Jump to content

LaLuz

Honorary Members
  • Posts

    37
  • Joined

  • Last visited

Everything posted by LaLuz

  1. Thank you Mr, C. Here are the logs: # AdwCleaner v2.101 - Logfile created 12/18/2012 at 08:57:54 # Updated 16/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Mom - XXXXX # Boot Mode : Normal # Running from : C:\Documents and Settings\Mom\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek File Deleted : C:\user.js Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Deleted : HKCU\Software\IB Updater Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Deleted : HKLM\Software\IB Updater Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.8] : homepage = "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48", Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48"[...] Deleted [l.320] : homepage = "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48", Deleted [l.534] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48" ] ************************* AdwCleaner[R2].txt - [2720 octets] - [18/12/2012 08:45:48] AdwCleaner[R3].txt - [2782 octets] - [18/12/2012 08:48:02] AdwCleaner[R4].txt - [2842 octets] - [18/12/2012 08:57:30] AdwCleaner[s2].txt - [2680 octets] - [18/12/2012 08:57:54] ########## EOF - C:\AdwCleaner[s2].txt - [2740 octets] ########## # AdwCleaner v2.101 - Logfile created 12/18/2012 at 08:57:54 # Updated 16/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Mom - XXXXX # Boot Mode : Normal # Running from : C:\Documents and Settings\Mom\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek File Deleted : C:\user.js Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Deleted : HKCU\Software\IB Updater Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Deleted : HKLM\Software\IB Updater Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.8] : homepage = "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48", Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48"[...] Deleted [l.320] : homepage = "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48", Deleted [l.534] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48" ] ************************* AdwCleaner[R2].txt - [2720 octets] - [18/12/2012 08:45:48] AdwCleaner[R3].txt - [2782 octets] - [18/12/2012 08:48:02] AdwCleaner[R4].txt - [2842 octets] - [18/12/2012 08:57:30] AdwCleaner[s2].txt - [2680 octets] - [18/12/2012 08:57:54] ########## EOF - C:\AdwCleaner[s2].txt - [2740 octets] ##########
  2. OMG! please disregard my last post. You were just showing me how to disable the firewall. ok, I got the same error message when installing MB.
  3. I'm not sure what happened here. The link that you game me took me to a page with instructions to disable the firewall, so I clicked on the tab to download and It downloaded a program call 'Free.Download Manager'. I got the same 0x80040154 on multiple screens. I also noticed that it changed my home page to 'search conduct.com.
  4. I'm sorry, I forgot to answer the second question. I don't have the Pro version of Malawarebytes yet. I'm waiting to get my PC clean because I don't want to enter any of my personal information.
  5. I downloaded Java 7 update 9 but it failed the test, so then I uploaded Java 6 update 38 as per your instructions.
  6. MrC, I've started a new topic at the General Malwarebyte Anti-Malware forum, but they send me back to this forum. Please tell me how to proceed. Thank you.
  7. As I mentioned before, I have an open ticket at the Malware Removal (HijackThisLogs) and I was sent here to deal with the Malwarebytes Anti-Malware downloading issue.
  8. Im getting the following error when downloading MBam: "CoCreateInstance failed; code 0x80040154 - Class not registered". This error comes up like on 5 different screens and the only option that works is to continue. The program will download, but the tools folder is empty. I have a ticket open with the hjt forum, and I was referred to this forum for help with this issue. Here are the logs: DDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Mom at 17:25:46 on 2012-12-16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.514 [GMT -8:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre7\bin\jqs.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [nwiz] nwiz.exe /install mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349584314234 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353303973093 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9} : DHCPNameServer = 192.168.2.1 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 nwprovau . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-13 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-13 361032] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-13 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-13 44808] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-24 54760] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-11-8 238952] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-11-8 36608] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 USB_RNDIS_51;USB Remote NDIS Y Network Device Driver;c:\windows\system32\drivers\usb8023.sys [2006-2-28 12800] . =============== Created Last 30 ================ . 2012-12-15 03:07:23 290304 ----a-w- C:\subinacl.exe 2012-12-15 03:03:57 -------- d-----w- C:\RegBackup 2012-12-15 02:47:13 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-12-14 19:05:27 -------- d-----w- c:\program files\Tweaking.com 2012-12-13 15:26:08 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-13 15:26:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-13 13:25:55 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-13 13:25:34 41224 ----a-w- c:\windows\avastSS.scr 2012-12-13 13:25:18 -------- d-----w- c:\program files\AVAST Software 2012-12-13 13:25:18 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2012-12-13 01:53:14 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8b9e1413-1c55-4c20-b06f-490101927819}\mpengine.dll 2012-12-12 17:50:02 -------- d-----w- c:\documents and settings\mom\local settings\application data\Sun 2012-12-12 17:39:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-10 04:10:38 -------- d-----w- c:\program files\Microsoft ATS 2012-12-09 03:57:01 -------- d-----w- c:\documents and settings\mom\application data\ElevatedDiagnostics 2012-12-04 09:01:44 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-12-04 09:01:44 -------- d-----w- c:\windows\system32\wbem\Repository 2012-12-03 20:27:16 -------- d-----w- c:\documents and settings\mom\application data\PerformerSoft 2012-11-30 08:33:04 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-11-30 08:25:12 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys 2012-11-22 02:25:40 -------- d-sha-r- C:\cmdcons 2012-11-20 00:36:44 -------- d-----w- c:\documents and settings\mom\local settings\application data\PCHealth 2012-11-19 01:02:33 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-11-18 08:27:26 -------- d-----w- c:\windows\PIF 2012-11-18 08:27:26 -------- d-----w- C:\Inetpub . ==================== Find3M ==================== . 2012-12-13 15:25:46 746984 -c--a-w- c:\windows\system32\deployJava1.dll 2012-12-12 18:28:13 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 18:28:13 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-15 17:49:22 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll . ============= FINISH: 17:26:28.39 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 6/10/2007 11:56:43 AM System Uptime: 12/16/2012 4:20:31 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | M61VME-S2 Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket M2 | 2209/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 279 GiB total, 268.055 GiB free. E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483550333233375732204C202020202020 Manufacturer: (Standard CD-ROM drives) Name: PIONEER DVD-RW DVR-111D PNP Device ID: IDE\CDROMPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483550333233375732204C202020202020 Service: cdrom . Class GUID: Description: Device ID: ROOT\LEGACY_SASKUTIL\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_SASKUTIL\0000 Service: . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: WAN Miniport (IPX) Device ID: ROOT\MS_NDISWANIPX\0001 Manufacturer: Microsoft Name: WAN Miniport (IPX) #2 PNP Device ID: ROOT\MS_NDISWANIPX\0001 Service: NdisWan . ==== System Restore Points =================== . RP1: 12/16/2012 11:20:20 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader XI avast! Free Antivirus Control Center for KODAK Webcams EPSON Status Monitor 2 Google Chrome Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) HP Deskjet 1000 J110 series Basic Device Software HP Deskjet 1000 J110 series Help HP Deskjet 1000 J110 series Product Improvement Study Internet Explorer (Enable DEP) Itibiti RTC Java 7 Update 9 Java Auto Updater Java 6 Update 38 Junk Mail filter update Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Application Error Reporting Microsoft Automated Troubleshooting Services Shim Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OpenOffice.org 3.3 Realtek High Definition Audio Driver Samsung New PC Studio SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI Tweaking.com - Windows Repair (All in One) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 12/9/2012 9:31:38 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84c162c8, parameter3 84c166e0, parameter4 1a830001. 12/9/2012 8:00:49 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450). 12/16/2012 12:02:35 AM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 842e6000, parameter3 842e6418, parameter4 1a830000. 12/15/2012 11:24:46 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '09696709.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 12/14/2012 7:40:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 12/14/2012 7:40:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips MpFilter SBRE 12/14/2012 5:24:40 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84e87830, parameter3 84e87c48, parameter4 1a830001. 12/14/2012 1:15:57 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '40975672.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 12/13/2012 6:51:51 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '90022556.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 12/13/2012 6:07:03 AM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84505760, parameter3 84505b78, parameter4 1a830001. 12/13/2012 5:15:51 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the path specified. 12/12/2012 9:43:46 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 12/12/2012 9:18:57 AM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84aa4608, parameter3 84aa4a20, parameter4 1a830001. 12/12/2012 6:15:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE 12/12/2012 6:15:25 PM, error: Microsoft Antimalware [1119] - 12/12/2012 6:12:42 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 3604 (0xE14). 12/12/2012 4:26:25 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84a7aa20, parameter3 84a7ae38, parameter4 1a830001. 12/12/2012 4:00:33 PM, error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s). 12/12/2012 12:42:04 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 85f426e0, parameter3 85f42af8, parameter4 1a830001. 12/12/2012 12:41:46 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84b9b608, parameter3 84b9ba20, parameter4 1a830001. 12/12/2012 12:00:32 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '93037758.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 12/12/2012 11:25:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/12/2012 11:23:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 12/12/2012 11:18:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 12/12/2012 11:07:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '22140061.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 12/12/2012 11:05:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips MpFilter SBRE 12/11/2012 12:26:37 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001A4D64E23B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
