Solve : Java issues?

1.	Solve : Java issues?
Answer» Hi Perhaps its me i dont know, but since 3 days ago i can only read some newspaper websites with Java Script turned off. Twas never an issue before. If i turn java script off, i can read the stories but not the comments and if i turn it back on the page wont load. My wife uses hotmail which she cant log on to without java script enabled. I have tried updating java script, i have reloaded Firefox, also tried using IE but have problem whatever i do. Is this a VIRUS/malware dont know what to do next! Please someone help me before i throw my cdomputer out of the window! ThanksJavascript is not the same as Java the TWO totally different . what browser are you using?Firefox new version as i deleated it then downloaded the new one in case that was problem. Also tried Opera but was so slow i deleated it again!Quote from: terryb on September 21, 2009, 12:04:51 PM Firefox new version as i deleated it then downloaded the new one in case that was problem. Also tried Opera but was so slow i deleated it again! Don't understand this post at all.OK let me start again, untill a few days ago my computer was fine, then it would not load some pages on newspaper websites. It loads the front page but when you click on a story it freezes up. If you disable Java Scrip it loads but without comments made by readers. Unfortunatly as my wife uses Hotmail, she needs Java Script running so i cant just leave it off, and clearly there is a problem. So i started by getting the latest Firefox, in case that was the problem, it made no difference, so i tried Opera which just ran so slow i gave up and deleated it, tried IE and it is the same as Firefox, so i decided to try a Java update, still makes no difference. I am currently going through the steps on the read this before requesting malware removal help page as i am now guessing this must be the problem? Do you see my problem now or am i just not getting it right? Okay, got it . A COUPLE of things. First, you said this just started the other day. Did anything new HAPPEN between the last time everything was okay and the first time it wasn't (new hw, sw, etc)? Also, I'd like to ask you to please run a full system scan with BOTH your anti virus utility AND either MalwareBytes or Super AntiSpyware (or both). Hi Allen THANKS I cant think of anything but, asking wife is like trying to get blood out of stone as "I always blame her"!!! Ran my Avast Anti Virus nothing, ran Microsoft Malicious software removal tool, nothing. Tried Malwarebytes, nothing (though did not update so trying that next!). SuperAnti-Spyware has just this second stopped and has 3 items all Trojan.Agent/Gen-Fake Alert(X32) so just going to deal with that before updating Malwarebytes and running that as per the malware page? Am I doing ok so far? Thanks TerryYou're doing great - but you really need to stop blaming your wife for everything This is the final log from Hijack this, I have posted it to the Malware page also. Any clues what i do next??? Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:02:44, on 21/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {774FE9E1-A8F8-4A40-9706-8F673D8DB6ED} (UNYKContactsFinderOCX.main) - http://www.unyk.com/Diffusion/ActiveX/UNYKContactsFinder.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\DDEML32.dll,C:\WINDOWS\System32\dplayx32.dll ,C:\WINDOWS\System32\DESKADP32.dll C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\System32\DESKADP32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: 64b8c927517 - C:\WINDOWS\ O20 - Winlogon Notify: 64b8c927530 - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 6528 bytesSorry it turns out my wife had downloaded a programme from LIMEWIRE which changes your ip address to watch something on UK tv which is only available in the UK, it only gave her a USA change of address so removed the programme, i suspect this is where it came from!!!! Below are the other two logs!!! Sorry. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/21/2009 at 02:30 PM Application Version : 4.29.1002 Core Rules Database Version : 4114 Trace Rules Database Version: 2054 Scan type : Complete Scan Total Scan Time : 01:18:08 Memory items scanned : 502 Memory threats detected : 1 Registry items scanned : 5871 Registry threats detected : 1 File items scanned : 51889 File threats detected : 1 Trojan.Agent/Gen-FakeAlert[X32] C:\WINDOWS\SYSTEM32\DESKADP32.DLL C:\WINDOWS\SYSTEM32\DESKADP32.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\64b8c927669 Malwarebytes log Malwarebytes' Anti-Malware 1.41 Database version: 2837 Windows 5.1.2600 Service Pack 3 21/09/2009 15:21:52 mbam-log-2009-09-21 (15-21-52).txt Scan type: Quick Scan Objects scanned: 99401 Time elapsed: 19 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 3 Files Infected: 33 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\SYSTEM32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService32 (Worm.Archive) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\SYSTEM32\GroupPolicyManifest\32.crack.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\32.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\33.video.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\33.video.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\34.setup.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\34.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\35.unpack.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\35.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\36.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\36.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\37.serial.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\37.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\39.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\39.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\40.mpgvideo.mpg (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicyManifest\40.mpgvideo.mpg.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\293.crack.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\293.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\294.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\294.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\295.serial.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\295.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\296.setup.zip (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\296.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\301.music.au (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\301.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\302.music2.au (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\302.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\303.music3.au (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\303.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\304.music4.au (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\LocalService\304.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully. Kind regards Terry

Answer»

Hi Perhaps its me i dont know, but since 3 days ago i can only read some newspaper websites with Java Script turned off. Twas never an issue before. If i turn java script off, i can read the stories but not the comments and if i turn it back on the page wont load.
My wife uses hotmail which she cant log on to without java script enabled.
I have tried updating java script, i have reloaded Firefox, also tried using IE but have problem whatever i do.
Is this a VIRUS/malware dont know what to do next! Please someone help me before i throw my cdomputer out of the window!
ThanksJavascript is not the same as Java the TWO totally different . what browser are you using?Firefox new version as i deleated it then downloaded the new one in case that was problem. Also tried Opera but was so slow i deleated it again!Quote from: terryb on September 21, 2009, 12:04:51 PM

Firefox new version as i deleated it then downloaded the new one in case that was problem. Also tried Opera but was so slow i deleated it again!

Don't understand this post at all.OK let me start again, untill a few days ago my computer was fine, then it would not load some pages on newspaper websites. It loads the front page but when you click on a story it freezes up. If you disable Java Scrip it loads but without comments made by readers. Unfortunatly as my wife uses Hotmail, she needs Java Script running so i cant just leave it off, and clearly there is a problem.
So i started by getting the latest Firefox, in case that was the problem, it made no difference, so i tried Opera which just ran so slow i gave up and deleated it, tried IE and it is the same as Firefox, so i decided to try a Java update, still makes no difference.

I am currently going through the steps on the read this before requesting malware removal help page as i am now guessing this must be the problem?

Do you see my problem now or am i just not getting it right? Okay, got it .

A COUPLE of things. First, you said this just started the other day. Did anything new HAPPEN between the last time everything was okay and the first time it wasn't (new hw, sw, etc)?

Also, I'd like to ask you to please run a full system scan with BOTH your anti virus utility AND either MalwareBytes or Super AntiSpyware (or both). Hi Allen THANKS
I cant think of anything but, asking wife is like trying to get blood out of stone as "I always blame her"!!!
Ran my Avast Anti Virus nothing, ran Microsoft Malicious software removal tool, nothing. Tried Malwarebytes, nothing (though did not update so trying that next!).
SuperAnti-Spyware has just this second stopped and has 3 items all Trojan.Agent/Gen-Fake Alert(X32) so just going to deal with that before updating Malwarebytes and running that as per the malware page? Am I doing ok so far?
Thanks TerryYou're doing great - but you really need to stop blaming your wife for everything This is the final log from Hijack this, I have posted it to the Malware page also. Any clues what i do next??? Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:44, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {774FE9E1-A8F8-4A40-9706-8F673D8DB6ED} (UNYKContactsFinderOCX.main) - http://www.unyk.com/Diffusion/ActiveX/UNYKContactsFinder.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\DDEML32.dll,C:\WINDOWS\System32\dplayx32.dll ,C:\WINDOWS\System32\DESKADP32.dll C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\System32\DESKADP32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 64b8c927517 - C:\WINDOWS\
O20 - Winlogon Notify: 64b8c927530 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6528 bytesSorry it turns out my wife had downloaded a programme from LIMEWIRE which changes your ip address to watch something on UK tv which is only available in the UK, it only gave her a USA change of address so removed the programme, i suspect this is where it came from!!!! Below are the other two logs!!! Sorry.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/21/2009 at 02:30 PM

Application Version : 4.29.1002

Core Rules Database Version : 4114
Trace Rules Database Version: 2054

Scan type : Complete Scan
Total Scan Time : 01:18:08

Memory items scanned : 502
Memory threats detected : 1
Registry items scanned : 5871
Registry threats detected : 1
File items scanned : 51889
File threats detected : 1

Trojan.Agent/Gen-FakeAlert[X32]
C:\WINDOWS\SYSTEM32\DESKADP32.DLL
C:\WINDOWS\SYSTEM32\DESKADP32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\64b8c927669

Malwarebytes log
Malwarebytes' Anti-Malware 1.41
Database version: 2837
Windows 5.1.2600 Service Pack 3

21/09/2009 15:21:52
mbam-log-2009-09-21 (15-21-52).txt

Scan type: Quick Scan
Objects scanned: 99401
Time elapsed: 19 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\SYSTEM32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\32.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\32.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\33.video.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\33.video.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\34.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\34.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\35.unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\35.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\36.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\36.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\37.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\37.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\39.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\39.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\40.mpgvideo.mpg (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\40.mpgvideo.mpg.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\293.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\293.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\294.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\294.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\295.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\295.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\296.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\296.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\301.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\301.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\302.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\302.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\303.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\303.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\304.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\304.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.

Kind regards
Terry

Solve : Java issues?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment