[Recovering Windows XP files and Internet after removing Virus]

Thank you Mr, C. Here are the logs:

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 08:57:54

# Updated 16/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Mom - XXXXX

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Mom\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

File Deleted : C:\user.js

Folder Deleted : C:\Documents and Settings\Mom\Local

Settings\Application Data\Conduit

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted :

HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

Key Deleted : HKCU\Software\IB Updater

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet

Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted :

HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted :

HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201

Key Deleted : HKLM\Software\Conduit

Key Deleted :

HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted :

HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

Key Deleted : HKLM\Software\IB Updater

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions

[{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Mom\Local Settings\Application

Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage =

"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48",

Deleted [l.12] : urls_to_restore_on_startup = [

"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48"[...]

Deleted [l.320] : homepage =

"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48",

Deleted [l.534] : urls_to_restore_on_startup = [

"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48" ]

*************************

AdwCleaner[R2].txt - [2720 octets] - [18/12/2012 08:45:48]

AdwCleaner[R3].txt - [2782 octets] - [18/12/2012 08:48:02]

AdwCleaner[R4].txt - [2842 octets] - [18/12/2012 08:57:30]

AdwCleaner[s2].txt - [2680 octets] - [18/12/2012 08:57:54]

########## EOF - C:\AdwCleaner[s2].txt - [2740 octets] ##########

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 08:57:54

# Updated 16/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Mom - XXXXX

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

File Deleted : C:\user.js

Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\Conduit

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

Key Deleted : HKCU\Software\IB Updater

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

Key Deleted : HKLM\Software\IB Updater

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48",

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48"[...]

Deleted [l.320] : homepage = "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48",

Deleted [l.534] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48" ]

*************************

AdwCleaner[R2].txt - [2720 octets] - [18/12/2012 08:45:48]

AdwCleaner[R3].txt - [2782 octets] - [18/12/2012 08:48:02]

AdwCleaner[R4].txt - [2842 octets] - [18/12/2012 08:57:30]

AdwCleaner[s2].txt - [2680 octets] - [18/12/2012 08:57:54]

########## EOF - C:\AdwCleaner[s2].txt - [2740 octets] ##########

[Recovering Windows XP files and Internet after removing Virus]

OMG! please disregard my last post. You were just showing me how to disable the firewall.

ok, I got the same error message when installing MB.

[Recovering Windows XP files and Internet after removing Virus]

I'm not sure what happened here. The link that you game me took me to a page with instructions to disable the firewall, so I clicked on the tab to download and It downloaded a program call 'Free.Download Manager'. I got the same 0x80040154 on multiple screens. I also noticed that it changed my home page to 'search conduct.com.

[Recovering Windows XP files and Internet after removing Virus]

Windows Firewall

[Recovering Windows XP files and Internet after removing Virus]

I'm sorry, I forgot to answer the second question.

I don't have the Pro version of Malawarebytes yet. I'm waiting to get my PC clean because I don't want to enter any of my personal information.

[Recovering Windows XP files and Internet after removing Virus]

I downloaded Java 7 update 9 but it failed the test, so then I uploaded Java 6 update 38 as per your instructions.

[Recovering Windows XP files and Internet after removing Virus]

MrC,

I've started a new topic at the General Malwarebyte Anti-Malware forum, but they send me back to this forum. Please tell me how to proceed.

Thank you.

[Unable to download Malwarebytes Anti-Malware]

As I mentioned before, I have an open ticket at the Malware Removal (HijackThisLogs) and I was sent here to deal with the Malwarebytes Anti-Malware downloading issue.

[Unable to download Malwarebytes Anti-Malware]

Im getting the following error when downloading MBam: "CoCreateInstance failed; code 0x80040154 - Class not registered". This error comes up like on 5 different screens and the only option that works is to continue. The program will download, but the tools folder is empty. I have a ticket open with the hjt forum, and I was referred to this forum for help with this issue.

Here are the logs:

DDS (Ver_2012-11-07.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Mom at 17:25:46 on 2012-12-16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.514 [GMT -8:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\netdde.exe

C:\Program Files\EPSON\ESM2\eEBSVC.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre7\bin\jqs.exe

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349584314234

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353303973093

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9} : DHCPNameServer = 192.168.2.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-13 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-13 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-13 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-13 44808]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-24 54760]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-11-8 238952]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-11-8 36608]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 USB_RNDIS_51;USB Remote NDIS Y Network Device Driver;c:\windows\system32\drivers\usb8023.sys [2006-2-28 12800]

.

=============== Created Last 30 ================

.

2012-12-15 03:07:23 290304 ----a-w- C:\subinacl.exe

2012-12-15 03:03:57 -------- d-----w- C:\RegBackup

2012-12-15 02:47:13 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-12-14 19:05:27 -------- d-----w- c:\program files\Tweaking.com

2012-12-13 15:26:08 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-13 15:26:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-13 13:25:55 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-13 13:25:34 41224 ----a-w- c:\windows\avastSS.scr

2012-12-13 13:25:18 -------- d-----w- c:\program files\AVAST Software

2012-12-13 13:25:18 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-12-13 01:53:14 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8b9e1413-1c55-4c20-b06f-490101927819}\mpengine.dll

2012-12-12 17:50:02 -------- d-----w- c:\documents and settings\mom\local settings\application data\Sun

2012-12-12 17:39:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-10 04:10:38 -------- d-----w- c:\program files\Microsoft ATS

2012-12-09 03:57:01 -------- d-----w- c:\documents and settings\mom\application data\ElevatedDiagnostics

2012-12-04 09:01:44 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-12-04 09:01:44 -------- d-----w- c:\windows\system32\wbem\Repository

2012-12-03 20:27:16 -------- d-----w- c:\documents and settings\mom\application data\PerformerSoft

2012-11-30 08:33:04 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-11-30 08:25:12 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys

2012-11-22 02:25:40 -------- d-sha-r- C:\cmdcons

2012-11-20 00:36:44 -------- d-----w- c:\documents and settings\mom\local settings\application data\PCHealth

2012-11-19 01:02:33 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-11-18 08:27:26 -------- d-----w- c:\windows\PIF

2012-11-18 08:27:26 -------- d-----w- C:\Inetpub

.

==================== Find3M ====================

.

2012-12-13 15:25:46 746984 -c--a-w- c:\windows\system32\deployJava1.dll

2012-12-12 18:28:13 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 18:28:13 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-15 17:49:22 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 17:26:28.39 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/10/2007 11:56:43 AM

System Uptime: 12/16/2012 4:20:31 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | M61VME-S2

Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket M2 | 2209/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 279 GiB total, 268.055 GiB free.

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483550333233375732204C202020202020

Manufacturer: (Standard CD-ROM drives)

Name: PIONEER DVD-RW DVR-111D

PNP Device ID: IDE\CDROMPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483550333233375732204C202020202020

Service: cdrom

.

Class GUID:

Description:

Device ID: ROOT\LEGACY_SASKUTIL\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_SASKUTIL\0000

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: WAN Miniport (IPX)

Device ID: ROOT\MS_NDISWANIPX\0001

Manufacturer: Microsoft

Name: WAN Miniport (IPX) #2

PNP Device ID: ROOT\MS_NDISWANIPX\0001

Service: NdisWan

.

==== System Restore Points ===================

.

RP1: 12/16/2012 11:20:20 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader XI

avast! Free Antivirus

Control Center for KODAK Webcams

EPSON Status Monitor 2

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

HP Deskjet 1000 J110 series Product Improvement Study

Internet Explorer (Enable DEP)

Itibiti RTC

Java 7 Update 9

Java Auto Updater

Java 6 Update 38

Junk Mail filter update

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Automated Troubleshooting Services Shim

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

OpenOffice.org 3.3

Realtek High Definition Audio Driver

Samsung New PC Studio

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Segoe UI

Tweaking.com - Windows Repair (All in One)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

12/9/2012 9:31:38 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84c162c8, parameter3 84c166e0, parameter4 1a830001.

12/9/2012 8:00:49 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450).

12/16/2012 12:02:35 AM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 842e6000, parameter3 842e6418, parameter4 1a830000.

12/15/2012 11:24:46 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '09696709.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/14/2012 7:40:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/14/2012 7:40:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips MpFilter SBRE

12/14/2012 5:24:40 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84e87830, parameter3 84e87c48, parameter4 1a830001.

12/14/2012 1:15:57 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '40975672.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/13/2012 6:51:51 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '90022556.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/13/2012 6:07:03 AM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84505760, parameter3 84505b78, parameter4 1a830001.

12/13/2012 5:15:51 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the path specified.

12/12/2012 9:43:46 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

12/12/2012 9:18:57 AM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84aa4608, parameter3 84aa4a20, parameter4 1a830001.

12/12/2012 6:15:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

12/12/2012 6:15:25 PM, error: Microsoft Antimalware [1119] -

12/12/2012 6:12:42 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 3604 (0xE14).

12/12/2012 4:26:25 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84a7aa20, parameter3 84a7ae38, parameter4 1a830001.

12/12/2012 4:00:33 PM, error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).

12/12/2012 12:42:04 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 85f426e0, parameter3 85f42af8, parameter4 1a830001.

12/12/2012 12:41:46 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 84b9b608, parameter3 84b9ba20, parameter4 1a830001.

12/12/2012 12:00:32 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '93037758.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/12/2012 11:25:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/12/2012 11:23:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/12/2012 11:18:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/12/2012 11:07:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '22140061.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/12/2012 11:05:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips MpFilter SBRE

12/11/2012 12:26:37 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001A4D64E23B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

[Recovering Windows XP files and Internet after removing Virus]

I run mbam-clean.exe and then proceded to download Malwarebytes, but I got the same 'coinstance error 0x80040154'.

[Recovering Windows XP files and Internet after removing Virus]

What are the procedures for XP to dowload ziprunas?

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

[Recovering Windows XP files and Internet after removing Virus]

I'm so sorry Mr. C, I guess I'm so overwhelmed with all these issues that I'm not making any sense. I was just trying to explain to you all the issues that I'm still having with the computer to see if they are all related and asking for your guidance.

I was finally I able to download Java 6 update 38, but Java 7 is still not working.

[Recovering Windows XP files and Internet after removing Virus]

Mr. C,

Please excuse my ignorance, but i have not been able to download Java version 6 update 38. I've been trying to follow the instructions from the link that you have provided and I'm getting nowhere

I also wanted you to know that I was trying to install a fresh copy of Malwarebytes Anti-Malware and I'm getting the following error on about 5 different screens: "CoCreateInstance failed; code 0x80040154 Class not resgistered". I think that might have something to do with the tools folder being empty on my first installation.

My computer is still acting up, so I run ComboFix once again on safemode and got the same results Should I open a new ticket?

[Recovering Windows XP files and Internet after removing Virus]

Yes, I dowloaded and run JavaMSIFix.

[Recovering Windows XP files and Internet after removing Virus]

I deleted trojan.Alureon.E using Avast and a program call aswMBR. It was installed on a separate partition, so the program made the necesary adjustments to be able to delete that partition. I ran that program like three times, got rid of Microsoft Security Essentials, and installed Avast instead.

Here is the log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-13 04:30:56

-----------------------------

04:30:56.187 OS Version: Windows 5.1.2600 Service Pack 3

04:30:56.187 Number of processors: 2 586 0x4B02

04:30:56.187 ComputerName: XXXXXXX UserName: Mom

04:30:57.125 Initialize success

04:34:20.093 AVAST engine defs: 12121300

04:34:54.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

04:34:54.625 Disk 0 Vendor: ST3300620A 3.AAE Size: 286167MB BusType: 3

04:34:54.640 Disk 0 MBR read successfully

04:34:54.640 Disk 0 MBR scan

04:34:54.671 Disk 0 Windows XP default MBR code

04:34:54.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63

04:34:54.703 Disk 0 Partition 2 00 0E FAT16 LBA NTFS 7 MB offset 586051200

04:34:54.703 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]

04:34:54.703 Disk 0 MBR [sST] **ROOTKIT**

04:34:54.703 Disk 0 trace - called modules:

04:34:54.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

04:34:54.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8602eab8]

04:34:54.703 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000066[0x85f949e8]

04:34:54.703 5 ACPI.sys[f7330620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85fae940]

04:34:55.140 AVAST engine scan C:\WINDOWS

04:35:06.703 AVAST engine scan C:\WINDOWS\system32

04:37:36.859 AVAST engine scan C:\WINDOWS\system32\drivers

04:37:53.531 AVAST engine scan C:\Documents and Settings\Mom

04:39:48.734 AVAST engine scan C:\Documents and Settings\All Users

04:40:07.343 Verifying

04:40:17.343 Disk 0 Windows 501 MBR fixed successfully

04:40:21.062 Scan finished successfully

04:40:50.484 Disk 0 MBR read successfully

04:40:50.484 Verifying disinfection

04:41:07.046 Disinfection error

04:41:14.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mom\Desktop\MBR.dat"

04:41:14.968 The log file has been saved successfully to "C:\Documents and Settings\Mom\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-13 04:51:44

-----------------------------

04:51:44.828 OS Version: Windows 5.1.2600 Service Pack 3

04:51:44.828 Number of processors: 2 586 0x4B02

04:51:44.828 ComputerName: XXXXXXX UserName: Mom

04:51:45.375 Initialize success

04:52:03.640 AVAST engine defs: 12121300

04:52:36.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

04:52:36.421 Disk 0 Vendor: ST3300620A 3.AAE Size: 286167MB BusType: 3

04:52:36.437 Disk 0 MBR read successfully

04:52:36.437 Disk 0 MBR scan

04:52:36.484 Disk 0 Windows XP default MBR code

04:52:36.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63

04:52:36.500 Disk 0 Partition 2 00 0E FAT16 LBA NTFS 7 MB offset 586051200

04:52:36.500 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]

04:52:36.500 Disk 0 MBR [sST] **ROOTKIT**

04:52:36.500 Disk 0 trace - called modules:

04:52:36.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

04:52:36.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86074ab8]

04:52:36.515 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000066[0x8607a9e8]

04:52:36.515 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85fb2d98]

04:52:36.953 AVAST engine scan C:\WINDOWS

04:52:50.703 AVAST engine scan C:\WINDOWS\system32

04:55:22.890 AVAST engine scan C:\WINDOWS\system32\drivers

04:55:38.921 AVAST engine scan C:\Documents and Settings\Mom

04:57:25.859 AVAST engine scan C:\Documents and Settings\All Users

04:57:50.484 Scan finished successfully

05:05:22.515 Disk 0 MBR read successfully

05:05:22.515 Verifying disinfection

05:05:38.718 Disinfection error

05:05:46.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mom\Desktop\MBR.dat"

05:05:46.312 The log file has been saved successfully to "C:\Documents and Settings\Mom\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-13 05:06:57

-----------------------------

05:06:57.343 OS Version: Windows 5.1.2600 Service Pack 3

05:06:57.343 Number of processors: 2 586 0x4B02

05:06:57.343 ComputerName: XXXXXX UserName: Mom

05:06:57.937 Initialize success

05:07:09.484 AVAST engine defs: 12121300

05:07:52.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

05:07:52.640 Disk 0 Vendor: ST3300620A 3.AAE Size: 286167MB BusType: 3

05:07:52.656 Disk 0 MBR read successfully

05:07:52.656 Disk 0 MBR scan

05:07:52.687 Disk 0 Windows XP default MBR code

05:07:52.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63

05:07:52.703 Disk 0 scanning sectors +586051200

05:07:52.796 Disk 0 scanning C:\WINDOWS\system32\drivers

05:08:00.703 Service scanning

05:08:11.937 Modules scanning

05:08:19.406 Disk 0 trace - called modules:

05:08:19.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

05:08:19.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86074ab8]

05:08:19.437 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000066[0x8607a9e8]

05:08:19.437 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85fb2d98]

05:08:20.109 AVAST engine scan C:\WINDOWS

05:08:35.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mom\Desktop\MBR.dat"

05:08:35.593 The log file has been saved successfully to "C:\Documents and Settings\Mom\Desktop\aswMBR.txt"

P.S. I still was not able to download Java after following your instructions

[Recovering Windows XP files and Internet after removing Virus]

I would like to thank you for your time and patience with me, I've been so frustrated with this "lovely" computer that I have not taken the time to show any appreciation for all that you have already accomplish. The computer is running real good compare to how it was. I downloaded Security Essentials again, and now it detected a trojan.Alureon.E GRRRRRRRRRRR! This is driving me to drinking!

I've run a new copy of ComboFix, and I'm still getting the same results

At this point, do you think I'm better off re-formating the hard drive and starting fresh? I would hate to do that, since I don't even have the set-up disks, and everything else seems to be working great. Please advice

[Recovering Windows XP files and Internet after removing Virus]

I've uninstalled Java successfully, but I have not been able to install it back. After it has finished installing It, I clicked on the link to test the installation but it doesn't work. I've uninstalled and re-installed it several times, but it's not working.

As far as Adove goes, it's telling me that it cannot find any updates available. I have not performed the other steps because I'm not sure if you wanted me to do them in the same order as they are listed.

[Recovering Windows XP files and Internet after removing Virus]

Here is the log:

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 26

Java 6 Update 22

Java 6 Update 2

Java 6 Update 3

Java 6 Update 4

Java 6 Update 5

Java 6 Update 7

Java version out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 3%

````````````````````End of Log``````````````````````

[Recovering Windows XP files and Internet after removing Virus]

Ok, i'll be waiting patiently. Please get that ComboFix out of my dreams :-)

[Recovering Windows XP files and Internet after removing Virus]

Yes, the same two messages. The first one says that i'm infected with rootkit.ZeroAccess, and the second one says that Rootkit was found and that it has to reboot.

[Recovering Windows XP files and Internet after removing Virus]

Only one of those entries came up when I run roguekiller again andOI deleted it. As you can see on this log it found something else, but I left it alone. The computer is running ok, sometimes when I restart it would give me some Windows errors. Like I've said before, I'm not using the internet until I know for sure that it's not infected. I downloaded the Malwarebytes Anti-Malware program again, but I can't get it to go on protection mode. I would like to buy the Pro version as soon as it is safe to pay for something online. Here is a new roguekiller report:

RogueKiller V8.3.1 [Dec 5 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Mom [Admin rights]

Mode : Scan -- Date : 12/05/2012 23:40:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[RUN][sUSP PATH] HKUS\S-1-5-21-842925246-1364589140-725345543-1003[...]\Run : DW6 ("C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3300620A +++++

--- User ---

[MBR] 79df028273a97584cfb60176d9b2ee54

[bSP] 3f903f77b0b0c3317501e155942ab72e : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286157 Mo

1 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 586051200 | Size: 7 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[20]_S_12052012_02d2340.txt >>

RKreport[10]_S_11292012_02d1325.txt ; RKreport[11]_D_11292012_02d1327.txt ; RKreport[12]_S_12012012_02d2152.txt ; RKreport[13]_S_12032012_02d1702.txt ; RKreport[14]_S_12042012_02d1332.txt ;

RKreport[15]_S_12042012_02d1915.txt ; RKreport[16]_S_12052012_02d2321.txt ; RKreport[17]_D_12052012_02d2325.txt ; RKreport[18]_D_12052012_02d2327.txt ; RKreport[19]_S_12052012_02d2329.txt ;

RKreport[1]_S_11222012_02d0149.txt ; RKreport[20]_S_12052012_02d2340.txt ; RKreport[2]_S_11272012_02d1635.txt ; RKreport[3]_H_11272012_02d1638.txt ; RKreport[4]_PR_11272012_02d1639.txt ;

RKreport[5]_DN_11272012_02d1639.txt ; RKreport[6]_SC_11272012_02d1641.txt ; RKreport[7]_S_11272012_02d2008.txt ; RKreport[8]_S_11272012_02d2202.txt ; RKreport[9]_S_11282012_02d1914.txt

[Recovering Windows XP files and Internet after removing Virus]

All that I know about ComboFix is that I've been seeing that program run in my dreams now...he..he..

Here are all three logs, and I'm including a new one from ComboFix:

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Mom [Admin rights]

Mode : Scan -- Date : 12/04/2012 19:15:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3300620A +++++

--- User ---

[MBR] 79df028273a97584cfb60176d9b2ee54

[bSP] 3f903f77b0b0c3317501e155942ab72e : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286157 Mo

1 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 586051200 | Size: 7 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[15]_S_12042012_02d1915.txt >>

RKreport[10]_S_11292012_02d1325.txt ; RKreport[11]_D_11292012_02d1327.txt ; RKreport[12]_S_12012012_02d2152.txt ; RKreport[13]_S_12032012_02d1702.txt ; RKreport[14]_S_12042012_02d1332.txt ;

RKreport[15]_S_12042012_02d1915.txt ; RKreport[1]_S_11222012_02d0149.txt ; RKreport[2]_S_11272012_02d1635.txt ; RKreport[3]_H_11272012_02d1638.txt ; RKreport[4]_PR_11272012_02d1639.txt ;

RKreport[5]_DN_11272012_02d1639.txt ; RKreport[6]_SC_11272012_02d1641.txt ; RKreport[7]_S_11272012_02d2008.txt ; RKreport[8]_S_11272012_02d2202.txt ; RKreport[9]_S_11282012_02d1914.txt

mbar-log-2012-12-04 (19-42-49).txt

ComboFix 12.04.2.txt

TDSSKiller.2.8.15.0_29.11.2012_23.28.50_log.txt

[Recovering Windows XP files and Internet after removing Virus]

ok, that did it. I'm able to launch the internet now, but according to ComboFix I'm still infected with Rootkit.ZeroAccess. I'm affraid to use the internet since that virus is still there and my personal information is not protected. Most of the icons on my programs list on the start menu are empty, so they don't work. I've followed the procedures to remove ComboFix, downloaded a fresh copy, but the only way as I can get it to produce a report is running it on safemode. Here is the log:

ComboFix 12-12-02.01 - Mom 12/04/2012 1:10.26.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.785 [GMT -8:00]

Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\roboot.exe

.

Infected copy of c:\windows\system32\drivers\swmidi.sys was found and disinfected

Restored copy from - The cat found it

.

((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))

.

.

2012-12-04 09:01 . 2012-12-04 09:01 -------- d-----w- c:\windows\system32\wbem\Repository

2012-12-04 00:08 . 2012-12-04 00:08 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-12-03 20:27 . 2012-12-04 01:28 -------- d-----w- c:\documents and settings\Mom\Application Data\PerformerSoft

2012-12-03 20:24 . 2012-12-03 20:24 447 ----a-w- C:\user.js

2012-12-03 02:09 . 2012-12-03 02:09 -------- d-----w- C:\Fix

2012-11-30 08:33 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-11-30 08:25 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys

2012-11-20 00:36 . 2012-11-20 00:36 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\PCHealth

2012-11-19 01:02 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-11-18 08:27 . 2012-11-18 08:27 -------- d-----w- c:\windows\PIF

2012-11-18 08:27 . 2012-11-18 08:27 -------- d-----w- C:\Inetpub

2012-11-17 22:35 . 2012-11-17 22:35 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes

2012-11-17 22:34 . 2012-11-17 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-11-17 22:34 . 2012-12-04 07:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-17 22:34 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-15 17:47 . 2012-11-15 17:47 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-15 08:32 . 2012-11-15 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro

2012-11-15 08:23 . 2012-11-15 08:23 -------- d-----w- c:\documents and settings\Mom\Application Data\FCTB000100567

2012-11-15 08:21 . 2012-11-15 16:48 -------- d-----w- c:\documents and settings\Mom\Application Data\Yahoo!

2012-11-14 17:39 . 2012-11-14 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\90A8C4FBA62688B4000090A834578CCF

2012-11-14 16:48 . 2012-11-14 16:48 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{283AE813-6F90-47F6-A9EE-6C1CE2E6A842}\offreg.dll

2012-11-14 16:39 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{283AE813-6F90-47F6-A9EE-6C1CE2E6A842}\mpengine.dll

2012-11-08 19:44 . 2010-07-05 03:07 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe

2012-11-08 19:44 . 2010-06-14 17:32 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2012-11-08 19:44 . 2010-06-14 17:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2012-11-08 19:44 . 2012-11-08 19:44 -------- d-----w- c:\documents and settings\Mom\Application Data\Samsung

2012-11-08 19:43 . 2012-11-08 19:43 -------- d-----w- c:\program files\MarkAny

2012-11-08 19:34 . 2012-11-08 19:34 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Downloaded Installations

2012-11-08 19:24 . 2012-11-08 19:42 -------- d-----w- c:\program files\SAMSUNG

2012-11-08 19:23 . 2012-11-08 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-15 17:49 . 2007-06-10 11:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2012-10-22 08:37 . 2006-02-28 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-12 05:56 . 2011-12-30 15:48 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-02 18:04 . 2006-02-28 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2006-08-16 1617920]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760]

"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]

"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\Mom\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - [N/A]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk

backup=c:\windows\pss\PalTalk.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017

.

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [11/8/2012 11:44 AM 238952]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/17/2012 2:34 PM 399432]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/17/2012 2:34 PM 676936]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [11/8/2012 11:44 AM 36608]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/3/2012 4:08 PM 35144]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/17/2012 2:34 PM 22856]

S3 USB_RNDIS_51;USB Remote NDIS Y Network Device Driver;c:\windows\system32\drivers\usb8023.sys [2/28/2006 4:00 AM 12800]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-46729648.sys

SafeBoot-94686418.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-04 01:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1156)

c:\windows\system32\WININET.dll

.

Completion time: 2012-12-04 01:19:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-04 09:19

.

Pre-Run: 286,421,213,184 bytes free

Post-Run: 286,479,024,128 bytes free

.

- - End Of File - - 6FD9B528558D4923D661446BCC6591CC

[Recovering Windows XP files and Internet after removing Virus]

I've downloaded a fresh copy of ComboFix and I've notice that now it created a folder on my C drive, the new log is attached.

I still cannot launch the internet after running the Internet Repair program. The screen flashes and dissapears.

As far as the Softnonic connection program I was not able to download it as it gave me a message saying that the Windows Installer service cound not be accessed, but it downloaded some program call PCP_Claro.exe which after running it said that it had found 7thousand something files or entries that were wrong. I just exit it because it was sayng that I had to purshase the full version in order to fix my computer.

Here are the logs for the Internet Repair programt:

./

(o o)

--------------------------------------oOOo-(_)-oOOo--------------------------------------

[03/12/2012 12:15:25] Resetting all TCP/IP Interfaces, Please wait.....

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:27] TCP/IP Stack reset successful.

[03/12/2012 12:15:27] TCP/IP Reset log located @ [C:\Documents and Settings\Mom\Desktop\Complete Internet Repair\Logging\CIRReset.log]

[03/12/2012 12:15:28] TCP/IP interfaces reset successful.

[03/12/2012 12:15:29] The TCP/IP v6 protocol might not be installed.

[03/12/2012 12:15:29] Click on 'Commands' then 'Install IP6 protocol' to install TCP/IP v6.

[03/12/2012 12:15:29] You may need to restart your computer for the settings to take effect.

[03/12/2012 12:15:29] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:29] Attempting to reset Winsock catalog, Please wait.....

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:32] Successfully reset the Winsock Catalog.

[03/12/2012 12:15:32] Finished repairing Winsock

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:32] Releasing TCP/IP connections, Please wait.....

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:32] Successfully released TCP/IP connections.

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:32] Renewing TCP/IP connections, Please wait.....

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:35] Successfully renewed TCP/IP adapters.

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:35] Configuring the Windows Event Log Service, Please wait.....

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:36] Windows Event Log Service Configured.

[03/12/2012 12:15:36] Starting the Windows Event Log Service.....

[03/12/2012 12:15:36] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:36] Flushing DNS Resolver Cache, Please wait.....

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:36] Successfully flushed DNS Resolver Cache.

[03/12/2012 12:15:36] Refreshing all DHCP leases and re-registering DNS names, Please wait.....

[03/12/2012 12:15:36] Registration of the DNS resource records has been initiated.

[03/12/2012 12:15:36] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.

[03/12/2012 12:15:36] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:36] You will need to reboot your computer before the settings will take effect.

-----------------------------------------------------------------------------------------

[03/12/2012 12:15:59] Your computer is restarting now.....

-----------------------------------------------------------------------------------------

deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableProxy

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9}\IpAutoconfigurationAddress

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9}\IpAutoconfigurationMask

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B98034A1-5DAE-483B-BF90-424FFBCCF7F9}\IpAutoconfigurationSeed

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer

<completed>

ComboFix 12.03.txt

[Recovering Windows XP files and Internet after removing Virus]

after running both programs I run ComboFix one more time and nothing has changed, it still says that it has found a rootkit ZeroAccess infection, but it doesn't remove it. When I try to launch the internet the screen flashes and dissapears. According to my cable network connection I'm connected. Here is the AdwCleaner log, and I've attached the new ComboFix log.

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 20:09:49

# Updated 29/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Mom - KOHLBECKS

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Maria\Application Data\Toolbar4

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder

Folder Deleted : C:\Documents and Settings\Mom\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\Mom\Application Data\searchquband

Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\Ilivid Player

Folder Deleted : C:\Program Files\AppGraffiti

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Iminent

Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\Software\AskBarDis

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Bandoo

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10313 octets] - [01/12/2012 20:08:16]

AdwCleaner[s1].txt - [10021 octets] - [01/12/2012 20:09:49]

########## EOF - C:\AdwCleaner[s1].txt - [10082 octets] ##########

ComboFix 12.01.txt