Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast Antivirus Detected Java:Agent-KL [Expl]


  • This topic is locked This topic is locked

#31
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
here is the log when i am using ESETUninstaller.exe



>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/23/11 14:30:35] C:\Documents and Settings\Windows XP\Desktop\ESETUninstaller.exe 4.0.15.5
[07/23/11 14:30:35] Input arguments:
[07/23/11 14:30:44] Online (PC booted from fixed disk) mode detected.

[07/23/11 14:30:44] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[07/23/11 14:30:59] Scanning available operating systems ...

[07/23/11 14:30:59] Available operating systems, which AV product can be removed from:

[07/23/11 14:30:59] [1]
[07/23/11 14:30:59] Product Name: Microsoft Windows XP
[07/23/11 14:30:59] Current Version: 5.1.2.2600.WinNT.x86
[07/23/11 14:30:59] Volume: C:\
[07/23/11 14:30:59] System Root: C:\WINDOWS
[07/23/11 14:30:59] Program Files: D:\Program Files
[07/23/11 14:30:59] Program Files (x86):
[07/23/11 14:30:59] Common files: C:\Program Files\Common Files
[07/23/11 14:30:59] Common files (x86):
[07/23/11 14:30:59] Common application data folder: C:\Documents and Settings\All Users\Application Data
[07/23/11 14:30:59] Common programs folder: C:\Documents and Settings\All Users\Start Menu\Programs
[07/23/11 14:30:59] Device path folder: C:\WINDOWS\inf
[07/23/11 14:30:59] Drives mapping:
[07/23/11 14:30:59] Current Letter: C Native Letter: C
[07/23/11 14:30:59] Current Letter: D Native Letter: D

[07/23/11 14:30:59] Building cache: COM: AppID -> DllName ...
[07/23/11 14:30:59] Building cache: COM: Category -> ReferenceCounter ...
[07/23/11 14:30:59] Scanning installed AV products ...

[07/23/11 14:31:01] Installed AV products:
[07/23/11 14:31:01] 1. SEP

[07/23/11 14:31:01] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/23/11 14:31:18] Are you sure to uninstall SEP from this OS? (y/n): y


[07/23/11 14:31:21] Product uninstallation: SEP

[07/23/11 14:31:21] Uninstallation in progress, please wait ...

[07/23/11 14:31:21] Current control set ... ControlSet001

[07/23/11 14:31:21] Services: deleted: ControlSet001\Enum\Root\LEGACY_EECTRL

[07/23/11 14:31:21] WSC: SEP unregistered of Windows Security Center


[07/23/11 14:31:21] Delete of empty folders ...
[07/23/11 14:31:21] Symantec folder: deleted: C:\Program Files\Common Files\Symantec Shared\

[07/23/11 14:31:21] Symantec Product: deleted: Symantec\InstalledApps


[07/23/11 14:31:23] Windows Defender: deleted value in: Microsoft\Windows Defender ...
[07/23/11 14:31:23] deleted: DisableAntiSpyware

[07/23/11 14:31:23] Windows Defender: deleted value in: Microsoft\Windows Defender\Real-Time Protection ...
[07/23/11 14:31:23] deleted: DisableAntiSpywareRealtimeProtection

[07/23/11 14:31:23] Uninstallation SEP finished successfully.


[07/23/11 14:31:23] Log file location: "C:\Documents and Settings\Windows XP\Desktop\~ESETUninstaller.log"

[07/23/11 14:31:23] Uninstallation finished successfully, please restart your PC now.

[07/23/11 14:31:23] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets use combofix to remove it :) Once done can you let me know what problems remain

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#33
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Combofix Log (ESET)



ComboFix 11-07-23.04 - Windows XP 24/07/2011 12:42:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.502.272 [GMT 8:00]
Running from: c:\documents and settings\Windows XP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Windows XP\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Windows XP\Recent\Thumbs.db
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-22 12:03 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BFF2AF11-2556-445C-B4AF-0BDC44051144}\mpengine.dll
2011-07-20 05:30 . 2011-07-20 05:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-20 05:27 . 2011-07-20 05:27 -------- d-sh--w- c:\documents and settings\Windows XP\IETldCache
2011-07-20 05:21 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-20 05:21 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-20 05:21 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-20 05:21 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-20 05:21 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-20 05:21 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-20 05:21 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-20 05:16 . 2011-07-20 05:21 -------- dc-h--w- c:\windows\ie8
2011-07-19 20:06 . 2011-07-19 20:06 -------- d-----w- d:\program files\Microsoft Silverlight
2011-07-19 18:32 . 2011-07-19 19:25 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-19 17:30 . 2009-08-06 11:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-07-19 16:16 . 2011-07-19 16:16 -------- d-----w- c:\program files\Common Files\Java
2011-07-19 16:15 . 2011-05-03 20:52 476904 ----a-w- d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-19 05:41 . 2011-07-19 05:41 -------- d-----w- c:\documents and settings\Windows XP\Application Data\Malwarebytes
2011-07-19 05:41 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-19 05:41 . 2011-07-19 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-19 05:41 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 05:41 . 2011-07-19 05:41 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-07-18 08:02 . 2011-07-18 08:03 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Windows Live Writer
2011-07-18 08:02 . 2011-07-18 08:02 -------- d-----w- c:\documents and settings\Windows XP\Application Data\Windows Live Writer
2011-07-14 07:52 . 2011-07-19 14:56 -------- d-----w- c:\documents and settings\Windows XP\Application Data\IDM
2011-07-14 07:52 . 2011-07-23 13:08 -------- d-----w- c:\documents and settings\Windows XP\Application Data\DMCache
2011-07-14 07:51 . 2011-07-14 07:55 -------- d-----w- d:\program files\Internet Download Manager
2011-07-13 07:22 . 2011-07-13 08:36 -------- d-----w- d:\program files\proXPN
2011-07-12 18:03 . 2011-07-04 11:37 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-12 18:01 . 2011-07-04 11:36 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-12 18:00 . 2011-07-04 11:12 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-07-09 18:21 . 2011-07-13 08:36 -------- d-----w- d:\program files\easyMule
2011-07-09 16:36 . 2011-07-06 15:14 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-07-09 16:02 . 2011-07-09 16:03 -------- d-----w- d:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-09-12 10:44 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-09-12 10:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-16 07:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-09-12 10:44 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-09-12 10:44 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-09-12 10:44 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-09-12 10:44 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-09-12 10:44 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-09-12 10:44 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-09-12 10:44 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-30 05:07 . 2011-05-15 07:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2010-12-24 11:15 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-07 12:44 . 2011-06-07 12:44 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys
2011-05-24 11:14 . 2010-12-24 11:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 20:52 . 2010-08-28 16:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 18:25 . 2009-02-19 23:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-23 15:59 . 2011-03-27 07:06 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2006-02-28 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( [email protected]_07.32.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-24 04:16 . 2011-07-24 04:16 16384 c:\windows\Temp\Perflib_Perfdata_a60.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2011-04-15 02:59 180696 ----a-w- d:\program files\easyMule\modules\IE2EM.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- d:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- d:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="d:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2006-02-28 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 04:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 04:46 135168 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 09:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 03:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 02:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 04:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 14:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-28 08:32 16132608 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2006-11-26 18:30 97357 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 04:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-27 20:40 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\easyMule\\emule.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [13/07/2011 02:00 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [13/07/2011 02:01 194264]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [29/10/2007 14:42 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [29/10/2007 14:42 35712]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/02/2011 18:54 722416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [13/07/2011 02:03 103384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/05/2011 15:20 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/09/2010 18:44 309848]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [10/07/2011 00:36 101616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/09/2010 18:44 19544]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/07/2011 13:41 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/07/2011 13:41 22712]
S2 avast! Firewall;avast! Firewall;d:\program files\Alwil Software\Avast5\afwServ.exe [13/07/2011 02:01 121000]
S2 gupdate1ca580845e2100a;Google Update Service (gupdate1ca580845e2100a);d:\program files\Google\Update\GoogleUpdate.exe [09/09/2010 23:26 136176]
S2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [09/09/2010 23:26 136176]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [25/03/2010 14:38 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [25/03/2010 14:38 79104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [27/07/2009 14:08 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [27/07/2009 14:08 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [27/07/2009 14:08 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [27/07/2009 14:08 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [27/07/2009 14:08 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [27/07/2009 14:08 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [27/07/2009 14:08 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [27/07/2009 14:08 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [27/07/2009 14:08 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [27/07/2009 14:08 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [27/07/2009 14:08 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [27/07/2009 14:08 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [27/07/2009 14:08 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [27/07/2009 14:08 117672]
S3 XDva052;XDva052;\??\c:\windows\system32\XDva052.sys --> c:\windows\system32\XDva052.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 15:26]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 15:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 10.20.253.1:8080
uInternet Settings,ProxyOverride = 10.20.253.1:8080;local;*.local
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download by easyMule - d:\program files\easyMule\IE2EM.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D7A0BB83-852B-4BCB-95D7-1FBC7E497DB1}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\rpk4wmka.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 12:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:31,53,04,eb,fa,ed,2b,8d,6a,63,b6,7b
"LastWPAEventLogged"=hex:da,07,0b,00,05,00,13,00,06,00,32,00,30,00,e4,01
.
Completion time: 2011-07-24 12:55:29
ComboFix-quarantined-files.txt 2011-07-24 04:55
.
Pre-Run: 9,392,562,176 bytes free
Post-Run: 9,375,068,160 bytes free
.
- - End Of File - - 4615FBF43FA068F400169BA4A0CE6C0B
  • 0

#34
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
it works thank you so much ... so should i do this step?


You are very tight on memory and hard drive space so once this has run we will run a tidy up to see if that will alleviate it a bit
Once this run is complete can you let me know what problems remain

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote
DDS::
uInternet Settings,ProxyServer = 10.20.253.1:8080
uInternet Settings,ProxyOverride = 10.20.253.1:8080;local;*.local

Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
cacaoweb=-



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


  • 0

#35
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
my computer works a bit faster i guess no more problems ... and when i click back in d drive it's a bit faster than before but i think it is still slow


when i leave my computer alone while running firefox with multiple tabs on it and when i came back i click firefox it lags

Edited by donhealyou, 24 July 2011 - 03:01 AM.

  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove my tools and go for a quick spring clean. On completion of this can you let me know how the computer is behaving. You also need to upodate to SP3 and IE8

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.

    Posted Image

  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#37
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
How to know puran disc defragment is defragmenting your hard drive I choose restart defrag restart full disk check and came back to the windows screen and when I click firefox it does not appear ( I chose the c drive )
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You should have received a reboot now prompt, the system would have rebooted and then started defragmenting
  • 0

#39
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
My computer rebooted and disk checked and came back to the desktop screen ( does coming back to the desktop screen meaning that it is defragmenting? It does not show anything) and I can't open firefox in the desktop screen after rebooted... Anyways how long does the defragmenting end?
  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The defragment will be complete before it reboots to windows. What error does Firefox give when you try to launch it ?
  • 0

Advertisements


#41
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Firefox does not give any error when I double click it nothing came up same with puran defrag but my disks can be opened
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you open task manager and see if firefox is present as an application
  • 0

#43
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
I can't open task manager too ...
  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this is weird - have you downloaded anything since yesterday ?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#45
donhealyou

donhealyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
I restart my computer then it starts defragmenting is this normal? But before that it reboots itself and came to the desktop screen after I click defrag restart defrag full disk check and I can't open any applications. Now I am using my iPod touch so I can't download otl yet must wait for my sister tomorrow
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP