Kevin Zoll

Emsisoft Employee
  • Content Count

    18806
  • Joined

  • Last visited

  • Days Won

    177

Everything posted by Kevin Zoll

  1. Download to your Desktop Win32kDiag.exe by AD. Run Win32kDiag It will save a report on the Desktop (Win32kDiag.txt). Attach that report on your next reply.
  2. The instructions do not have you downloading and using HijackThis. You are to use HiJackFree. You did not attach an ISeeYouXP log. Use only the tools listed in the instructions. Attach log files for: HiJackFree ISeeYouXP
  3. Hello and welcome to the a-squared support forums. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  4. Hello and welcome to the a-squared support forums. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  5. Reboot your system. Sometimes that will fix the error you are receiving. Attach the logs I asked for previously. If you still get the error let me know and we will try to resolve that issue first.
  6. The ISeeyouXP log was not attached. ----------------------------------------------------------- Download Avenger from -->> HERE <<-- and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Drivers to delete: 2093de44 cpnwr orerthdy Registry keys to delete: HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74e98632-f013-423c-a5c3-c520163d1f28} Registry values to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | UserFaultCheck Folders to delete: C:\sh4ldr Files to delete: c:\windows\adyhaha.com c:\windows\isRS-000.tmp c:\windows\system32\degipeme.dll c:\windows\system32\fujegifu.dll c:\windows\system32\mivalivo.dll c:\windows\system32\lilofati.dll c:\windows\system32\bidiyije.dll c:\windows\system32\dezifamu.dll c:\windows\system32\deporare.dll c:\windows\system32\hopawiki.dll c:\windows\system32\tazofehu.dll c:\windows\system32\drivers\2093de44.sys c:\windows\system32\drivers\jjve.sys c:\windows\system32\drivers\orerthdy.sys Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post. ----------------------------------------------------------- Go to start > run and copy and paste the following command in the field: "%userprofile%\desktop\win32kdiag.exe" -f -r This should restore permissions on locked files and remove mountpoints. ----------------------------------------------------------- Attach fresh logs for: Avenger (C:\avenger.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  7. Your logs look fine. Unless you are having problems from Malware it is time to do the final steps. If you used ComboFix, uninstall ComboFix: Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.) AvoidTDSS /u or combofix /u Note: The space before /u, must be there. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix. Delete everything in C:\!KillBox Delete the following from your Desktop (If they exist) Avenger.exe Avenger.txt Avenger.zip DisableAutoRuns.reg FixMe.reg FixReg.reg ISeeYouXP.exe ISeeYouXP.lnk ISeeYouXP.txt Anything else I had you use Delete the following: (If they exist) C:\Avenger.txt C:\Avenger C:\ComboFix.txt C:\ComboFix C:\SDFix C:\Qoobox You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Empty the Recycle Bin Run ATF Cleaner In the ISeeYouXP folder double-click HideIT.bat. Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4 Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. Delete C:\ISeeYouXP Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. That should take care of everything. Safe Surfing!
  8. Your logs look fine. Unless you are having problems from Malware it is time to do the final steps. If you used ComboFix, uninstall ComboFix: Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.) AvoidTDSS /u or combofix /u Note: The space before /u, must be there. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix. Delete everything in C:\!KillBox Delete the following from your Desktop (If they exist) Avenger.exe Avenger.txt Avenger.zip DisableAutoRuns.reg FixMe.reg FixReg.reg ISeeYouXP.exe ISeeYouXP.lnk ISeeYouXP.txt Anything else I had you use Delete the following: (If they exist) C:\Avenger.txt C:\Avenger C:\ComboFix.txt C:\ComboFix C:\SDFix C:\Qoobox You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Empty the Recycle Bin Run ATF Cleaner In the ISeeYouXP folder double-click HideIT.bat. Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4 Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. Delete C:\ISeeYouXP Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. That should take care of everything. Safe Surfing!
  9. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  10. Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  11. Reason:[/b] Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  12. The amount of system ram and available HDD space, will effect system performance. Though XP will run fine on 512mb of system ram you should have 1gb or greater installed. Your hard drive should have at least 4gb of free space.
  13. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  14. Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*). REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{56071E0D-C61B-11D3-B41C-00E02927A304}] Close Notepad. Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry. ----------------------------------------------------------- Other than what I noted in my previous post, your system does not appear to be infected. What issues, if any, are your experiencing?
  15. Please, don't quote an entire post. I deleted your last post, as it only quoted my entire last post. Was there something you meant to add?
  16. The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u16 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- These all appear to be False Postives. [3512] C:\WINDOWS\system32\olepro32.dll detected: Trojan.Win32.Patched!IK C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe detected: Riskware.RiskTool.Win32.Reboot.f!A2 C:\Program Files\Mozilla Firefox\SmitfraudFix\WS2Fix.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062753.exe detected: Riskware.RiskTool.Win32.Reboot.f!A2 C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062765.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062771.bat detected: Trojan.WinREG!IK C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062772.exe detected: Riskware.Hacktool.NirCmd!IK C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062773.bat detected: Trojan.BAT.Agent!IK C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062774.bat detected: Trojan.BAT.Agent!IK C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062776.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 [code]C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062777.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 C:\WINDOWS\$hf_mig$\KB834707\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB867282\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB873333\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB887742\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB890047\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB890175\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\ServicePackFiles\i386\olepro32.dll detected: Trojan.Win32.Patched!IK C:\WINDOWS\SoftwareDistribution\Download\2538a73647c2cf3775a4933c545ee213557c8a57/spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\398f0c45cd46f045925de8cfce3ac8c4\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\95cf6eb04c28d6c2d66103e61d5c5b6d\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\e255a894a26bb0cc45b21ddb5c1c5e28\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\f9caa54645105c608ede060e87d38098\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\system32\olepro32.dll detected: Trojan.Win32.Patched!IK C:\WINDOWS\system32\WS2Fix.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 D:\1f06d2dbb18a650422829f566bf38aa1\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK
  17. The HiJackFree Analysis report is not one of the logs I need. I need the HiJackFree HJT Compatible log.
  18. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  19. Your system does not appear to be infected. Unless you are experiencing symptoms, that may be caused by malware, I am going to close this thread.
  20. Keygen.Rhinoceros.4.0.SR4.exe is a keygen, it's that simple. ----------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  21. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  22. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  23. Your Win32kDiag report appears to be incomplete. Repost the log and be sure to inclose the log in code tags. All logs are to be posted in that manner.
  24. You can have a-squared delete the following: a-squared Free - Version 4.5 Last update: 28/09/2009 18:07:01 Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 03/10/2009 08:51:10 c:\program files\blubster detected: Trace.Directory.Blubster!A2 c:\program files\mp3 rocket detected: Trace.Directory.MP3 Rocket!A2 c:\program files\mp3 rocket\lib detected: Trace.Directory.MP3 Rocket!A2 c:\program files\mp3 rocket\resource detected: Trace.Directory.MP3 Rocket!A2 c:\program files\mp3 rocket\root detected: Trace.Directory.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10 detected: Trace.Directory.MP3 Rocket!A2 c:\documents and settings\pruthvesh\start menu\programs\mp3 rocket detected: Trace.Directory.MP3 Rocket!A2 Value: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\fcn --> cnid detected: Trace.Registry.Funky Emoticons!A2 Value: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\fcn --> gid detected: Trace.Registry.Funky Emoticons!A2 Value: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\fcn --> idt detected: Trace.Registry.Funky Emoticons!A2 c:\windows\tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job detected: Trace.File.FraudPack!A2 c:\windows\tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job detected: Trace.File.FraudPack!A2 c:\windows\installer\msic.tmp detected: Trace.File.FileSubmit.A!A2 Key: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\software\NordBull\ detected: Trace.Registry.FraudPack!A2 Key: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\software\PopRock\ detected: Trace.Registry.FraudPack!A2 Value: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\software\Microsoft\Windows\CurrentVersion\Run --> PopRock detected: Trace.Registry.FraudPack!A2 c:\program files\common files\cmeii\gatorsupportinfo.txt detected: Trace.File.Gator!A2 c:\program files\common files\cmeii\greg.reg detected: Trace.File.Gator!A2 c:\program files\common files\cmeii\gui\svcsap\applist.htm detected: Trace.File.Gator!A2 c:\windows\system32\ide21201.vxd detected: Trace.File.WindUpdates!A2 c:\program files\mp3 rocket\license.txt detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\mp3 rocket (minimized).lnk detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\mp3rocket.exe detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\mp3rocket.ico detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\mp3rocketlauncher.exe detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\xml.war detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\ezjcom18.jar detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\ezjcomlib18.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\hashes detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jaxcent11.jar detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jaxcentlib11.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jdic.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jshdocvw.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jshdocvw.jar detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\log4j.properties detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\mp3rocket.ico detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\systemutilities.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\systemutilitiesa.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\tray.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\00_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\01_5_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\01_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\02_5_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\02_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\03_5_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\03_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\04_5_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\04_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\05_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\badge.img detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\canhandle.img detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\limewire.gif detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\options.js detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\scripts.js detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\silentdetect.js detected: Trace.File.MP3 Rocket!A2 Key: HKEY_LOCAL_MACHINE\software\myway detected: Trace.Registry.MyWaySpeedbar!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List --> C:\Program Files\BHO\uninstall.exe detected: Trace.Registry.StartupBHO!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List --> C:\Program Files\BHO\uninstall.exe detected: Trace.Registry.StartupBHO!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MP3 Rocket --> DisplayName detected: Trace.Registry.MP3 Rocket!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MP3 Rocket --> UninstallString detected: Trace.Registry.MP3 Rocket!A2 C:\Documents and Settings\Pruthvesh\My Documents\Amal\Local Settings\Temporary Internet Files\Content.IE5\0XYZMJKP\content32070-0[1].htm detected: Riskware.AdWare.Win32.Gator!IK C:\Documents and Settings\Pruthvesh\My Documents\Sneha\Local Settings\Temporary Internet Files\Content.IE5\8TCN8N83\content37885-0[1].htm detected: Riskware.AdWare.Win32.Gator!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033924.DLL detected: Riskware.AdWare.FunWeb!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033925.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033926.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033927.DLL detected: Riskware.AdTool.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033928.DLL detected: Riskware.AdWare.Mywebsearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033930.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033931.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033932.EXE detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033933.DLL detected: Riskware.AdWare.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033934.DLL detected: Riskware.AdWare.Mywebsearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033935.DLL detected: Riskware.AdWare.Mywebsearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033936.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033937.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033938.DLL detected: Riskware.AdWare.Mywebsearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033939.EXE detected: Riskware.AdWare.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033940.DLL detected: Riskware.AdWare.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033941.DLL detected: Riskware.AdWare.Win32.MyWebSearch.i!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0036174.DLL detected: Riskware.AdTool.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0036177.EXE detected: Riskware.AdTool.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0036178.DLL detected: Riskware.AdTool.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0036197.dll detected: Riskware.AdWare.Win32.PowerSearch!IK ----------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  25. Those folders are created by Microsoft's Internet Information Server (IIS) during installation. Update your a-squared definitions, run a new scan and post the resulting log.