Malwarebytes - Install CoCreateInstance failed

[boweasel]

I have an older Dell laptop that runs XP Pro SP3 on a 32 bit system that I'm trying to clean up for a relative.

 

I got rid of all the favorites easily enough, but when I try to create a new favorite in IE8 I get the message, Unable to create _______.  IE8 favorites class not registered.

 

I figured some sort of malware was the culprit so I downloaded Malwarebytes 1.75.0.1300 setup file to the desktop and installed.  Immediately after the green dots hit the 100% mark on the install bar I got the msg, Install CoCreateInstance failed.  code 0x80040154.  Class not registered. 

 

I saw other users of this forum have had these sort of problems, but the responder always seemed to stress that the poster follow his instructions implicitly, and that he wanted the logs for certain applications, so I've tried nothing else. 

 

It certainly seems obvious that the 2 'class not registered' errors are related, but I await expert help. 

 

Thank you.

[boweasel]

Here's the 2 DDS logs

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Mike2 at 21:58:57 on 2013-07-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.509 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.3.0.11\AVG Secure Search_toolbar.dll

BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.3.0.11\AVG Secure Search_toolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: NameServer = 192.168.254.254

TCP: Interfaces\{D77E373E-BE26-4BD2-84F5-DA36F51F5A60} : DHCPNameServer = 192.168.254.254

Handler: AutorunsDisabled - <Clsid value has no data>

Notify: igfxcui - igfxdev.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-31 195296]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-21 37664]

R1 MpKslb85e97de;MpKslb85e97de;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{048d07be-0875-4667-93fc-607c2dc3a4a1}\MpKslb85e97de.sys [2013-7-11 29904]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-11 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-3-15 10112]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-10-16 10496]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]

S4 Browser Manager;Browser Manager;c:\documents and settings\all users\application data\browser manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2013-6-3 3085264]

S4 cerc6;cerc6; [x]

S4 QuotationCafe_45Service;QuotationCafeService;c:\progra~1\quotat~2\bar\1.bin\45barsvc.exe [2013-4-5 42504]

S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-30 38608]

S4 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\ToolbarUpdater.exe [2013-7-5 1598128]

.

=============== File Associations ===============

.

ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE

.

=============== Created Last 30 ================

.

2013-07-12 00:44:46 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{048d07be-0875-4667-93fc-607c2dc3a4a1}\offreg.dll

2013-07-12 00:44:46 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{048d07be-0875-4667-93fc-607c2dc3a4a1}\MpKslb85e97de.sys

2013-07-12 00:41:07 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{048d07be-0875-4667-93fc-607c2dc3a4a1}\mpengine.dll

2013-07-11 22:53:23 -------- d-----w- c:\documents and settings\mike2\application data\Malwarebytes

2013-07-11 21:57:20 -------- d-----w- c:\documents and settings\mike2\local settings\application data\AVG Secure Search

2013-07-11 21:56:59 -------- d-sh--w- c:\documents and settings\mike2\PrivacIE

2013-07-11 21:56:54 -------- d-----w- c:\documents and settings\mike2\application data\AVG Secure Search

2013-07-11 21:56:44 -------- d-----w- c:\documents and settings\mike2\application data\RealNetworks

2013-07-11 21:56:40 -------- d-sh--w- c:\documents and settings\mike2\IETldCache

2013-07-11 07:24:20 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-07-11 06:46:34 -------- d-sha-r- C:\cmdcons

2013-07-11 06:43:42 98816 ----a-w- c:\windows\sed.exe

2013-07-11 06:43:42 256000 ----a-w- c:\windows\PEV.exe

2013-07-11 06:43:42 208896 ----a-w- c:\windows\MBR.exe

2013-07-11 05:01:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-07-11 04:44:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-07-11 04:44:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-11 04:44:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-11 04:14:28 -------- d-----w- c:\windows\pss

2013-07-02 13:57:31 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe

.

==================== Find3M ====================

.

2013-07-11 04:13:57 10496 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2013-07-06 03:52:50 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-06-08 06:55:44 385024 ------w- c:\windows\system32\html.iec

2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll

2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll

2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys

2013-06-03 05:25:03 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-03 05:25:03 692104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-09 07:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll

2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 21:59:36.15 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/23/2012 10:32:54 PM

System Uptime: 7/11/2013 8:34:06 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0NF743

Processor: Intel® Core2 CPU T5600 @ 1.83GHz | Microprocessor | 1828/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 56.948 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: IDT High Definition Audio CODEC

Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801D4&REV_1022\4&346F9A3C&0&0001

Manufacturer: IDT

Name: IDT High Definition Audio CODEC

PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801D4&REV_1022\4&346F9A3C&0&0001

Service: STHDA

.

Class GUID:

Description:

Device ID: ROOT\LEGACY_SASKUTIL\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_SASKUTIL\0000

Service:

.

==== System Restore Points ===================

.

RP398: 4/13/2013 6:11:12 PM - System Checkpoint

RP399: 4/14/2013 5:01:29 AM - Software Distribution Service 3.0

RP400: 4/14/2013 2:30:55 PM - Software Distribution Service 3.0

RP401: 4/15/2013 4:20:44 PM - Software Distribution Service 3.0

RP402: 4/16/2013 6:24:51 PM - Software Distribution Service 3.0

RP403: 4/17/2013 6:28:01 PM - System Checkpoint

RP404: 4/18/2013 9:28:20 AM - Software Distribution Service 3.0

RP405: 4/19/2013 9:29:33 AM - Software Distribution Service 3.0

RP406: 4/20/2013 9:29:23 AM - Software Distribution Service 3.0

RP407: 4/21/2013 5:27:04 AM - Software Distribution Service 3.0

RP408: 4/21/2013 9:30:34 AM - Software Distribution Service 3.0

RP409: 4/22/2013 9:28:44 AM - Software Distribution Service 3.0

RP410: 4/23/2013 10:46:20 AM - System Checkpoint

RP411: 4/23/2013 7:02:16 PM - Software Distribution Service 3.0

RP412: 4/25/2013 11:22:56 AM - Software Distribution Service 3.0

RP413: 4/26/2013 1:20:11 PM - Software Distribution Service 3.0

RP414: 4/27/2013 10:45:30 PM - Software Distribution Service 3.0

RP415: 4/28/2013 5:25:11 AM - Software Distribution Service 3.0

RP416: 4/29/2013 6:01:16 AM - System Checkpoint

RP417: 4/30/2013 4:23:40 AM - Software Distribution Service 3.0

RP418: 5/1/2013 4:23:24 AM - Software Distribution Service 3.0

RP419: 5/2/2013 5:42:33 AM - System Checkpoint

RP420: 5/2/2013 12:26:51 PM - Software Distribution Service 3.0

RP421: 5/3/2013 12:26:48 PM - Software Distribution Service 3.0

RP422: 5/4/2013 12:27:45 PM - Software Distribution Service 3.0

RP423: 5/5/2013 5:09:26 AM - Software Distribution Service 3.0

RP424: 5/5/2013 12:27:30 PM - Software Distribution Service 3.0

RP425: 5/6/2013 12:56:39 PM - System Checkpoint

RP426: 5/6/2013 5:52:18 PM - Software Distribution Service 3.0

RP427: 5/7/2013 6:36:50 PM - System Checkpoint

RP428: 5/7/2013 9:25:15 PM - Software Distribution Service 3.0

RP429: 5/8/2013 9:15:10 PM - Software Distribution Service 3.0

RP430: 5/9/2013 9:21:37 PM - System Checkpoint

RP431: 5/10/2013 3:34:08 AM - Software Distribution Service 3.0

RP432: 5/10/2013 5:14:40 AM - Installed Driver Detective.

RP433: 5/10/2013 5:18:50 AM - Installed Driver Detective.

RP434: 5/11/2013 6:03:59 AM - System Checkpoint

RP435: 5/11/2013 9:16:27 AM - Software Distribution Service 3.0

RP436: 5/12/2013 5:20:11 AM - Software Distribution Service 3.0

RP437: 5/13/2013 6:00:13 AM - System Checkpoint

RP438: 5/13/2013 11:26:21 AM - Software Distribution Service 3.0

RP439: 5/14/2013 11:42:17 AM - System Checkpoint

RP440: 5/14/2013 3:52:48 PM - Software Distribution Service 3.0

RP441: 5/15/2013 4:14:54 PM - Software Distribution Service 3.0

RP442: 5/16/2013 4:17:04 PM - Software Distribution Service 3.0

RP443: 5/17/2013 4:49:33 PM - Software Distribution Service 3.0

RP444: 5/18/2013 5:06:10 PM - System Checkpoint

RP445: 5/19/2013 10:34:12 AM - Software Distribution Service 3.0

RP446: 5/20/2013 11:28:49 AM - System Checkpoint

RP447: 5/20/2013 10:14:32 PM - Software Distribution Service 3.0

RP448: 5/22/2013 9:48:59 AM - Software Distribution Service 3.0

RP449: 5/23/2013 9:59:44 AM - System Checkpoint

RP450: 5/23/2013 3:39:22 PM - Software Distribution Service 3.0

RP451: 5/24/2013 4:20:40 PM - Software Distribution Service 3.0

RP452: 5/26/2013 8:21:35 AM - Software Distribution Service 3.0

RP453: 5/27/2013 9:10:05 AM - System Checkpoint

RP454: 5/28/2013 12:29:28 PM - Software Distribution Service 3.0

RP455: 5/29/2013 1:27:56 PM - System Checkpoint

RP456: 5/30/2013 4:01:56 AM - Software Distribution Service 3.0

RP457: 5/31/2013 4:02:37 PM - Software Distribution Service 3.0

RP458: 6/1/2013 4:20:30 PM - System Checkpoint

RP459: 6/2/2013 4:44:36 AM - Software Distribution Service 3.0

RP460: 6/2/2013 10:17:42 AM - Software Distribution Service 3.0

RP461: 6/3/2013 6:00:26 AM - Software Distribution Service 3.0

RP462: 6/4/2013 5:10:44 AM - Software Distribution Service 3.0

RP463: 6/5/2013 8:27:15 AM - Software Distribution Service 3.0

RP464: 6/6/2013 10:33:11 AM - System Checkpoint

RP465: 6/6/2013 10:49:17 PM - Software Distribution Service 3.0

RP466: 6/8/2013 12:02:19 AM - System Checkpoint

RP467: 6/8/2013 9:08:18 AM - Software Distribution Service 3.0

RP468: 6/9/2013 5:23:22 AM - Software Distribution Service 3.0

RP469: 6/9/2013 9:08:24 AM - Software Distribution Service 3.0

RP470: 6/11/2013 12:38:01 PM - Software Distribution Service 3.0

RP471: 6/12/2013 1:22:27 PM - System Checkpoint

RP472: 6/15/2013 12:08:27 AM - Software Distribution Service 3.0

RP473: 7/2/2013 9:56:47 AM - Software Distribution Service 3.0

RP474: 7/2/2013 12:51:42 PM - Software Distribution Service 3.0

RP475: 7/9/2013 4:55:03 PM - Software Distribution Service 3.0

RP476: 7/11/2013 12:13:34 AM - Software Distribution Service 3.0

RP477: 7/11/2013 2:37:45 AM - Software Distribution Service 3.0

RP478: 7/11/2013 3:13:39 AM - Removed BabylonObjectInstaller

RP479: 7/11/2013 3:18:11 AM - Removed SlimDrivers

RP480: 7/11/2013 3:53:25 AM - Software Distribution Service 3.0

RP481: 7/11/2013 8:40:58 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Auslogics Disk Defrag

AVG Security Toolbar

Broadcom 440x 10/100 Integrated Controller

Browser Manager

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

CWA Reminder by We-Care.com v4.1.18.3

Driver Detective

DriverTuner 3.1.0.0

DriverUpdate

DW WLAN Card Utility

FreePriceAlerts 2.3.5

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Intel® Graphics Media Accelerator Driver

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office XP Professional with FrontPage

Microsoft Security Client

Microsoft Security Essentials

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSN

NetAssistant

PDFlite 0.7

QuotationCafe Toolbar

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

RealUpgrade 1.1

RedMon - Redirection Port Monitor

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2838727)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Setup Support for WeCare 1.0

SigmaTel Audio

The Weather Channel App

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

.

==== Event Viewer Messages From Past Week ========

.

7/11/2013 3:31:42 AM, error: Service Control Manager [7023] - The Client Service for NetWare service terminated with the following error: The redirector is in use and cannot be unloaded.

7/11/2013 2:47:38 AM, error: Service Control Manager [7034] - The DW WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

7/11/2013 2:26:38 AM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).

7/11/2013 2:26:38 AM, error: Service Control Manager [7022] - The Audio Service service hung on starting.

7/11/2013 12:42:31 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.

7/11/2013 12:24:00 AM, error: Dhcp [1002] - The IP address lease 10.0.0.4 for the Network Card with network address 00197D8CB7E9 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).

7/11/2013 12:21:59 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.1623.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2013 1:10:11 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.1623.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2013 1:10:11 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.1623.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2013 1:10:11 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.1623.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2013 1:02:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMDS\0000 disappeared from the system without first being prepared for removal.

7/11/2013 1:02:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SRTSPX\0000 disappeared from the system without first being prepared for removal.

7/11/2013 1:02:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_NAVEX15\0000 disappeared from the system without first being prepared for removal.

7/11/2013 1:02:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_NAVENG\0000 disappeared from the system without first being prepared for removal.

7/11/2013 1:02:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_IDSXPX86\0000 disappeared from the system without first being prepared for removal.

7/11/2013 1:02:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_CCSET_NIS\0000 disappeared from the system without first being prepared for removal.

7/11/2013 1:02:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_BHDRVX86\0000 disappeared from the system without first being prepared for removal.

7/11/2013 1:00:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

.

==== End Of File ===========================

[AdvancedSetup]

Hello and

Please run the following and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.
• Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

  STEP 02

  Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  STEP 03

  Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
  STEP 04

  Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
  STEP 05

  

  Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

[boweasel]

While installing Erunt I got the same CoCreateInstance failed. code 0x80040154 error. It did not create any desktop icons, although it did appear to backup the registry.

However, I’m going to create a restore point just to be on he safe side

The Malwarebytes Anti-Rootkit completed. I only ran it once because I got the msg

Congratulations, no cleanup is required!

Scan Finished: No malware found!

Since there was no cleanup, there are no logs to post.

I'll complete steps 3, 4 and 5 tomorrow. It's 3:23 AM here.

And thanks....

And by the way, if it's any help to you, I cannot run shortcuts from my desktop. I have to right click Internet Explorer or Firefox and then left click Open to get them to run. Non-shortcuts work just fine - the executable for erunt, the mbam setup, the zip files, the extracted folders, etc. Just the shortcuts that don't work.

And, most annoyingly, despite the fact that I've set the taskbar to display Quick Launch, it does not display. No idea if any of this is helpful or not...

[AdvancedSetup]

Okay no problem.  Please go ahead and run those other tools and post back the logs.

 

Thanks

[boweasel]

The JRT took less than 5 minutes to complete. Log is attached

JRT.txt

[boweasel]

ADW Cleaner Log attachment

AdwCleanerS2.txt

[boweasel]

ESET Log attachment

ESET.txt

[AdvancedSetup]

Please delete the following files listed by ESET

 

C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\7zip_installer_d161680.exe    a variant of Win32/InstallIQ.A application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\AnySendSetup.exe    a variant of Win32/InstallCore.BB application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\ARO2013_tbt(1).exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\ARO2013_tbt.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\installer_internet_explorer_English.exe    a variant of Win32/Vittalia.D application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\mixxx-setup.exe    multiple threats
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\Setup(1).exe    a variant of Win32/ExFriendAlert.B application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\Setup.exe    a variant of Win32/ExFriendAlert.B application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\VideoConverterSetup(1).exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\VideoConverterSetup(2).exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\VideoConverterSetup(3).exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\VideoConverterSetup(4).exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\VideoConverterSetup.exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\Desktop\Mike\My Documents\Downloads\WinZipDriverUpdater.exe    a variant of Win32/OpenInstall application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\7zip_installer_d161680.exe    a variant of Win32/InstallIQ.A application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\AnySendSetup.exe    a variant of Win32/InstallCore.BB application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\ARO2013_tbt(1).exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\ARO2013_tbt.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\installer_internet_explorer_English.exe    a variant of Win32/Vittalia.D application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\mixxx-setup.exe    multiple threats
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\Setup(1).exe    a variant of Win32/ExFriendAlert.B application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\Setup.exe    a variant of Win32/ExFriendAlert.B application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\VideoConverterSetup(1).exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\VideoConverterSetup(2).exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\VideoConverterSetup(3).exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\VideoConverterSetup(4).exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\VideoConverterSetup.exe    a variant of Win32/InstallCore.BA application
C:\Documents and Settings\Mike2\My Documents\Mike\My Documents\Downloads\WinZipDriverUpdater.exe    a variant of Win32/OpenInstall application

 

Then run the following.

 

1. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
2. NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
3. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
4. Shutdown your antivirus to avoid any conflicts while scanning.
5. Once the scans have completed please re-enable your antivirus.
6. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
7. If needed you can also temporarily disable it from starting with Windows
8. Temporarily turn off any other security add-ons or applications you may also have.
9. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
10. If it does not have a Digital Signature then do not run it.
11. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
12. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
13. Click on the Yes button to start the installer.
14. Click OK to scan your computer in the Enhanced Protection Mode
15. Click on the check box to agree to participate in their software improvement program.
16. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
17. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
18. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
19. Then click on the Start scanning button.
20. If a threat is found you can click on the Action column in the program.
21. Your options will be Cure or Ignore
22. If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
23. Then click on the Neutralize button.
24. Once completed click on the green Open Report link. It will open the report in NOTEPAD
25. Save the report to your desktop. The report will be called Cureit.log
26. Close Dr.Web Cureit!
27. Reboot your computer to allow files that were in use to be moved/deleted during reboot.
28. After reboot, attach the log Cureit.log you saved previously in your next reply.
29. Re-Enable your antivirus and other security programs when all done.
    

 

[boweasel]

No threats detected on the Dr.Web CureIt! scan

[AdvancedSetup]

You may have corrupted files on your disk.  Please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

Then try the following again.  MBAM Clean Removal Process

 

Let me know how that goes.

 

 

 

[boweasel]

The chdsk utility didn't seem to detect any bad areas or clusters

Unless I skipped a step somewhere, this was the first time you asked me to run the Malwarebytes uninstall utility. It did successfully complete.

I know that the chkdsk logs are somewhere in the event viewer. While looking for it, I went .to the Control Panel. I can open Administrative Tools with the mouse, but Event Viewer will not open that way (because it's a shortcut, and this #$%@*ing laptop won't let me open shortcuts). But I can right click the viewer and left click open. The Application logs show 6 red errors on the first page. All are from yesterday and today. The source for 4 of them is STacSV, the other 2 are MPSampleSubmission. I am unable to open any of the individual events on the Event Viewer, and there is no right click to let me open them.

Sadly, nothing else has changed - I still cannot get Quick Launch to display. I still cannot create favorites in IE8 - although Firefox works, and I can create Bookmarks there.

The Malwarebytes removal tool did not get rid of the 1.75.0.1300 setup executable on my desktop. I have not tried to reinstall, but somehow I feel certain that it will give that same Class not registered error that I get when I try to create favorites. And most curiously, even when replying in this forum I can no longer select bold, color, bullets, etc - everything at the top of this reply box is grayed out. This obviously worked when I began this topic.

[boweasel]

I see that you're back online.  Any further thoughts / ideas?

[AdvancedSetup]

Hi there.  Please run MiniToolBox and post that log please.

 

The results of CHKDSK should be in the Event Viewer which you can also run from the START - RUN by typing in EVENTVWR and click OK.

CHKDSK Event Viewer Entry

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

I'll be going to bed soon but will check on you in the morning.  Thanks

[boweasel]

Thank you.

Result.txt

[AdvancedSetup]

Well the Disk Check must have worked as the errors that were there are no longer there.

 

Please run the following and post back the log. 

 

How is the computer running now?  Are there any malware related issues still?

 

Next, download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

 

Thanks

[boweasel]

Will give you a report on the laptop tomorrow....

checkup.txt

[boweasel]

Wow....Mondays must be busy days - I went from the first entry on page 1 to halfway down page 2 in about 6.5 hours. I thought I'd been removed.

Will have to update you later on specifics, but nothing has changed - no Quick Launch, no opening of ANY shortcuts, no access to actual EVENTS in EV, no ability to create favorites in IE8, have not found ANYTHING that will open from All Programs (all shortcuts?)

[boweasel]

We're going out this evening - if you see something in the latest logs, I'll be checking back in about 6 hours.

[boweasel]

AdvancedSetup, I really appreciate your help thus far, but I need you to interpret your silence.  It it a sign that you're stumped?  Convinced that it's not malware?  Bored with the topic?  Too busy handling other poster's issues?  If you want to point me to another forum... that's okay, but my niece needs me to return the laptop to her.  We're already headed into the 5th day.   It does work except for the glitches I listed in the post of 7/15 11:39 AM.

[AdvancedSetup]

Sorry for the delay.  Yes your topic did get buried down and I had read it on my phone so it got marked read.  Sorry about that.

 

Let's try this tool

 

 

Please visit this webpage for instructions on downloading and running ComboFix: How to use ComboFix

Please make sure you disable your security applications before running ComboFix.

Once Combofix has completed it will produce and open a log file.  Please attach that log file to your next reply.
If needed the file can be located here:  C:\combofix.txt

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
 

Thanks

[boweasel]

Here's the ComboFix log, but somehow I don't think this laptop is infected with anything. I'm more inclined to believe that some sort of file association has become corrupted, and that's why I can't open any shortcuts, view an Event, create an IE favorite or get Quick Launch to work.

Combo.txt

[AdvancedSetup]

Please create a new user account that has admin rights.  Set a password on it.  Then restart the computer and logon with that new account and let me know how things work.

[boweasel]

Actually, this one of the first things I tried - before I started the topic, although I'd set no password earlier.

 

What this particular laptop does is automatically log me on to Mike2.  Every time.  I don't get any signon screen with the user names.  When I create a new user, it is available, but I have to log off of Mike2 which takes me to the XP Pro log on screen.  The user name is already populated with Mike2 and there is no pull down arrow.  I have to manually erase Mike2 and type in the user (and in this case, the password).  This is the only way to access a new user. 

 

All that being said, it makes no difference in the functionality of the laptop.  All the same issues, error boxes, etc that were part and parcel of Mike2 are issues for the new administrative user.

 

Should I try deleting Mike2?

[AdvancedSetup]

Please try running this software and see if it's able to correct the issue for you or not.

 

http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe

 

We can do a few more scans but this looks more like it's some type of Windows issue rather than in infection, but we'll try some more things as we go along.

 

Let me know how that software works out.