Kevin Zoll

Emsisoft Employee
  • Content Count

    18821
  • Joined

  • Last visited

  • Days Won

    177

Everything posted by Kevin Zoll

  1. The amount of system ram and available HDD space, will effect system performance. Though XP will run fine on 512mb of system ram you should have 1gb or greater installed. Your hard drive should have at least 4gb of free space.
  2. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  3. Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*). REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{56071E0D-C61B-11D3-B41C-00E02927A304}] Close Notepad. Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry. ----------------------------------------------------------- Other than what I noted in my previous post, your system does not appear to be infected. What issues, if any, are your experiencing?
  4. Please, don't quote an entire post. I deleted your last post, as it only quoted my entire last post. Was there something you meant to add?
  5. The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u16 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- These all appear to be False Postives. [3512] C:\WINDOWS\system32\olepro32.dll detected: Trojan.Win32.Patched!IK C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe detected: Riskware.RiskTool.Win32.Reboot.f!A2 C:\Program Files\Mozilla Firefox\SmitfraudFix\WS2Fix.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062753.exe detected: Riskware.RiskTool.Win32.Reboot.f!A2 C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062765.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062771.bat detected: Trojan.WinREG!IK C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062772.exe detected: Riskware.Hacktool.NirCmd!IK C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062773.bat detected: Trojan.BAT.Agent!IK C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062774.bat detected: Trojan.BAT.Agent!IK C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062776.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 [code]C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062777.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 C:\WINDOWS\$hf_mig$\KB834707\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB867282\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB873333\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB887742\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB890047\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB890175\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\ServicePackFiles\i386\olepro32.dll detected: Trojan.Win32.Patched!IK C:\WINDOWS\SoftwareDistribution\Download\2538a73647c2cf3775a4933c545ee213557c8a57/spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\398f0c45cd46f045925de8cfce3ac8c4\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\95cf6eb04c28d6c2d66103e61d5c5b6d\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\e255a894a26bb0cc45b21ddb5c1c5e28\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\SoftwareDistribution\Download\f9caa54645105c608ede060e87d38098\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK C:\WINDOWS\system32\olepro32.dll detected: Trojan.Win32.Patched!IK C:\WINDOWS\system32\WS2Fix.exe detected: Trojan-Downloader.Win32.Agent.chqe!A2 D:\1f06d2dbb18a650422829f566bf38aa1\spuninst.exe detected: P2P-Worm.Win32.Bacteraloh!IK
  6. The HiJackFree Analysis report is not one of the logs I need. I need the HiJackFree HJT Compatible log.
  7. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  8. Your system does not appear to be infected. Unless you are experiencing symptoms, that may be caused by malware, I am going to close this thread.
  9. Keygen.Rhinoceros.4.0.SR4.exe is a keygen, it's that simple. ----------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  10. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  11. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  12. Your Win32kDiag report appears to be incomplete. Repost the log and be sure to inclose the log in code tags. All logs are to be posted in that manner.
  13. You can have a-squared delete the following: a-squared Free - Version 4.5 Last update: 28/09/2009 18:07:01 Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 03/10/2009 08:51:10 c:\program files\blubster detected: Trace.Directory.Blubster!A2 c:\program files\mp3 rocket detected: Trace.Directory.MP3 Rocket!A2 c:\program files\mp3 rocket\lib detected: Trace.Directory.MP3 Rocket!A2 c:\program files\mp3 rocket\resource detected: Trace.Directory.MP3 Rocket!A2 c:\program files\mp3 rocket\root detected: Trace.Directory.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10 detected: Trace.Directory.MP3 Rocket!A2 c:\documents and settings\pruthvesh\start menu\programs\mp3 rocket detected: Trace.Directory.MP3 Rocket!A2 Value: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\fcn --> cnid detected: Trace.Registry.Funky Emoticons!A2 Value: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\fcn --> gid detected: Trace.Registry.Funky Emoticons!A2 Value: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\fcn --> idt detected: Trace.Registry.Funky Emoticons!A2 c:\windows\tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job detected: Trace.File.FraudPack!A2 c:\windows\tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job detected: Trace.File.FraudPack!A2 c:\windows\installer\msic.tmp detected: Trace.File.FileSubmit.A!A2 Key: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\software\NordBull\ detected: Trace.Registry.FraudPack!A2 Key: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\software\PopRock\ detected: Trace.Registry.FraudPack!A2 Value: HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\software\Microsoft\Windows\CurrentVersion\Run --> PopRock detected: Trace.Registry.FraudPack!A2 c:\program files\common files\cmeii\gatorsupportinfo.txt detected: Trace.File.Gator!A2 c:\program files\common files\cmeii\greg.reg detected: Trace.File.Gator!A2 c:\program files\common files\cmeii\gui\svcsap\applist.htm detected: Trace.File.Gator!A2 c:\windows\system32\ide21201.vxd detected: Trace.File.WindUpdates!A2 c:\program files\mp3 rocket\license.txt detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\mp3 rocket (minimized).lnk detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\mp3rocket.exe detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\mp3rocket.ico detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\mp3rocketlauncher.exe detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\xml.war detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\ezjcom18.jar detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\ezjcomlib18.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\hashes detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jaxcent11.jar detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jaxcentlib11.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jdic.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jshdocvw.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\jshdocvw.jar detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\log4j.properties detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\mp3rocket.ico detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\systemutilities.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\systemutilitiesa.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\lib\tray.dll detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\00_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\01_5_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\01_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\02_5_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\02_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\03_5_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\03_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\04_5_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\04_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\resource\05_ranking_stars.png detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\badge.img detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\canhandle.img detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\limewire.gif detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\options.js detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\scripts.js detected: Trace.File.MP3 Rocket!A2 c:\program files\mp3 rocket\root\magnet10\silentdetect.js detected: Trace.File.MP3 Rocket!A2 Key: HKEY_LOCAL_MACHINE\software\myway detected: Trace.Registry.MyWaySpeedbar!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List --> C:\Program Files\BHO\uninstall.exe detected: Trace.Registry.StartupBHO!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List --> C:\Program Files\BHO\uninstall.exe detected: Trace.Registry.StartupBHO!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MP3 Rocket --> DisplayName detected: Trace.Registry.MP3 Rocket!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MP3 Rocket --> UninstallString detected: Trace.Registry.MP3 Rocket!A2 C:\Documents and Settings\Pruthvesh\My Documents\Amal\Local Settings\Temporary Internet Files\Content.IE5\0XYZMJKP\content32070-0[1].htm detected: Riskware.AdWare.Win32.Gator!IK C:\Documents and Settings\Pruthvesh\My Documents\Sneha\Local Settings\Temporary Internet Files\Content.IE5\8TCN8N83\content37885-0[1].htm detected: Riskware.AdWare.Win32.Gator!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033924.DLL detected: Riskware.AdWare.FunWeb!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033925.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033926.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033927.DLL detected: Riskware.AdTool.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033928.DLL detected: Riskware.AdWare.Mywebsearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033930.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033931.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033932.EXE detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033933.DLL detected: Riskware.AdWare.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033934.DLL detected: Riskware.AdWare.Mywebsearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033935.DLL detected: Riskware.AdWare.Mywebsearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033936.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033937.DLL detected: Riskware.WebToolbar!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033938.DLL detected: Riskware.AdWare.Mywebsearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033939.EXE detected: Riskware.AdWare.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033940.DLL detected: Riskware.AdWare.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0033941.DLL detected: Riskware.AdWare.Win32.MyWebSearch.i!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0036174.DLL detected: Riskware.AdTool.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0036177.EXE detected: Riskware.AdTool.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0036178.DLL detected: Riskware.AdTool.Win32.MyWebSearch!IK C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP230\A0036197.dll detected: Riskware.AdWare.Win32.PowerSearch!IK ----------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  14. Those folders are created by Microsoft's Internet Information Server (IIS) during installation. Update your a-squared definitions, run a new scan and post the resulting log.
  15. Your logs show no malware. Did you ever install Microsoft's Internet Information Server (IIS)?
  16. RegCure is considered a "Potentially Unsafe Program", it is highly recommended that you uninstall RegCure. To do so: Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- If you have uninstalled RegCure; allow a-squred to delete the following: Key: HKEY_USERS\.DEFAULT\software\PopRock\ detected: Trace.Registry.FraudPack!A2 Key: HKEY_USERS\S-1-5-18\software\PopRock\ detected: Trace.Registry.FraudPack!A2 c:\program files\regcure\ detected: Trace.Directory.RegCure!A2 c:\documents and settings\all users\start menu\programs\regcure\ detected: Trace.Directory.RegCure!A2 c:\documents and settings\owner\start menu\programs\regcure\ detected: Trace.Directory.RegCure!A2 c:\windows\tasks\regcure.job detected: Trace.File.RegCure!A2 c:\windows\tasks\regcure program check.job detected: Trace.File.RegCure!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RegCure detected: Trace.Registry.RegCure!A2 Key: HKEY_LOCAL_MACHINE\software\RegCure detected: Trace.Registry.RegCure!A2 In any course you should have a-squared delete the following: E:\i386\Apps\App17981\comps\toolbar\toolbr.exe detected: Adware.Win32.SearchIt.t!A2 ----------------------------------------------------------- Post fresh logs for: a-squared Free Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  17. Your logs look fine. Unless you are having problems from Malware it is time to do the final steps. If you used ComboFix, uninstall ComboFix: Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.) AvoidTDSS /u or combofix /u Note: The space before /u, must be there. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix. Delete everything in C:\!KillBox Delete the following from your Desktop (If they exist) Avenger.exe Avenger.txt Avenger.zip DisableAutoRuns.reg FixMe.reg FixReg.reg ISeeYouXP.exe ISeeYouXP.lnk ISeeYouXP.txt Anything else I had you use Delete the following: (If they exist) C:\Avenger.txt C:\Avenger C:\ComboFix.txt C:\ComboFix C:\SDFix C:\Qoobox You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Empty the Recycle Bin Run ATF Cleaner In the ISeeYouXP folder double-click HideIT.bat. Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4 Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. Delete C:\ISeeYouXP Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. That should take care of everything. Safe Surfing!
  18. Your logs look fine. Unless you are having problems from Malware it is time to do the final steps. If you used ComboFix, uninstall ComboFix: Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.) AvoidTDSS /u or combofix /u Note: The space before /u, must be there. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults. Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix. Delete everything in C:\!KillBox Delete the following from your Desktop (If they exist) Avenger.exe Avenger.txt Avenger.zip DisableAutoRuns.reg FixMe.reg FixReg.reg ISeeYouXP.exe ISeeYouXP.lnk ISeeYouXP.txt Anything else I had you use Delete the following: (If they exist) C:\Avenger.txt C:\Avenger C:\ComboFix.txt C:\ComboFix C:\SDFix C:\Qoobox You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Empty the Recycle Bin Run ATF Cleaner In the ISeeYouXP folder double-click HideIT.bat. Turn off System restore to flush all your restore points then turn system restore back on. To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4 Click Yes when you receive the prompt to the turn off System Restore. To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. Delete C:\ISeeYouXP Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. That should take care of everything. Safe Surfing!
  19. fixes.bat just runs, and then closes when finished. Post a fresh a-squared log.
  20. The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u16 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- Allow a-squared to delete the following: c:\windows\prefetch\msa.exe-1e98b210.pf detected: Trace.File.file-exe-2009.com!A2 c:\windows\tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job detected: Trace.File.FraudPack!A2 Key: HKEY_USERS\S-1-5-21-2000478354-651377827-1801674531-1003\software\NordBull\ detected: Trace.Registry.FraudPack!A2 Value: HKEY_CLASSES_ROOT\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF} --> AppID detected: Trace.Registry.PC Doc Pro!A2 Value: HKEY_CLASSES_ROOT\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2 Value: HKEY_CLASSES_ROOT\CLSID\{6C9CA10D-E604-47FB-A2F9-C9A013193609}\InProcServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF} --> AppID detected: Trace.Registry.PC Doc Pro!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C9CA10D-E604-47FB-A2F9-C9A013193609}\InProcServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2 Value: HKEY_CLASSES_ROOT\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Remotely Anywhere Server Edition!A2 Value: HKEY_CLASSES_ROOT\CLSID\{43534152-0000-0010-8000-00AA00389B71}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Remotely Anywhere Server Edition!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Remotely Anywhere Server Edition!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43534152-0000-0010-8000-00AA00389B71}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Remotely Anywhere Server Edition!A2 This is a False Positive, Submit to EMSI Software for analysis. C:\Internet\downloads\autoit-v3-setup.exe/AutoItSC.bin detected: Riskware.AdWare.Win32.Maxifiles!IK ----------------------------------------------------------- Post fresh logs for: a-squared FreeLet me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  21. Did you save Win32kDiag to the Desktop as instructed?
  22. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. (C:\ComboFix.txt) ----------------------------------------------------------- Post fresh logs for: ComboFix (C:\combofix.txt) a-squared Free Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  23. The infection will prevent most of the tools listed in the thread linked to by Lynx. ----------------------------------------------------------- Download to your Desktop Win32kDiag.exe by AD. Run Win32kDiag It will produce a report on the Desktop. Post that report on your next reply.
  24. Open notepad Copy and Paste the below lines of code to notepad: @echo off copy C:\WINDOWS\system32\logevent.dll c:\logevent.dll copy C:\WINDOWS\ServicePackFiles\i386\dumprep.exe c:\dumprep.exe Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your Desktop. Double-click on fixes.bat to execute it. ----------------------------------------------------------- Download Avenger from here and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Files to move: C:\logevent.dll | C:\WINDOWS\SYSTEM32\eventlog.dll C:\dumprep.exe | C:\WINDOWS\SYSTEM32\dumprep.exe Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post. ----------------------------------------------------------- Go to start > run and copy and paste the following command in the field: "%userprofile%\desktop\win32kdiag.exe" -f -r This should restore permissions on locked files and remove mountpoints. ----------------------------------------------------------- Post fresh logs for: Avenger (C:\avenger.txt) a-squared Free ISeeYouXP HiJackFree Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!