ItielMaN Posted July 12, 2015 Author ID:975720 Share Posted July 12, 2015 C:\TEST>JUNCTION -S C:\ Junction v1.06 - Windows junction creator and reparse point viewerCopyright © 2000-2010 Mark RussinovichSysinternals - www.sysinternals.com Failed to open \\?\C:\\pagefile.sys: The process cannot access the file becauseit is being used by another process. Failed to open \\?\C:\\System Volume Information: Access is denied. ...\\?\C:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 \\?\C:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e ---Needless to say, CF didn't work. Same Compatibility Mode message. Link to post Share on other sites More sharing options...
ItielMaN Posted July 13, 2015 Author ID:975928 Share Posted July 13, 2015 I think I'm on to something.I've tried isolating what causes restoredefaultperms to crash (not sure if it's crashing) so I added 'pasue' command after every line, and the batch file seems to stop at:for /f "tokens=2,*" %%a in ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage" /v "OEMCP" 2^>NUL ^| findstr OEMCP') do set OEMCP=%%b It gives "Unable to set locale." error. Same happened when I ran JRT. Saw many of those lines there.I'm not sure what it means but I don't think it's a good sign.And for the record, OEMCP has 862 value.As follows, the batch file would go to NOT_NT, which means my OS is not supported.And maybe that's why CF fail to run everytime (?). FWIW, I've updated my AVAST antivirus to the latest version and installed IE8. Nothing changed after a reboot. Same errors for MBAM & CF. Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 14, 2015 Root Admin ID:976063 Share Posted July 14, 2015 Well since we're close to having to flatten and reinstall let me have you uninstall Avira antivirus and reboot.Then go to the Microsoft site below and run that. Let me know how that goes. Please visit the following site and run the fixit tool from Microsoft.Fix Windows Desktop Search when it crashes or not showing resultsMicrosoft Fix it Solution Center Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 14, 2015 Root Admin ID:976064 Share Posted July 14, 2015 After that then try to run the following. Download Portable Windows Repair (all in one) from one of the following: http://www.tweaking.com/content/page/windows_repair_all_in_one.htmlhttp://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.htmlhttp://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/ Unzip the contents into a newly created folder on your desktop. Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator" From the main GUI do the following: Select Tab 5 and Create System Restore Point Select Start Repairs tab => Click the Start The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start... DON'T use the computer while each scan is in progress. Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log Let me see that log, any improvement? Link to post Share on other sites More sharing options...
ItielMaN Posted July 14, 2015 Author ID:976072 Share Posted July 14, 2015 1. Avira is not installed. Are you confusing it with AVAST? If you meant AVAST, do I have to uninstall it? It's a pain to install it all over again afterwards.2. Will try the fixit later today.3a. I already tried Tweaking.com fixes. Do I need to do it again?3b. I'm running Windows XP. If you answer to #3a is yes, do I need to check the 3 last checkboxes in the picture you've provided? (Windows 8 stuff) Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 14, 2015 Root Admin ID:976112 Share Posted July 14, 2015 Yes, I'm sorry I meant Avast and yes please uninstall it fully. After you remove it then run their tool to fully remove left overs.http://files.avast.com/files/eng/aswclear.exe Get Avast off of the system first, then we'll review. At this point you don't have a lot of options (again in my opinion you're wasting your time but that's up to you as a format and reinstall within a few hours would fix this guaranteed) Once you've removed Avast then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs Thanks Link to post Share on other sites More sharing options...
ItielMaN Posted July 14, 2015 Author ID:976250 Share Posted July 14, 2015 Running FRST after fixing with the fixit thingy + uninstalling AVAST + running aswclear.exe.The logs are attached.No change BTW in MBAM & CF.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 15, 2015 Root Admin ID:976310 Share Posted July 15, 2015 Let me have you run the updated fix please. Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.Run FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.fixlist.txt Link to post Share on other sites More sharing options...
