Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Member
    Join Date
    Aug 2009
    Posts
    8
    Points
    0

    Default suspicious entries

    The detective told me to post here so here it is any help would be appreciated.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:17:52 AM, on 8/24/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\S3trayp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SlipStream Web Accelerator\slipcore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlipStream Web Accelerator\slipgui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\SlipStream Web Accelerator\slipcore.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Pennswoods.net Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipgui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/327
    O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/328
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1223398911000
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{29504C2B-8AF8-4667-87C0-7DFF87502E51}: NameServer = 69.72.74.11 69.72.74.3
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 5899 bytes

  2. #2
    Moderator Forum Moderator JohnB151's Avatar
    Join Date
    Mar 2009
    Location
    The Netherlands
    Posts
    951
    Points
    38

    Default

    Hi! :hello2: and welcome to the Malware Removal forums.
    My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

    HijackThis logs can take some time to research, so please be patient with me. I know that you need
    your computer working as quickly as possible, and I will work hard to help see that happens.

    These rules are good for you to know:

    • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me how long it will take so the topic will not be closed.



    These rules are to make my voluntary work more comfortable:

    • Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • Please reply to this thread. Do not start a new topic.
    • Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.



    Finally, please make a uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    • Start HijackThis
    • Click on the Open The Misc Tool Section button
    • Click on the Open Uninstall Manager button.
    • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic. Also tell me if you are having any problems with your computer and elaborate on them.



    Regards,
    John.

  3. #3
    Member
    Join Date
    Aug 2009
    Posts
    8
    Points
    0

    Default

    Hi john! One of the main problems i have been haveing is while running java based games.They started running real slow on the 12th of august.I dont know if this would have anything to do with it or not but as i said before any help would be appreciated.
    Heres the uninstall log u wanted.
    7-Zip 4.57
    Adobe Flash Player 10 ActiveX
    avast! Antivirus
    CCleaner (remove only)
    Critical Update for Windows Media Player 11 (KB959772)
    DoylesRoom
    Eusing Free Registry Cleaner
    FrostWire 4.17.0
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    InstallMgr
    Intel(R) 537EP V9x DF PCI Modem
    Java(TM) 6 Update 15
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office FrontPage 2003
    Microsoft Office OneNote 2003
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Office Visio Professional 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    MSN Toolbar
    MSN Toolbar
    Nero 6 Ultra Edition
    PowerDVD
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VIA Display Driver 6.14.10.0099
    VIA Platform Device Manager
    VIA Rhine-Family Fast-Ethernet Adapter
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3

  4. #4
    Moderator Forum Moderator JohnB151's Avatar
    Join Date
    Mar 2009
    Location
    The Netherlands
    Posts
    951
    Points
    38

    Default

    Hi,

    Nothing looks wrong with your log. Let's try some things to solve the slow running of your Java games.

    You aren't running Firewall Software. Please download and install one of them first!

    Use a Firewall - Using a Firewall on your computer can be very important. Without a firewall your computer is susceptible to being hacked and taken over. There are some different situations you can be in where a third-party firewall may or may not be a good addition to your system:

    • If you are not using Windows XP or Vista, but an older version I recommend you to use a firewall.
    • If you are using Windows XP or Vista, but are on dial-up I recommend you to use a firewall.
    • If you are using Windows XP or Vista and are using broadband, but are not experienced in using firewalls and getting the choice to allow or disallow things I recommend you to use Windows Firewall.
    • If you are using Windows XP or Vista, are using broadband and experienced, I recommend you to disable Windows Firewall (as it is not perfect) and get a third-party firewall.



    Here are some firewalls which are free for personal use and most used:
    Kerio Personal Firewall (Free version after 30 days)
    Online Armor Free

    Or you could buy their paid version online or in a shop nearby:
    Kerio Personal Firewall (Continue paid version after 30 days)
    Online Armor or Online Armor AV+ with Anti-Virus included

    As you did this, we can begin with the fix.

    Step : Run CCleaner
    CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

    • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
    • Then select the items you wish to clean up.

      • In the Windows Tab:

        • Clean all entries in the Internet Explorer section except Cookies
        • Clean all the entries in the Windows Explorer section
        • Clean all entries in the System section
        • Clean all entries in the Advanced section
        • Clean any others that you choose

      • In the Applications Tab:

        • Clean all except cookies in the Firefox/Mozilla section if you use it
        • Clean all in the Opera section if you use it
        • Clean Sun Java in the Internet Section
        • Clean any others that you choose


    • Click the Run Cleaner button.
    • A pop up box will appear advising this process will permanently delete files from your system.
    • Click OK and it will scan and clean your system.
    • Click exit when done.
    • If it asks you to reboot at the end, click NO


    CCleaner should be run with the above settings for each User Account!

    Step 2: Update Java
    Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    First remove the older versions:

    • Click Start
    • Go to Control Panel
    • Go to Add/Remove Programs
    • Find and click Remove for each version of Java that is present
    • Download JavaRa and unzip it to your desktop.
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.


    Now let's download and install the newest version:

    • Download JRE 6 Update 16 from here: Java SE Downloads - Sun Developer Network (SDN)
    • As Platform select your operating system, agree to the License Agreement and click Continue.
    • Now click on the link under Windows Offline Installation and download the installer to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Then from your desktop double-click on the download to install the newest version.
    • Reboot your computer.



    Step 3: Clear Java cache
    Maybe clearing the Java cache helps.

    • Press Start
    • Go to Control Panel
    • Click Java
    • Under Temporary Internet Files click Settings...
    • Now click Delete files...
    • Select both options and click OK
    • The temporary files will now be deleted.
    • When done click OK twice and close Control Panel



    Step 4: Post log
    Please post the following in a reply to this topic:

    • Let me know if the Java games are still slow
    • JavaRa log



    Regards,
    John.

  5. #5
    Member
    Join Date
    Aug 2009
    Posts
    8
    Points
    0

    Default

    ok im stuck on step 2 i dont know which java to download any help?

  6. #6
    Member
    Join Date
    Aug 2009
    Posts
    8
    Points
    0

    Default

    oops! What I ment to ask was I dont know which platform im supposed to download how do i find out which one I need.

  7. #7
    Moderator Forum Moderator JohnB151's Avatar
    Join Date
    Mar 2009
    Location
    The Netherlands
    Posts
    951
    Points
    38

    Default

    As you don't know you probably do not have anything special so that will just be Windows

  8. #8
    Member
    Join Date
    Aug 2009
    Posts
    8
    Points
    0

    Default

    well I havent had time to really fully test it right now but once i do ill let you know how it goes.
    Here that log u wanted:
    JavaRa 1.15 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Aug 25 12:26:28 2009

    Found and removed: C:\Documents and Settings\Owner\Application Data\Sun\Java\jre1.6.0_12

    Found and removed: C:\Documents and Settings\Owner\Application Data\Sun\Java\jre1.6.0_13

    ------------------------------------

    Finished reporting.

  9. #9
    Moderator Forum Moderator JohnB151's Avatar
    Join Date
    Mar 2009
    Location
    The Netherlands
    Posts
    951
    Points
    38

    Default

    Alright, please let me know

  10. #10
    Member
    Join Date
    Aug 2009
    Posts
    8
    Points
    0

    Default

    Well I tested it out and it seems to still do the same thing.I'm not sure really how to explain it but it works for a few minutes then it gets really slow and dont wanna work right.If theres anything else you can come up with for me to try let me know.

    Thanks for all the help

Page 1 of 2 12 LastLast