Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast Antivirus Detected Java:Agent-KL [Expl]


  • This topic is locked This topic is locked

#16
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
i ran combofix.exe and it said that antivirus avast internet security and nod32 antivirus real time scanner is still active but i disable avast already and uninstall nod32 (i did not even know this antivirus was in my computer) but it is still running so i press x ( not ok ) but it warns me again then press x then luckily it said that it needs to update so it updates finish then came back to the screen when i first run combofix so i quickly click cancel and reboot my computer because i checked nod32 they said that when uninstall you need to reboot your computer but it takes quite long so i turn it off and turn it on again then it came back as usual... so i did not re run combofix again since you told me so... here is the picture and now when i click on my c drive there is a computer icon (combofix there) and qoobox (not sure last time this folder exist)i did run combofix one time but it asks me to update (connecting to server) after that i click cancel because my antivirus real time scanner is still on ( i turn back on my antivirus and antimalware real time shields and protection after i click cancel for combofix and reboot my computer not sure it will effect anything to my computer )


my nod32 is old version

Attached Files


Edited by donhealyou, 21 July 2011 - 03:43 AM.

  • 0

Advertisements


#17
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
my computer still runs the same before removing the malware using malwarebytes but i think it is a bit faster than before (just a little) but sometimes when i leave my computer away from keyboard then when i click mozilla firefox it lags(the browser is running with tabs in it)... im not sure whether it is my ram or something else... (this is before using combofix)

My D drive = when i click into a folder in d drive and when i click Back button it takes quite long to go back (this is after when i update combofix, click cancel and restart my computer) not sure whether is combofix or maybe i did not observe carefully last time

Edited by donhealyou, 21 July 2011 - 06:43 AM.

  • 0

#18
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
when i restart my computer i went to security center in control panel the virus protection is on and it says ESET NOD32 antivirus system 2.70 reports that it is up to date and virus scanning is on. i already uninstalled it and restart my computer but why does it still say this.. that is before i turn on windows defender real time protection and avast security shields...

sorry for the multiple posts
  • 0

#19
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
here is the picture of windows security centre saying nod32 is running and up to date

Attached Files


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run combofix and accept the warning - we will fix that afterwards
  • 0

#21
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Combofix Log



ComboFix 11-07-21.04 - Windows XP 22/07/2011 15:17:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.502.285 [GMT 8:00]
Running from: c:\documents and settings\Windows XP\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Windows XP\Application Data\cacaoweb
c:\documents and settings\Windows XP\Application Data\cacaoweb\adstorage.db
c:\documents and settings\Windows XP\Application Data\cacaoweb\storage.db
c:\documents and settings\Windows XP\Application Data\PriceGong
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Windows XP\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Windows XP\Recent\Thumbs.db
c:\documents and settings\Windows XP\WINDOWS
c:\windows\system32\Thumbs.db
c:\windows\system32\winlogon.bak
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\system32\winlogon.bak
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-20 05:30 . 2011-07-20 05:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-20 05:27 . 2011-07-20 05:27 -------- d-sh--w- c:\documents and settings\Windows XP\IETldCache
2011-07-20 05:21 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-20 05:21 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-20 05:21 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-20 05:21 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-20 05:21 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-20 05:21 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-20 05:21 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-20 05:16 . 2011-07-20 05:21 -------- dc-h--w- c:\windows\ie8
2011-07-19 20:06 . 2011-07-19 20:06 -------- d-----w- d:\program files\Microsoft Silverlight
2011-07-19 18:32 . 2011-07-19 19:25 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-19 17:30 . 2009-08-06 11:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-07-19 16:16 . 2011-07-19 16:16 -------- d-----w- c:\program files\Common Files\Java
2011-07-19 16:15 . 2011-05-03 20:52 476904 ----a-w- d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-19 12:01 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A379B92D-8905-444F-9788-A35F58862C1A}\mpengine.dll
2011-07-19 05:41 . 2011-07-19 05:41 -------- d-----w- c:\documents and settings\Windows XP\Application Data\Malwarebytes
2011-07-19 05:41 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-19 05:41 . 2011-07-19 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-19 05:41 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 05:41 . 2011-07-19 05:41 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-07-18 08:02 . 2011-07-18 08:03 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Windows Live Writer
2011-07-18 08:02 . 2011-07-18 08:02 -------- d-----w- c:\documents and settings\Windows XP\Application Data\Windows Live Writer
2011-07-14 07:52 . 2011-07-19 14:56 -------- d-----w- c:\documents and settings\Windows XP\Application Data\IDM
2011-07-14 07:52 . 2011-07-21 09:14 -------- d-----w- c:\documents and settings\Windows XP\Application Data\DMCache
2011-07-14 07:51 . 2011-07-14 07:55 -------- d-----w- d:\program files\Internet Download Manager
2011-07-13 07:22 . 2011-07-13 08:36 -------- d-----w- d:\program files\proXPN
2011-07-12 18:03 . 2011-07-04 11:37 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-12 18:01 . 2011-07-04 11:36 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-12 18:00 . 2011-07-04 11:12 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-07-09 18:21 . 2011-07-13 08:36 -------- d-----w- d:\program files\easyMule
2011-07-09 16:36 . 2011-07-06 15:14 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-07-09 16:02 . 2011-07-09 16:03 -------- d-----w- d:\program files\CCleaner
2011-06-23 15:59 . 2011-06-23 15:59 2106216 ----a-w- d:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 15:59 . 2011-06-23 15:59 1998168 ----a-w- d:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-09-12 10:44 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-09-12 10:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-16 07:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-09-12 10:44 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-09-12 10:44 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-09-12 10:44 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-09-12 10:44 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-09-12 10:44 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-09-12 10:44 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-09-12 10:44 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-30 05:07 . 2011-05-15 07:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2010-12-24 11:15 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-07 12:44 . 2011-06-07 12:44 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys
2011-05-24 11:14 . 2010-12-24 11:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 20:52 . 2010-08-28 16:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 18:25 . 2009-02-19 23:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-23 15:59 . 2011-03-27 07:06 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2006-02-28 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2011-04-15 02:59 180696 ----a-w- d:\program files\easyMule\modules\IE2EM.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- d:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- d:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="d:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2006-02-28 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 04:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 04:46 135168 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 09:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 03:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 02:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 04:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 14:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-28 08:32 16132608 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2006-11-26 18:30 97357 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 04:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-27 20:40 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\easyMule\\emule.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [13/07/2011 02:00 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [13/07/2011 02:01 194264]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [29/10/2007 14:42 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [29/10/2007 14:42 35712]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/02/2011 18:54 722416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [13/07/2011 02:03 103384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/05/2011 15:20 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/09/2010 18:44 309848]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [10/07/2011 00:36 101616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/09/2010 18:44 19544]
R2 avast! Firewall;avast! Firewall;d:\program files\Alwil Software\Avast5\afwServ.exe [13/07/2011 02:01 121000]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/07/2011 13:41 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/07/2011 13:41 22712]
S2 gupdate1ca580845e2100a;Google Update Service (gupdate1ca580845e2100a);d:\program files\Google\Update\GoogleUpdate.exe [09/09/2010 23:26 136176]
S2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [09/09/2010 23:26 136176]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [25/03/2010 14:38 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [25/03/2010 14:38 79104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [27/07/2009 14:08 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [27/07/2009 14:08 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [27/07/2009 14:08 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [27/07/2009 14:08 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [27/07/2009 14:08 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [27/07/2009 14:08 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [27/07/2009 14:08 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [27/07/2009 14:08 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [27/07/2009 14:08 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [27/07/2009 14:08 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [27/07/2009 14:08 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [27/07/2009 14:08 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [27/07/2009 14:08 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [27/07/2009 14:08 117672]
S3 XDva052;XDva052;\??\c:\windows\system32\XDva052.sys --> c:\windows\system32\XDva052.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 15:26]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 15:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 10.20.253.1:8080
uInternet Settings,ProxyOverride = 10.20.253.1:8080;local;*.local
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download by easyMule - d:\program files\easyMule\IE2EM.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D7A0BB83-852B-4BCB-95D7-1FBC7E497DB1}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\rpk4wmka.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-cacaoweb - d:\program files\cacaoweb\cacaoweb.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-foxy - c:\program files\Foxy\Foxy.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-BearShare MediaBar - c:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 15:32
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "d:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????O?????????????h?O???O???????????O???O? ??|`??|????????????????( ??????Service Pack 3?????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:31,53,04,eb,fa,ed,2b,8d,6a,63,b6,7b
"LastWPAEventLogged"=hex:da,07,0b,00,05,00,13,00,06,00,32,00,30,00,e4,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WININET.dll
d:\program files\Internet Download Manager\IDMShellExt.dll
d:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\MSCTF.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\WINDOW~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2011-07-22 15:38:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-22 07:38
.
Pre-Run: 6,755,262,464 bytes free
Post-Run: 9,447,940,096 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4C40ABED0D03D48925F3529752A43E88
  • 0