ItielMaN Posted July 15, 2015 Author ID:976548 Share Posted July 15, 2015 FRST crashed in the middle of the fix. Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015Ran by sofia_d at 2015-07-15 23:17:35 Run:1Running from C:\Documents and Settings\sofia_d\desktopLoaded Profiles: sofia_d & Administrator (Available Profiles: sofia_d & Administrator)Boot Mode: Normal ============================================== fixlist content:*****************Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exeHKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)HKU\S-1-5-21-515967899-583907252-682003330-1003\...\MountPoints2: {be372b5f-87be-11e0-8495-002618a3a436} - F:\KODAK_Software_Downloader.exeShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileHKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/he-il/?ocid=iehpHKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.il/SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-515967899-583907252-682003330-1003 -> DefaultScope {16F43FB5-3057-47D3-9BC5-39529247511B} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-515967899-583907252-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-515967899-583907252-682003330-1003 -> {16F43FB5-3057-47D3-9BC5-39529247511B} URL = https://www.google.com/search?q={searchTerms}BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: bw+0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw+0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw-0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw-0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw00 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw00s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw10 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw10s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw20 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw20s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw30 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw30s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw40 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw40s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw50 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw50s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw60 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw60s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw70 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw70s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw80 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw80s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw90 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw90s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwa0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwa0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwb0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwb0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwc0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwc0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwd0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwd0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwe0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwe0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwf0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwf0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwg0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwg0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwh0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwh0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwi0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwi0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwj0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwj0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwk0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwk0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwl0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwl0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwm0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwm0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwn0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwn0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwo0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwo0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwp0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwp0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwq0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwq0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwr0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwr0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bws0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bws0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwt0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwt0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwu0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwu0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwv0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwv0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bww0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bww0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwx0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwx0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwy0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwy0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwz0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwz0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)Handler: offline-8876480 - {549F974D-7733-4E30-8139-FE232E9AF0C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 10.0.0.138Tcpip\..\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773}: [DhcpNameServer] 10.0.0.138FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]S3 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)S3 eapihdrv; C:\Documents and Settings\sofia_d\Local Settings\Temp\ehdrv.sys [135760 2015-06-25] (ESET)C:\32788R22FWJFWC:\Documents and Settings\sofia_d\Local Settings\Temp\IadHide5.dllSetDefaultFilePermissions: "C:\Program Files"Unlock: C:\CMD: CMD.EXE /C ECHO Y | CHKDSK C: /REmptyTemp:Reboot: ***************** C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => moved successfully.C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => moved successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => moved successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => moved successfully.C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully.C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully.HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully."HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be372b5f-87be-11e0-8495-002618a3a436}" => key removed successfully.HKCR\CLSID\{be372b5f-87be-11e0-8495-002618a3a436} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully.HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully."HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. "HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16F43FB5-3057-47D3-9BC5-39529247511B}" => key removed successfully.HKCR\CLSID\{16F43FB5-3057-47D3-9BC5-39529247511B} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}" => key removed successfully."HKCR\CLSID\{0347C33E-8762-4905-BF09-768834316C61}" => key removed successfully."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => key removed successfully."HKCR\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => key removed successfully."HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}" => key removed successfully."HKCR\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}" => key removed successfully."HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}" => key removed successfully.HKCR\CLSID\{31435657-9980-0010-8000-00AA00389B71} => key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully."HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully."HKCR\PROTOCOLS\Handler\bw+0" => key removed successfully."HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5}" => key removed successfully."HKCR\PROTOCOLS\Handler\bw+0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw-0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw-0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw00" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw00s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw10" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw10s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw20" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw20s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw30" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw30s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw40" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw40s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw50" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw50s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw60" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw60s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw70" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw70s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw80" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw80s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw90" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bw90s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwa0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwa0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwb0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwb0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwc0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwc0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwd0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwd0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwe0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwe0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwf0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwf0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwfile-8876480" => key removed successfully."HKCR\CLSID\{9462A756-7B47-47BC-8C80-C34B9B80B32B}" => key removed successfully."HKCR\PROTOCOLS\Handler\bwg0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwg0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwh0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwh0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwi0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwi0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwj0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwj0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwk0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwk0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwl0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwl0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwm0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwm0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwn0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwn0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwo0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwo0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwp0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwp0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwq0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwq0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwr0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwr0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bws0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bws0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwt0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwt0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwu0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwu0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwv0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwv0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bww0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bww0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwx0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwx0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwy0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwy0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwz0" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\bwz0s" => key removed successfully.HKCR\CLSID\{549f974d-7733-4e30-8139-fe232e9af0c5} => key not found. "HKCR\PROTOCOLS\Handler\ms-itss" => key removed successfully."HKCR\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}" => key removed successfully."HKCR\PROTOCOLS\Handler\offline-8876480" => key removed successfully.HKCR\CLSID\{549F974D-7733-4E30-8139-FE232E9AF0C5} => key not found. "HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully."HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" => key removed successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{56F9679E-7826-4C84-81F3-532071A8BCC5} => value not found.HKCR\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5} => key not found. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully.HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773}\\DhcpNameServer => value removed successfully.C:\Program Files\AVAST Software\Avast\WebRep\FF => not found.msvsmon80 => Service removed successfully.eapihdrv => Service removed successfully.C:\32788R22FWJFW => moved successfully.C:\Documents and Settings\sofia_d\Local Settings\Temp\IadHide5.dll => moved successfully."C:\Program Files" => Default permissions restored successfully. Note that I've deliberately removed the C:\Program Files\Trend Micro entry since it contains only HJT and not leftovers of previous security product. Link to post Share on other sites More sharing options...
ItielMaN Posted July 15, 2015 Author ID:976566 Share Posted July 15, 2015 BTW I've noticed that somehow some folders in C:\ drive were inaccessible after running the fix.Ran some SetDefaultFilePermissions commands on them + ran Tweaking.com fix (reset file permissions) and it's OK now. And of course MBAM & CF won't run. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2015 Root Admin ID:976647 Share Posted July 16, 2015 Okay, let's try 2 more tools and then we'll move onto a monitoring tool if it's still an issue. Please delete every file, folder, etc that you can find including installers for MBAM and for Combofix. Don't want to find a trace of any of them. Then ensure your antivirus is still removed and run the following. Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next reply messageWhen completed make sure to re-enable your antivirus Next, Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bit RogueKiller 32-bit | RogueKiller 64-bitQuit all running programs.For Windows XP, double-click to start.For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.Read and accept the EULA (End User Licene Agreement)Click Scan to scan the system.When the scan completes Close the program > Don't Fix anything!Don't run any other options, they're not all bad!!Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
ItielMaN Posted July 16, 2015 Author ID:976853 Share Posted July 16, 2015 JRT was closed halfway scanning.As I said before, many "Unable to set locale" lines appeared. RogueKiller finished scanning but after closing it, no log was found on the desktop.I scanned again but this times opened the Report button, Open TXT and this is the log it provided:RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : sofia_d [Administrator]Started from : C:\Documents and Settings\sofia_d\Desktop\RogueKiller.exeMode : Scan -- Date : 07/16/2015 23:18:58 ₪₪₪ Processes : 0 ₪₪₪ ₪₪₪ Registry : 4 ₪₪₪[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Found ₪₪₪ Tasks : 0 ₪₪₪ ₪₪₪ Files : 0 ₪₪₪ ₪₪₪ Hosts File : 1 ₪₪₪[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost ₪₪₪ Antirootkit : 0 (Driver: Loaded) ₪₪₪ ₪₪₪ Web browsers : 0 ₪₪₪ ₪₪₪ MBR Check : ₪₪₪+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 +++++--- User ---[MBR] 5317fc5811c61de512b25d04e8677b4e[bSP] 48bb833052546b4e3d5ff8890dabc262 : Windows XP|VT.Unknown MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB [Windows XP Bootstrap | Windows XP Bootloader]1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 312560640 | Size: 152617 MBUser = LL1 ... OKUser = LL2 ... OK Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 17, 2015 Root Admin ID:976888 Share Posted July 17, 2015 At this point I'm wondering if you're having a hardware issue. I'm not seeing anything that should be stopping or preventing these tools from running. I think you should do a hard drive test to verify no issues with the drive. Please see the following link which has all sorts of links and topics for hard drive diagnosticsHard Drive Diagnostics Tools and Utilities Link to post Share on other sites More sharing options...
ItielMaN Posted July 17, 2015 Author ID:976911 Share Posted July 17, 2015 I thought about that already.http://i60.tinypic.com/ndoawg.jpg Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 17, 2015 Root Admin ID:976921 Share Posted July 17, 2015 I don't see anything in your picture. Please either attach it here or use a site that I'm not blocking. Please download Process Monitor from Microsoft. Then run it and monitor MBAM while trying to install it and look for access denied or other errors.https://technet.microsoft.com/en-us/Library/bb896645.aspx You can watch this video if needed (used for a different reason but gives the basics of using it)https://forums.malwarebytes.org/index.php?/topic/124715-runtime-error-0-440-and-339-automation-errors/ The links below are videos that go into more detail on how to use and how to try to track down issues using the tool.Case of the Unexplained: Troubleshooting with Mark RussinovichCase of the Unexplained: Troubleshooting with Mark RussinovichTWC: Malware Hunting with Mark Russinovich and the Sysinternals ToolsProcess Monitor Filter Tips Link to post Share on other sites More sharing options...
ItielMaN Posted July 17, 2015 Author ID:976999 Share Posted July 17, 2015 I've filtered out any process that do not contain 'mbam' and filtered 'Result' to show anything that is NOT 'success'.I can see many "NAME NOT FOUND" lines.I've exported the results and the logfile is attached.Logfile.rar Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 17, 2015 Root Admin ID:977044 Share Posted July 17, 2015 I don't want or need MBAM filtered in or out. I need an unfiltered file of when the error happens please. Please download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.There will be a short delay before the next dialog box comes up. Please just wait a minute or two.When asked if you'd like to "download the latest Avast! virus definitions", click Yes.Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.Click the Scan button to start the scan once the update has finished downloadingOn completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record). Please zip up that MBR.dat file and attach on your next reply. Link to post Share on other sites More sharing options...
ItielMaN Posted July 18, 2015 Author ID:977310 Share Posted July 18, 2015 So no filter at all?It's attached here. The log: aswMBR version 1.0.1.2290 Copyright© 2014 AVAST SoftwareRun date: 2015-07-18 20:54:05-----------------------------20:54:05.734 OS Version: Windows 5.1.2600 Service Pack 320:54:05.734 Number of processors: 2 586 0x170A20:54:05.734 ComputerName: SOFIA UserName: 20:54:06.859 Initialize success20:54:06.937 VM: initialized successfully20:54:06.937 VM: Intel CPU supported 20:54:14.687 VM: supported disk I/O atapi.sys20:59:39.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-1220:59:39.078 Disk 0 Vendor: WDC_WD3200AAKS-00L9A0 01.03E01 Size: 305245MB BusType: 320:59:39.218 VM: Disk 0 MBR read successfully20:59:39.218 Disk 0 MBR scan20:59:39.218 Disk 0 Windows XP default MBR code20:59:39.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 6320:59:39.234 Disk 0 default boot code20:59:39.250 Disk 0 Partition - 00 0F Extended LBA 152617 MB offset 31256064020:59:39.265 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152617 MB offset 31256070320:59:39.265 Disk 0 scanning sectors +62512128020:59:39.328 Disk 0 scanning C:\WINDOWS\system32\drivers20:59:43.578 Service scanning20:59:50.750 Modules scanning20:59:50.750 Disk 0 trace - called modules:20:59:50.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 20:59:50.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a98cab8]20:59:50.765 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a9909e8]20:59:50.765 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-12[0x8a9aed98]20:59:50.765 Disk 0 statistics 41959/0/273 @ 5.89 MB/s20:59:50.765 Scan finished successfully21:00:45.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sofia_d\Desktop\MBR.dat"21:00:45.828 The log file has been saved successfully to "C:\Documents and Settings\sofia_d\Desktop\aswMBR.txt" Just for you to know for your copy&paste template, the virus definitions is about 180MB. Things have changed since you saved this template MBR.dat is attached as well.MBR.rarLogfile.rar Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 21, 2015 Root Admin ID:977754 Share Posted July 21, 2015 Something a bit odd in the log shows that all files appear to have the exact same date and time on them that are way in the past: 12/31/1969 5:00:00 PM Can you double check and see if you're seeing that too. As a Technician you must have access to a Windows XP CD. You really need to run System File Checker (SFC) To Fix Issues or ensure all OS files are correct and valid. SFC.EXE /scannow http://www.bleepingcomputer.com/forums/t/43051/how-to-use-sfcexe-to-repair-system-files/ Link to post Share on other sites More sharing options...
ItielMaN Posted July 21, 2015 Author ID:977861 Share Posted July 21, 2015 Hmm, didn't notice that before. I don't have access to this PC at the moment, I'll double check and will be back with answer. Yes, of course I have Windows XP CD but can't insert it to the CD drive remotely On second thought.. Tomorrow I'll see my friend in work. I'll give her the CD, after that I'll do the sfc. Please wait for my report.It might take 2 days or so. Thanks. Link to post Share on other sites More sharing options...
ItielMaN Posted July 21, 2015 Author ID:977862 Share Posted July 21, 2015 New progress:I can't see the 1969 but I can see 1.1.1970, 3AM.For example:mbam-setup-2.1.8.1057.tmp 0x400000 0xbc000 C:\DOCUME~1\sofia_d\LOCALS~1\Temp\is-G7NUR.tmp\mbam-setup-2.1.8.1057.tmp 51.52.0.0 01/01/1970 03:00:00tv_w32.dll 0x19600000 0x40000 C:\Program Files\TeamViewer\tv_w32.dll TeamViewer GmbH 10.0.43879.0 01/01/1970 03:00:00uxtheme.dll 0x5ad70000 0x38000 C:\WINDOWS\system32\uxtheme.dll Microsoft Corporation 6.00.2900.5512 (xpsp.080413-2105) 01/01/1970 03:00:00lpk.dll 0x629c0000 0x9000 C:\WINDOWS\system32\lpk.dll Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2105) 01/01/1970 03:00:00mpr.dll 0x71b20000 0x12000 C:\WINDOWS\system32\mpr.dll Microsoft Corporation 5.1.2600.5512 (xpsp.080413-0852) 01/01/1970 03:00:00MSCTF.dll 0x74720000 0x4c000 C:\WINDOWS\system32\MSCTF.dll Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2105) 01/01/1970 03:00:00usp10.dll 0x74d90000 0x6b000 C:\WINDOWS\system32\usp10.dll Microsoft Corporation 1.0420.2600.6421 (xpsp_sp3_qfe.130709-0421) 01/01/1970 03:00:00MSCTFIME.IME 0x755c0000 0x2e000 C:\WINDOWS\system32\MSCTFIME.IME Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2105) 01/01/1970 03:00:00imm32.dll 0x76390000 0x1d000 C:\WINDOWS\system32\imm32.dll Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2105) 01/01/1970 03:00:00 I went to some if these locations and files and all of them have reasonable creation date (2004, 2008 etc). Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 22, 2015 Root Admin ID:977931 Share Posted July 22, 2015 Please try running this on the computer. It will clean up all the temp files in various locations pretty robustly. It should also reboot when done. Make sure any antivirus is off. Please Run TFC by OldTimer to clear temporary files:Download TFC from here and save it to your desktop.http://oldtimer.geekstogo.com/TFC.exeClose any open programs and Internet browsers.Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.Then run the SFC on the system. Link to post Share on other sites More sharing options...
ItielMaN Posted July 22, 2015 Author ID:978124 Share Posted July 22, 2015 Meh, bummer.Ran TFC, rebooted, ran sfc /scannow, rebooted- the same. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 12, 2015 Root Admin ID:982994 Share Posted August 12, 2015 Working on this in PM it turns out this problem was due to a corrupted user profile. Creating a new user profile the issue is resolved. I'll go ahead now and close this topic. Thank you Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 29, 2015 Root Admin ID:1009527 Share Posted December 29, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts