Have I missed something?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by DennisLee, Nov 7, 2008.

  1. DennisLee

    DennisLee Private E-2

    My wife's computer came down with some nasty stuff. I have followed the procedures in "Read and Run Me First" and almost all of the problems have been resolved. I just have a few of things I'm concerned about.

    The first one is probably pretty simple. The Java Updater jusched.exe is trying to access the internet, none of the scans flagged it and it is in the c:\program files\Java\jre6\bin directory. The only thing is most of the Sun.com and Java.com IP addresses start with 72.5.24, jusched.exe is trying to connect to 72.5.172.210. Can anyone confirm this is a valid point for Java Updates.

    The second one worries me more. When I started Windows Explorer tonight, ZoneAlarm reported it as trying to access the Internet. Is there any valid reason it would do that?

    The third thing is, when I run StartUpList, under Internet Explorer Toolbars, I have two entries with (no name) and (no file).

    StartupList 2.02 partial report
    Root node was 'Internet Explorer toolbars'
    Full path to root node: This Computer\Internet Explorer toolbars

    * All users (3) *
    HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    (no name) - @ - (no file)
    Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

    * This user *
    - ShellBrowser (3)
    HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll

    - WebBrowser (4)
    HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll
    &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
    AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL


    Logs are attached, thanks in advance!
     

    Attached Files:

    DennisLee, Nov 7, 2008
    #1
  2. DennisLee

    DennisLee Private E-2

    Second post to attach MGTools log
     

    Attached Files:

    DennisLee, Nov 7, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean.....though you should uninstall Viewpoint.

    Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Also use windows explorer to find and delete:
    C:\Temp

    You are blocking webroot from updating:
    Code:
    Webroot Software INAP-SFO-WEBROOT-6179 (NET-72-5-172-0-1) 
  72.5.172.0 - 72.5.172.255
    We can remove some of your startups....

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

     
    TimW, Nov 7, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds