Submit Your Article Forum Rules FAQ About Us
Search the forums:

Tech Support Team

Join Now!Nav Seperator FAQNav Seperator GalleryNav Seperator TutorialsNav Seperator BlogNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below.


Tech Support Team » Malware Removal & Security » Malware Removal » Log in Cookies removed, allowed sites removed, slow text in web forms

Notices
Before creating a new thread, we ask that you please read our Removal guide first: Malware Removal Guide - Read Before Posting. We also advise you reading this thread before continuing: P2P programs - please remove before posting for help

NOTE: NEVER follow someone elses fix. Just because the symptoms may appear to be the same, it does NOT mean your system has the same malware infection. ALWAYS start a new thread so that a member of our Security Team can take you through the steps of cleaning your computer.

Reply
Thread Tools
 
  #1 (permalink)   Top
Old 17th June 2009, 11:04 PM
mikesndbs's Avatar
Newcomer
  
Join Date: Jun 2009, 0 posts.
Reputation: mikesndbs is on a distinguished road
Log in Cookies removed, allowed sites removed, slow text in web forms
Hi

I have a real problem here :-(

My system has been running stable just as I have it for some years now.
Just about the time of the June MS updates I suddenly found my log in details were not being saved!

I was told to upgrade from IE 6 to 7 and did this but the problem persisted.
I also tried Firefox but again the same issue.

I can see the cookies when I look but after I X out of IE for a short time when I go back the cookies come up not found and the log in details have again gone.

I have tried every possible setting in IE (as far as I know)

When I add sites to the allowed sites list they do appear in the list but if I leave the box and go back they are gone again.

I have also noticed that there is a lag or delay when pressing the RTN key when filling in a web form like this one!

My security is:
Avira AV free.
Spybot S&D with teatimer and resident
Spyware Blaster.
Spyware Guard.
Ad Aware free
Zone Alarm free
Cc Cleaner (cookie options tried)

What I have tried:

Using msconfig I disabled everything other than MS services and all start ups.
Also deactived ZA and Avira.
Problem persisted.

Avira did find a trogen tonight, but it was within a system retore point???
TR/Trash.Gen but I can't find out what it would do.

Anyway I would really like some help with this one please.
Here is a HJ log. The Norton stuff is just for Ghost.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:59, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\WINDOWS\System32\GEARSec.exe
E:\Program Files\iolo\common\lib\ioloServiceManager.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\Program Files\Norton Ghost\Agent\VProSvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PGPsdkServ.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\tcpsvcs.exe
E:\WINDOWS\System32\snmp.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2 a.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Microsoft IntelliType Pro\itype.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H 2.EXE
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Norton Ghost\Agent\GhostTray.exe
E:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
E:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
E:\Program Files\SpywareGuard\sgmain.exe
E:\Program Files\SpywareGuard\sgbhp.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
e:\program files\avira\antivir desktop\avcenter.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - E:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - E:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmartDefrag] "E:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis 2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [itype] "E:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H 2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "E:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://E:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://E:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://E:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\mswsock32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2...nAxControl.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8F5FCA6-48BB-4538-8EE1-4BF55A385B87}: NameServer = 192.168.90.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Update Service (gupdate1c92e10b050f0be) (gupdate1c92e10b050f0be) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - E:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - E:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - E:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12610 bytes
Reply With Quote
Reply

Only registered members can participate in forum threads. You must register or log in to contribute.


« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT. The time now is 11:11 PM.

Contact Us - Tech Support Team - Terms of Service - Top


Member Login
Forgot Password?



Post A Question!
Useful Links
Main Menu
Home
Forum Rules
FAQ
About Us
Welcome Pack
Search the forums
TST Mobile
Contact Us
Send Message

These are the 8 most used thread tags
Tag Cloud
geforce modem monitor no ring response no signal nvidia soft modem win7
Copyright © Tech Support Team, Inc. All rights reserved.
TechSupportTeam.org is an Privacy Policy and Legal Powered by vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.