Computer Hope
Microsoft => Microsoft Windows => Windows XP => Topic started by: terryb on September 21, 2009, 08:54:45 AM
-
Hi Perhaps its me i dont know, but since 3 days ago i can only read some newspaper websites with Java Script turned off. Twas never an issue before. If i turn java script off, i can read the stories but not the comments and if i turn it back on the page wont load.
My wife uses hotmail which she cant log on to without java script enabled.
I have tried updating java script, i have reloaded Firefox, also tried using IE but have problem whatever i do.
Is this a virus/malware dont know what to do next! Please someone help me before i throw my cdomputer out of the window!
Thanks
-
Javascript is not the same as Java the two totally different . what browser are you using?
-
Firefox new version as i deleated it then downloaded the new one in case that was problem. Also tried Opera but was so slow i deleated it again!
-
Firefox new version as i deleated it then downloaded the new one in case that was problem. Also tried Opera but was so slow i deleated it again!
Don't understand this post at all.
-
OK let me start again, untill a few days ago my computer was fine, then it would not load some pages on newspaper websites. It loads the front page but when you click on a story it freezes up. If you disable Java Scrip it loads but without comments made by readers. Unfortunatly as my wife uses Hotmail, she needs Java Script running so i cant just leave it off, and clearly there is a problem.
So i started by getting the latest Firefox, in case that was the problem, it made no difference, so i tried Opera which just ran so slow i gave up and deleated it, tried IE and it is the same as Firefox, so i decided to try a Java update, still makes no difference.
I am currently going through the steps on the read this before requesting malware removal help page as i am now guessing this must be the problem?
Do you see my problem now or am i just not getting it right???? ???
-
Okay, got it :).
A couple of things. First, you said this just started the other day. Did anything new happen between the last time everything was okay and the first time it wasn't (new hw, sw, etc)?
Also, I'd like to ask you to please run a full system scan with BOTH your anti virus utility AND either MalwareBytes or Super AntiSpyware (or both).
-
Hi Allen THANKS
I cant think of anything but, asking wife is like trying to get blood out of stone as "I always blame her"!!!
Ran my Avast Anti Virus nothing, ran Microsoft Malicious software removal tool, nothing. Tried Malwarebytes, nothing (though did not update so trying that next!).
SuperAnti-Spyware has just this second stopped and has 3 items all Trojan.Agent/Gen-Fake Alert(X32) so just going to deal with that before updating Malwarebytes and running that as per the malware page? Am I doing ok so far?
Thanks Terry
-
You're doing great - but you really need to stop blaming your wife for everything :D
-
This is the final log from Hijack this, I have posted it to the Malware page also. Any clues what i do next??? Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:44, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {774FE9E1-A8F8-4A40-9706-8F673D8DB6ED} (UNYKContactsFinderOCX.main) - http://www.unyk.com/Diffusion/ActiveX/UNYKContactsFinder.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\DDEML32.dll,C:\WINDOWS\System32\dplayx32.dll ,C:\WINDOWS\System32\DESKADP32.dll C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\System32\DESKADP32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 64b8c927517 - C:\WINDOWS\
O20 - Winlogon Notify: 64b8c927530 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 6528 bytes
-
Sorry it turns out my wife had downloaded a programme from Limewire which changes your ip address to watch something on UK tv which is only available in the UK, it only gave her a USA change of address so removed the programme, i suspect this is where it came from!!!! Below are the other two logs!!! Sorry.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/21/2009 at 02:30 PM
Application Version : 4.29.1002
Core Rules Database Version : 4114
Trace Rules Database Version: 2054
Scan type : Complete Scan
Total Scan Time : 01:18:08
Memory items scanned : 502
Memory threats detected : 1
Registry items scanned : 5871
Registry threats detected : 1
File items scanned : 51889
File threats detected : 1
Trojan.Agent/Gen-FakeAlert[X32]
C:\WINDOWS\SYSTEM32\DESKADP32.DLL
C:\WINDOWS\SYSTEM32\DESKADP32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\64b8c927669
Malwarebytes log
Malwarebytes' Anti-Malware 1.41
Database version: 2837
Windows 5.1.2600 Service Pack 3
21/09/2009 15:21:52
mbam-log-2009-09-21 (15-21-52).txt
Scan type: Quick Scan
Objects scanned: 99401
Time elapsed: 19 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 33
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\SYSTEM32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService32 (Worm.Archive) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\32.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\32.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\33.video.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\33.video.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\34.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\34.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\35.unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\35.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\36.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\36.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\37.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\37.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\39.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\39.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\40.mpgvideo.mpg (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\40.mpgvideo.mpg.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\293.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\293.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\294.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\294.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\295.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\295.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\296.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\296.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\301.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\301.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\302.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\302.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\303.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\303.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\304.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\304.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
Kind regards
Terry