0

I am having problems with my computer because of what I believe to be a virus. Here are the symptoms:
1) All Java and Java script applications on MS Internet explorer do not work.
2) I am able to download antivirus software but I am unable to run the programs.
3) My computer wont let me "restore"
4) AOL will not load.
I am using a sony desktop 2.4 Ghz with 512K ram. Running 2002 windows Xp home edition with service pack 1.

I am able to use Netscape Navigator just fine. It just seems that I am allowed to do everything but fix the problem.
Any suggestions on what I can do to fix this?

7
Contributors
30
Replies
31
Views
13 Years
Discussion Span
Last Post by Catweazle
0

if you can't run EXE's how do you run IE or Netscape?

disconnect it from your netowork, boot up in safe mode, and run adaware, and some antivirus.

it could just be security settings you have, or your firewall is blocking almost everything, you tried disabling it yet?

0

everytime I download an .exe file it gets downloaded as .exe.asf
I have to rename all the files to get them to work

0

Your Internet Explorer may be hijacked as in reply # 1 above, I suggest the same thing run hijack this and post the results here

0

what exactly are you looking for.. if I post this info, it has some account numbers for software that I bought.

0

I guess I can post this...
this is the C:/ info

Logfile of HijackThis v1.97.7
Scan saved at 9:22:56 AM, on 4/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\CHRIS LANDRY\Desktop\HijackThis.exe

0

ohhh, did not see the last message from you, ASF = Advanced streaming format used in Windows Media player, sounds like you got it slapped onto the end of all your exe files.

0

No-one is looking for your personal info. They're looking for entries relating to the stuff that you didn't put there! The spyware that has got into your system and is stopping things from working as they should.

Posting the log will enable people to identify problem entries, and suggest the actions you need to take to fix it.

0

what the heck.. here is the rest of it.. I appreciate your help

Logfile of HijackThis v1.97.7
Scan saved at 9:22:56 AM, on 4/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\CHRIS LANDRY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\CHRIS LANDRY\Application Data\Mozilla\Profiles\default\z7o193y6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CHRIS LANDRY\Application Data\Mozilla\Profiles\default\z7o193y6.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\RunOnce: [*pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1504d58377b8cfaaa619/netzip/RdxIE601.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38022.3792361111
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ucn.webex.com/client/latest/webex/ieatgpc.cab

0

Quicktime was not recently installed, but is on the computer.

0

ok, htpatch.exe is an AGP video update, so that was not an issue, You use Google, no issue there. wuauclt.exe is a script that checks for updates when you connect to the Internet for Windows ME., upgrade from Windows ME?.......I am not seeing nothing major yet.

0

I have had Plaxo and Weatherbug for sometime now and It has been working fine for me.

0

what security settings should I be at for IE to allow for all of the java applications?

0

snapfish is spyware, it is uploading tracking data from your computer. Stop sign in my book is spyware. akamai.net is used to provide content although in this case you may have used it to run online virus scan?....Housecall was at the tail of that line. I am not seeing a virus. You download music and I see you have a ref. to realtime. I think it is in the audio\video applications. download any lately?...

0

go to control panel and look at your list of recently installed programs. (add\remove). uhm, I leave my security at medium. That works for me.

0

Have only HJT running & fix these entries=

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe

O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1504d58377b8cfaaa619/netzip/RdxIE601.cab

Reboot into safe mode following the instructions here. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 & navigate to & delete
C:\WINDOWS\System32\winupd.exe< this one
C:\WINDOWS\system32\llass.exe< this one
Both added as a result of different viruses.

These are suspect & I would be deleting them too.
O4 - HKLM\..\RunOnce: [*pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O4 - HKLM\..\Run: [pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1

Reboot & you should post another log.

0

I deleted c:/WINDOWS/System32/windupd.exe
I could not find any of the following files in safe mode... C:\WINDOWS\system32\llass.exe<
O4 - HKLM\..\RunOnce: [*pvuwqvb] rundll32 C:\WINDOWS\System32vuwqvb.dll,Init 1
O4 - HKLM\..\Run: [pvuwqvb] rundll32 C:\WINDOWS\System32vuwqvb.dll,Init 1

0

here is the new log.
Logfile of HijackThis v1.97.7
Scan saved at 10:39:48 AM, on 4/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\CHRIS LANDRY\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\CHRIS LANDRY\Application Data\Mozilla\Profiles\default\z7o193y6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CHRIS LANDRY\Application Data\Mozilla\Profiles\default\z7o193y6.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\RunOnce: [*pvuwqvb] rundll32 C:\WINDOWS\System32:pvuwqvb.dll,Init 1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
09 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1504d58377b8cfaaa619/netzip/RdxIE601.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38022.3792361111
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ucn.webex.com/client/latest/webex/ieatgpc.cab

0

why can't I edit my posts on the first page of the thread?

0

the first problem I would like to take care of is allowing IE to run Javascript...
What should my security settings be to allow this again.?

0

Those entries I noted in my last post are still there. You need to get rid of them. When you try next time, Go to folder options & select 'Show hidden files/folders' to be sure these files can be found.
Might be an idea to have an online scan, so go to http://housecall.trendmicro.com/ for an on-line scan & set it to autoclean for you.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.