LaLuz

Recovering Windows XP files and Internet after removing Virus

67 posts in this topic

That's considered a current version of Java

If you'd like, post over at the Java help forum here:

http://forums.whatth...howtopic=104537

For Malwarebytes......see if this works

If you have the pro version of MB....make sure you have your license key

-----------------------

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

image514.png

Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:

mbam-clean.exe

Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://www.malwareby...am-download.php

Let me know, MrC

Share this post


Link to post
Share on other sites

What are the procedures for XP to dowload ziprunas?

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

image514.png

Share this post


Link to post
Share on other sites

I run mbam-clean.exe and then proceded to download Malwarebytes, but I got the same 'coinstance error 0x80040154'.

Share this post


Link to post
Share on other sites

MrC,

I've started a new topic at the General Malwarebyte Anti-Malware forum, but they send me back to this forum. Please tell me how to proceed.

Thank you.

Share this post


Link to post
Share on other sites

Looking through the log you posted.....you have Java 7 Update 9 and Java 6 Update 38 installed?

Do you have the pro (paid) version of Malwarebytes?

MrC

Share this post


Link to post
Share on other sites

I downloaded Java 7 update 9 but it failed the test, so then I uploaded Java 6 update 38 as per your instructions.

Share this post


Link to post
Share on other sites

I'm sorry, I forgot to answer the second question.

I don't have the Pro version of Malawarebytes yet. I'm waiting to get my PC clean because I don't want to enter any of my personal information.

Share this post


Link to post
Share on other sites

OK, what firewall do you have running??

Just the Windows firewall?? MrC

Share this post


Link to post
Share on other sites

I'm not sure what happened here. The link that you game me took me to a page with instructions to disable the firewall, so I clicked on the tab to download and It downloaded a program call 'Free.Download Manager'. I got the same 0x80040154 on multiple screens. I also noticed that it changed my home page to 'search conduct.com.

Share this post


Link to post
Share on other sites

OMG! please disregard my last post. You were just showing me how to disable the firewall.

ok, I got the same error message when installing MB.

Share this post


Link to post
Share on other sites

Please uninstall >Free.Download Manager

Then.............

Please download AdwCleaner from here and save it on your Desktop.

Close all open programs and internet browsers.

Right-click on adwcleaner.exe and select Run As Administrator to launch the application. (XP just double click to run)

Click on Delete.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next answer.

You can find the logfile at C:\AdwCleaner[s1].txt as well.

MrC

Share this post


Link to post
Share on other sites

Thank you Mr, C. Here are the logs:

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 08:57:54

# Updated 16/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Mom - XXXXX

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Mom\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

File Deleted : C:\user.js

Folder Deleted : C:\Documents and Settings\Mom\Local

Settings\Application Data\Conduit

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted :

HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

Key Deleted : HKCU\Software\IB Updater

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet

Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted :

HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted :

HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201

Key Deleted : HKLM\Software\Conduit

Key Deleted :

HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted :

HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

Key Deleted : HKLM\Software\IB Updater

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions

[{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Mom\Local Settings\Application

Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage =

"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48",

Deleted [l.12] : urls_to_restore_on_startup = [

"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48"[...]

Deleted [l.320] : homepage =

"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48",

Deleted [l.534] : urls_to_restore_on_startup = [

"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48" ]

*************************

AdwCleaner[R2].txt - [2720 octets] - [18/12/2012 08:45:48]

AdwCleaner[R3].txt - [2782 octets] - [18/12/2012 08:48:02]

AdwCleaner[R4].txt - [2842 octets] - [18/12/2012 08:57:30]

AdwCleaner[s2].txt - [2680 octets] - [18/12/2012 08:57:54]

########## EOF - C:\AdwCleaner[s2].txt - [2740 octets] ##########

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 08:57:54

# Updated 16/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Mom - XXXXX

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

File Deleted : C:\user.js

Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\Conduit

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

Key Deleted : HKCU\Software\IB Updater

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek

Key Deleted : HKLM\Software\IB Updater

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48",

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48"[...]

Deleted [l.320] : homepage = "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48",

Deleted [l.534] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48" ]

*************************

AdwCleaner[R2].txt - [2720 octets] - [18/12/2012 08:45:48]

AdwCleaner[R3].txt - [2782 octets] - [18/12/2012 08:48:02]

AdwCleaner[R4].txt - [2842 octets] - [18/12/2012 08:57:30]

AdwCleaner[s2].txt - [2680 octets] - [18/12/2012 08:57:54]

########## EOF - C:\AdwCleaner[s2].txt - [2740 octets] ##########

Share this post


Link to post
Share on other sites

Is your homepage etc. OK now?

I don't know what else I can do for you, you don't have a Windows cd.

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.