#22
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
after using combofix .... when i click into my d drive folders i clicked back button takes a while to go back not sure is this normal a not ...

and my c drive =

this is before using combofix and after combofix (sorry forgot to mention this to you)
i click document and settings in c drive but it takes quite long ( hangs a while then it will highlight it in blue ) but other folders in c drive when i click it one time it will highlight in blue quite fast


* and before i use the antiwpa.dll, my computer(laptop) sometimes will get a white screen but i think it is still running i have to turn it off and turn it back on (not sure whether this problem is because of malware)
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You are very tight on memory and hard drive space so once this has run we will run a tidy up to see if that will alleviate it a bit
Once this run is complete can you let me know what problems remain

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uInternet Settings,ProxyServer = 10.20.253.1:8080
uInternet Settings,ProxyOverride = 10.20.253.1:8080;local;*.local

Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
cacaoweb=-



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#24
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
i just found out that another internet explorer icon is on my desktop after using combofix (i think) you said disable all antivirus but the nod32 is still running ... so i just leave nod32 alone and continue with the procedure above? i will do the steps above tommorow... now it's getting late... thanks for your time helping me this far
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download and run the NOD removal tool

The extra icon was placed there by combofix, you can delete it if you wish - sleep tight :)
  • 0

Advertisements


#26
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
i translated what the program says (NOD32 removal tool)


This program attempts remaining parts of the NOD 32 antivirus system to remove. You have already tried NOD32 in the normal way to remove and why you want to continue with this program? yes or no ...i click yes


nod32 no parts found on the computer


but in the virus protection they still says nod32 antivirus is up to date and running ?? weird lol
  • 0

#27
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
i try this http://kb.eset.com/e...ent&id=SOLN2289 it stills says eset nod32 antivirus is still running and up to date after i turn off avast in security center.... so.... i'll wait for you to help me solve nod32 first then i do the above steps? (if this is not the right place to ask this... sorry) =(

Edited by donhealyou, 23 July 2011 - 01:00 AM.

  • 0

#28
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
i tried this http://hubpages.com/...tivirus-totally ( the third method ) it still says nod32 antivirus is up to date and running in security center .... i have no idea what to do now lol
  • 0

#29
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
turning on avast security centre picture

Attached Files


  • 0

#30
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
turning off avast security centre picture

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP