know for your copy&paste template, the virus definitions is about 180MB. Things have changed since you saved this template
 

MBR.dat is attached as well.

MBR.rar

Logfile.rar

[AdvancedSetup]

Something a bit odd in the log shows that all files appear to have the exact same date and time on them that are way in the past:   12/31/1969 5:00:00 PM

 

Can you double check and see if you're seeing that too.

 

As a Technician you must have access to a Windows XP CD. You really need to run System File Checker (SFC) To Fix Issues or ensure all OS files are correct and valid.

 

 

SFC.EXE /scannow

 

http://www.bleepingcomputer.com/forums/t/43051/how-to-use-sfcexe-to-repair-system-files/

[ItielMaN]

Hmm, didn't notice that before. I don't have access to this PC at the moment, I'll double check and will be back with answer.

 

Yes, of course I have Windows XP CD but can't insert it to the CD drive remotely

On second thought.. Tomorrow I'll see my friend in work. I'll give her the CD, after that I'll do the sfc.

 

Please wait for my report.

It might take 2 days or so.

 

Thanks.

[ItielMaN]

New progress:

I can't see the 1969 but I can see 1.1.1970, 3AM.

For example:

mbam-setup-2.1.8.1057.tmp 0x400000 0xbc000 C:\DOCUME~1\sofia_d\LOCALS~1\Temp\is-G7NUR.tmp\mbam-setup-2.1.8.1057.tmp 51.52.0.0 01/01/1970 03:00:00

tv_w32.dll 0x19600000 0x40000 C:\Program Files\TeamViewer\tv_w32.dll TeamViewer GmbH 10.0.43879.0 01/01/1970 03:00:00

uxtheme.dll 0x5ad70000 0x38000 C:\WINDOWS\system32\uxtheme.dll Microsoft Corporation 6.00.2900.5512 (xpsp.080413-2105) 01/01/1970 03:00:00

lpk.dll 0x629c0000 0x9000 C:\WINDOWS\system32\lpk.dll Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2105) 01/01/1970 03:00:00

mpr.dll 0x71b20000 0x12000 C:\WINDOWS\system32\mpr.dll Microsoft Corporation 5.1.2600.5512 (xpsp.080413-0852) 01/01/1970 03:00:00

MSCTF.dll 0x74720000 0x4c000 C:\WINDOWS\system32\MSCTF.dll Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2105) 01/01/1970 03:00:00

usp10.dll 0x74d90000 0x6b000 C:\WINDOWS\system32\usp10.dll Microsoft Corporation 1.0420.2600.6421 (xpsp_sp3_qfe.130709-0421) 01/01/1970 03:00:00

MSCTFIME.IME 0x755c0000 0x2e000 C:\WINDOWS\system32\MSCTFIME.IME Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2105) 01/01/1970 03:00:00

imm32.dll 0x76390000 0x1d000 C:\WINDOWS\system32\imm32.dll Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2105) 01/01/1970 03:00:00

 

 

I went to some if these locations and files and all of them have reasonable creation date (2004, 2008 etc).

[AdvancedSetup]

Please try running this on the computer. It will clean up all the temp files in various locations pretty robustly. It should also reboot when done. Make sure any antivirus is off.

Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then run the SFC on the system.

[ItielMaN]

Meh, bummer.

Ran TFC, rebooted, ran sfc /scannow, rebooted- the same.

[AdvancedSetup]

Working on this in PM it turns out this problem was due to a corrupted user profile. Creating a new user profile the issue is resolved.

 

I'll go ahead now and close this topic.

 

Thank you

 

Ron

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!