  9. I run mbam-clean.exe and then proceded to download Malwarebytes, but I got the same 'coinstance error 0x80040154'.
  10. What are the procedures for XP to dowload ziprunas? Vista and Windows 7 users: 1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")
  11. I'm so sorry Mr. C, I guess I'm so overwhelmed with all these issues that I'm not making any sense. I was just trying to explain to you all the issues that I'm still having with the computer to see if they are all related and asking for your guidance. I was finally I able to download Java 6 update 38, but Java 7 is still not working.
  12. Mr. C, Please excuse my ignorance, but i have not been able to download Java version 6 update 38. I've been trying to follow the instructions from the link that you have provided and I'm getting nowhere I also wanted you to know that I was trying to install a fresh copy of Malwarebytes Anti-Malware and I'm getting the following error on about 5 different screens: "CoCreateInstance failed; code 0x80040154 Class not resgistered". I think that might have something to do with the tools folder being empty on my first installation. My computer is still acting up, so I run ComboFix once again on safemode and got the same results Should I open a new ticket?
  13. I deleted trojan.Alureon.E using Avast and a program call aswMBR. It was installed on a separate partition, so the program made the necesary adjustments to be able to delete that partition. I ran that program like three times, got rid of Microsoft Security Essentials, and installed Avast instead. Here is the log: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-13 04:30:56 ----------------------------- 04:30:56.187 OS Version: Windows 5.1.2600 Service Pack 3 04:30:56.187 Number of processors: 2 586 0x4B02 04:30:56.187 ComputerName: XXXXXXX UserName: Mom 04:30:57.125 Initialize success 04:34:20.093 AVAST engine defs: 12121300 04:34:54.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 04:34:54.625 Disk 0 Vendor: ST3300620A 3.AAE Size: 286167MB BusType: 3 04:34:54.640 Disk 0 MBR read successfully 04:34:54.640 Disk 0 MBR scan 04:34:54.671 Disk 0 Windows XP default MBR code 04:34:54.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63 04:34:54.703 Disk 0 Partition 2 00 0E FAT16 LBA NTFS 7 MB offset 586051200 04:34:54.703 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk] 04:34:54.703 Disk 0 MBR [sST] **ROOTKIT** 04:34:54.703 Disk 0 trace - called modules: 04:34:54.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 04:34:54.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8602eab8] 04:34:54.703 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000066[0x85f949e8] 04:34:54.703 5 ACPI.sys[f7330620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85fae940] 04:34:55.140 AVAST engine scan C:\WINDOWS 04:35:06.703 AVAST engine scan C:\WINDOWS\system32 04:37:36.859 AVAST engine scan C:\WINDOWS\system32\drivers 04:37:53.531 AVAST engine scan C:\Documents and Settings\Mom 04:39:48.734 AVAST engine scan C:\Documents and Settings\All Users 04:40:07.343 Verifying 04:40:17.343 Disk 0 Windows 501 MBR fixed successfully 04:40:21.062 Scan finished successfully 04:40:50.484 Disk 0 MBR read successfully 04:40:50.484 Verifying disinfection 04:41:07.046 Disinfection error 04:41:14.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mom\Desktop\MBR.dat" 04:41:14.968 The log file has been saved successfully to "C:\Documents and Settings\Mom\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-13 04:51:44 ----------------------------- 04:51:44.828 OS Version: Windows 5.1.2600 Service Pack 3 04:51:44.828 Number of processors: 2 586 0x4B02 04:51:44.828 ComputerName: XXXXXXX UserName: Mom 04:51:45.375 Initialize success 04:52:03.640 AVAST engine defs: 12121300 04:52:36.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 04:52:36.421 Disk 0 Vendor: ST3300620A 3.AAE Size: 286167MB BusType: 3 04:52:36.437 Disk 0 MBR read successfully 04:52:36.437 Disk 0 MBR scan 04:52:36.484 Disk 0 Windows XP default MBR code 04:52:36.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63 04:52:36.500 Disk 0 Partition 2 00 0E FAT16 LBA NTFS 7 MB offset 586051200 04:52:36.500 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk] 04:52:36.500 Disk 0 MBR [sST] **ROOTKIT** 04:52:36.500 Disk 0 trace - called modules: 04:52:36.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 04:52:36.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86074ab8] 04:52:36.515 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000066[0x8607a9e8] 04:52:36.515 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85fb2d98] 04:52:36.953 AVAST engine scan C:\WINDOWS 04:52:50.703 AVAST engine scan C:\WINDOWS\system32 04:55:22.890 AVAST engine scan C:\WINDOWS\system32\drivers 04:55:38.921 AVAST engine scan C:\Documents and Settings\Mom 04:57:25.859 AVAST engine scan C:\Documents and Settings\All Users 04:57:50.484 Scan finished successfully 05:05:22.515 Disk 0 MBR read successfully 05:05:22.515 Verifying disinfection 05:05:38.718 Disinfection error 05:05:46.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mom\Desktop\MBR.dat" 05:05:46.312 The log file has been saved successfully to "C:\Documents and Settings\Mom\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-13 05:06:57 ----------------------------- 05:06:57.343 OS Version: Windows 5.1.2600 Service Pack 3 05:06:57.343 Number of processors: 2 586 0x4B02 05:06:57.343 ComputerName: XXXXXX UserName: Mom 05:06:57.937 Initialize success 05:07:09.484 AVAST engine defs: 12121300 05:07:52.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 05:07:52.640 Disk 0 Vendor: ST3300620A 3.AAE Size: 286167MB BusType: 3 05:07:52.656 Disk 0 MBR read successfully 05:07:52.656 Disk 0 MBR scan 05:07:52.687 Disk 0 Windows XP default MBR code 05:07:52.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63 05:07:52.703 Disk 0 scanning sectors +586051200 05:07:52.796 Disk 0 scanning C:\WINDOWS\system32\drivers 05:08:00.703 Service scanning 05:08:11.937 Modules scanning 05:08:19.406 Disk 0 trace - called modules: 05:08:19.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 05:08:19.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86074ab8] 05:08:19.437 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000066[0x8607a9e8] 05:08:19.437 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85fb2d98] 05:08:20.109 AVAST engine scan C:\WINDOWS 05:08:35.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mom\Desktop\MBR.dat" 05:08:35.593 The log file has been saved successfully to "C:\Documents and Settings\Mom\Desktop\aswMBR.txt" P.S. I still was not able to download Java after following your instructions
  14. I would like to thank you for your time and patience with me, I've been so frustrated with this "lovely" computer that I have not taken the time to show any appreciation for all that you have already accomplish. The computer is running real good compare to how it was. I downloaded Security Essentials again, and now it detected a trojan.Alureon.E GRRRRRRRRRRR! This is driving me to drinking! I've run a new copy of ComboFix, and I'm still getting the same results At this point, do you think I'm better off re-formating the hard drive and starting fresh? I would hate to do that, since I don't even have the set-up disks, and everything else seems to be working great. Please advice
  15. I've uninstalled Java successfully, but I have not been able to install it back. After it has finished installing It, I clicked on the link to test the installation but it doesn't work. I've uninstalled and re-installed it several times, but it's not working. As far as Adove goes, it's telling me that it cannot find any updates available. I have not performed the other steps because I'm not sure if you wanted me to do them in the same order as they are listed.
  16. Here is the log: Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 26 Java 6 Update 22 Java 6 Update 2 Java 6 Update 3 Java 6 Update 4 Java 6 Update 5 Java 6 Update 7 Java version out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````
  17. Yes, the same two messages. The first one says that i'm infected with rootkit.ZeroAccess, and the second one says that Rootkit was found and that it has to reboot.
  18. Only one of those entries came up when I run roguekiller again andOI deleted it. As you can see on this log it found something else, but I left it alone. The computer is running ok, sometimes when I restart it would give me some Windows errors. Like I've said before, I'm not using the internet until I know for sure that it's not infected. I downloaded the Malwarebytes Anti-Malware program again, but I can't get it to go on protection mode. I would like to buy the Pro version as soon as it is safe to pay for something online. Here is a new roguekiller report: RogueKiller V8.3.1 [Dec 5 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Mom [Admin rights] Mode : Scan -- Date : 12/05/2012 23:40:05 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [RUN][sUSP PATH] HKUS\S-1-5-21-842925246-1364589140-725345543-1003[...]\Run : DW6 ("C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3300620A +++++ --- User --- [MBR] 79df028273a97584cfb60176d9b2ee54 [bSP] 3f903f77b0b0c3317501e155942ab72e : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286157 Mo 1 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 586051200 | Size: 7 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[20]_S_12052012_02d2340.txt >> RKreport[10]_S_11292012_02d1325.txt ; RKreport[11]_D_11292012_02d1327.txt ; RKreport[12]_S_12012012_02d2152.txt ; RKreport[13]_S_12032012_02d1702.txt ; RKreport[14]_S_12042012_02d1332.txt ; RKreport[15]_S_12042012_02d1915.txt ; RKreport[16]_S_12052012_02d2321.txt ; RKreport[17]_D_12052012_02d2325.txt ; RKreport[18]_D_12052012_02d2327.txt ; RKreport[19]_S_12052012_02d2329.txt ; RKreport[1]_S_11222012_02d0149.txt ; RKreport[20]_S_12052012_02d2340.txt ; RKreport[2]_S_11272012_02d1635.txt ; RKreport[3]_H_11272012_02d1638.txt ; RKreport[4]_PR_11272012_02d1639.txt ; RKreport[5]_DN_11272012_02d1639.txt ; RKreport[6]_SC_11272012_02d1641.txt ; RKreport[7]_S_11272012_02d2008.txt ; RKreport[8]_S_11272012_02d2202.txt ; RKreport[9]_S_11282012_02d1914.txt
  19. All that I know about ComboFix is that I've been seeing that program run in my dreams now...he..he.. Here are all three logs, and I'm including a new one from ComboFix: RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Safe mode with network support User : Mom [Admin rights] Mode : Scan -- Date : 12/04/2012 19:15:55 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3300620A +++++ --- User --- [MBR] 79df028273a97584cfb60176d9b2ee54 [bSP] 3f903f77b0b0c3317501e155942ab72e : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286157 Mo 1 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 586051200 | Size: 7 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[15]_S_12042012_02d1915.txt >> RKreport[10]_S_11292012_02d1325.txt ; RKreport[11]_D_11292012_02d1327.txt ; RKreport[12]_S_12012012_02d2152.txt ; RKreport[13]_S_12032012_02d1702.txt ; RKreport[14]_S_12042012_02d1332.txt ; RKreport[15]_S_12042012_02d1915.txt ; RKreport[1]_S_11222012_02d0149.txt ; RKreport[2]_S_11272012_02d1635.txt ; RKreport[3]_H_11272012_02d1638.txt ; RKreport[4]_PR_11272012_02d1639.txt ; RKreport[5]_DN_11272012_02d1639.txt ; RKreport[6]_SC_11272012_02d1641.txt ; RKreport[7]_S_11272012_02d2008.txt ; RKreport[8]_S_11272012_02d2202.txt ; RKreport[9]_S_11282012_02d1914.txt mbar-log-2012-12-04 (19-42-49).txt ComboFix 12.04.2.txt TDSSKiller.2.8.15.0_29.11.2012_23.28.50_log.txt
  20. ok, that did it. I'm able to launch the internet now, but according to ComboFix I'm still infected with Rootkit.ZeroAccess. I'm affraid to use the internet since that virus is still there and my personal information is not protected. Most of the icons on my programs list on the start menu are empty, so they don't work. I've followed the procedures to remove ComboFix, downloaded a fresh copy, but the only way as I can get it to produce a report is running it on safemode. Here is the log: ComboFix 12-12-02.01 - Mom 12/04/2012 1:10.26.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.785 [GMT -8:00] Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\roboot.exe . Infected copy of c:\windows\system32\drivers\swmidi.sys was found and disinfected Restored copy from - The cat found it . ((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 ))))))))))))))))))))))))))))))) . . 2012-12-04 09:01 . 2012-12-04 09:01 -------- d-----w- c:\windows\system32\wbem\Repository 2012-12-04 00:08 . 2012-12-04 00:08 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-12-03 20:27 . 2012-12-04 01:28 -------- d-----w- c:\documents and settings\Mom\Application Data\PerformerSoft 2012-12-03 20:24 . 2012-12-03 20:24 447 ----a-w- C:\user.js 2012-12-03 02:09 . 2012-12-03 02:09 -------- d-----w- C:\Fix 2012-11-30 08:33 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-11-30 08:25 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys 2012-11-20 00:36 . 2012-11-20 00:36 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\PCHealth 2012-11-19 01:02 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-11-18 08:27 . 2012-11-18 08:27 -------- d-----w- c:\windows\PIF 2012-11-18 08:27 . 2012-11-18 08:27 -------- d-----w- C:\Inetpub 2012-11-17 22:35 . 2012-11-17 22:35 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes 2012-11-17 22:34 . 2012-11-17 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-17 22:34 . 2012-12-04 07:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-17 22:34 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-15 17:47 . 2012-11-15 17:47 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-15 08:32 . 2012-11-15 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro 2012-11-15 08:23 . 2012-11-15 08:23 -------- d-----w- c:\documents and settings\Mom\Application Data\FCTB000100567 2012-11-15 08:21 . 2012-11-15 16:48 -------- d-----w- c:\documents and settings\Mom\Application Data\Yahoo! 2012-11-14 17:39 . 2012-11-14 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\90A8C4FBA62688B4000090A834578CCF 2012-11-14 16:48 . 2012-11-14 16:48 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{283AE813-6F90-47F6-A9EE-6C1CE2E6A842}\offreg.dll 2012-11-14 16:39 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{283AE813-6F90-47F6-A9EE-6C1CE2E6A842}\mpengine.dll 2012-11-08 19:44 . 2010-07-05 03:07 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe 2012-11-08 19:44 . 2010-06-14 17:32 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys 2012-11-08 19:44 . 2010-06-14 17:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll 2012-11-08 19:44 . 2012-11-08 19:44 -------- d-----w- c:\documents and settings\Mom\Application Data\Samsung 2012-11-08 19:43 . 2012-11-08 19:43 -------- d-----w- c:\program files\MarkAny 2012-11-08 19:34 . 2012-11-08 19:34 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Downloaded Installations 2012-11-08 19:24 . 2012-11-08 19:42 -------- d-----w- c:\program files\SAMSUNG 2012-11-08 19:23 . 2012-11-08 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 17:49 . 2007-06-10 11:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-10-22 08:37 . 2006-02-28 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-12 05:56 . 2011-12-30 15:48 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-02 18:04 . 2006-02-28 12:00 58368 ----a-w- c:\windows\system32\synceng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2006-08-16 1617920] "RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760] "EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864] "LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\Mom\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - [N/A] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk backup=c:\windows\pss\PalTalk.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017 . S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [11/8/2012 11:44 AM 238952] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/17/2012 2:34 PM 399432] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/17/2012 2:34 PM 676936] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [11/8/2012 11:44 AM 36608] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/3/2012 4:08 PM 35144] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/17/2012 2:34 PM 22856] S3 USB_RNDIS_51;USB Remote NDIS Y Network Device Driver;c:\windows\system32\drivers\usb8023.sys [2/28/2006 4:00 AM 12800] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-46729648.sys SafeBoot-94686418.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-04 01:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1156) c:\windows\system32\WININET.dll . Completion time: 2012-12-04 01:19:06 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-04 09:19 . Pre-Run: 286,421,213,184 bytes free Post-Run: 286,479,024,128 bytes free . - - End Of File - - 6FD9B528558D4923D661446BCC6591CC
  21. I've downloaded a fresh copy of ComboFix and I've notice that now it created a folder on my C drive, the new log is attached. I still cannot launch the internet after running the Internet Repair program. The screen flashes and dissapears. As far as the Softnonic connection program I was not able to download it as it gave me a message saying that the Windows Installer service cound not be accessed, but it downloaded some program call PCP_Claro.exe which after running it said that it had found 7thousand something files or entries that were wrong. I just exit it because it was sayng that I had to purshase the full version in order to fix my computer. Here are the logs for the Internet Repair programt: ./ (o o) --------------------------------------oOOo-(_)-oOOo-------------------------------------- [03/12/2012 12:15:25] Resetting all TCP/IP Interfaces, Please wait..... ----------------------------------------------------------------------------------------- [03/12/2012 12:15:27] TCP/IP Stack reset successful. [03/12/2012 12:15:27] TCP/IP Reset log located @ [C:\Documents and Settings\Mom\Desktop\Complete Internet Repair\Logging\CIRReset.log] [03/12/2012 12:15:28] TCP/IP interfaces reset successful. [03/12/2012 12:15:29] The TCP/IP v6 protocol might not be installed. [03/12/2012 12:15:29] Click on 'Commands' then 'Install IP6 protocol' to install TCP/IP v6. [03/12/2012 12:15:29] You may need to restart your computer for the settings to take effect. [03/12/2012 12:15:29] Finished resetting the Internet Protocol (TCP/IP). ----------------------------------------------------------------------------------------- [03/12/2012 12:15:29] Attempting to reset Winsock catalog, Please wait..... ----------------------------------------------------------------------------------------- [03/12/2012 12:15:32] Successfully reset the Winsock Catalog. [03/12/2012 12:15:32] Finished repairing Winsock ----------------------------------------------------------------------------------------- [03/12/2012 12:15:32] Releasing TCP/IP connections, Please wait..... ----------------------------------------------------------------------------------------- [03/12/2012 12:15:32] Successfully released TCP/IP connections. ----------------------------------------------------------------------------------------- [03/12/2012 12:15:32] Renewing TCP/IP connections, Please wait..... ----------------------------------------------------------------------------------------- [03/12/2012 12:15:35] Successfully renewed TCP/IP adapters. ----------------------------------------------------------------------------------------- [03/12/2012 12:15:35] Configuring the Windows Event Log Service, Please wait..... ----------------------------------------------------------------------------------------- [03/12/2012 12:15:36] Windows Event Log Service Configured. [03/12/2012 12:15:36] Starting the Windows Event Log Service..... [03/12/2012 12:15:36] Windows Event Log Service Started Successfully. ----------------------------------------------------------------------------------------- [03/12/2012 12:15:36] Flushing DNS Resolver Cache, Please wait..... ----------------------------------------------------------------------------------------- [03/12/2012 12:15:36] Successfully flushed DNS Resolver Cache. [03/12/2012 12:15:36] Refreshing all DHCP leases and re-registering DNS names, Please wait..... [03/12/2012 12:15:36] Registration of the DNS resource records has been initiated. [03/12/2012 12:15:36] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes. [03/12/2012 12:15:36] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer. ----------------------------------------------------------------------------------------- [03/12/2012 12:15:36] You will need to reboot your computer before the settings will take effect. ----------------------------------------------------------------------------------------- [03/12/2012 12:15:59] Your computer is restarting now..... ----------------------------------------------------------------------------------------- deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableProxy deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9}\IpAutoconfigurationSeed added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer <completed> ComboFix 12.03.txt
  22. after running both programs I run ComboFix one more time and nothing has changed, it still says that it has found a rootkit ZeroAccess infection, but it doesn't remove it. When I try to launch the internet the screen flashes and dissapears. According to my cable network connection I'm connected. Here is the AdwCleaner log, and I've attached the new ComboFix log. # AdwCleaner v2.010 - Logfile created 12/01/2012 at 20:09:49 # Updated 29/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Mom - KOHLBECKS # Boot Mode : Normal # Running from : C:\Documents and Settings\Mom\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Maria\Application Data\Toolbar4 File Deleted : C:\Program Files\Mozilla Firefox\.autoreg File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder Folder Deleted : C:\Documents and Settings\Mom\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Mom\Application Data\searchquband Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\Ilivid Player Folder Deleted : C:\Program Files\AppGraffiti Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Iminent Folder Deleted : C:\Program Files\Viewpoint ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\Software\AskBarDis Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Bandoo Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10313 octets] - [01/12/2012 20:08:16] AdwCleaner[s1].txt - [10021 octets] - [01/12/2012 20:09:49] ########## EOF - C:\AdwCleaner[s1].txt - [10082 octets] ########## ComboFix 12.01.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.