Monkey Proof Posted December 16, 2005 Share Posted December 16, 2005 here is my log, whats with all the java stuff? Logfile of HijackThis v1.99.1 Scan saved at 11:05:09 PM, on 12/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Config2500\Utility\Config2500.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\DOCUME~1\TOMPAG~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = (edited by MP_handler for privacy) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [speedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe O4 - Startup: Config2500.lnk = C:\Program Files\Config2500\Utility\Config2500.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/downl...lscbase1524.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101525534872 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131450999850 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe this one will not go away: O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) Link to comment Share on other sites More sharing options...
Administrator Tarun Posted December 16, 2005 Administrator Share Posted December 16, 2005 Go into HijackThis, Misc Tools, Delete a Service, enter that missing brother service. But be very careful with that feature. Link to comment Share on other sites More sharing options...
Monkey Proof Posted December 16, 2005 Author Share Posted December 16, 2005 is this exactly what i should enter? C:\WINDOWS\system32\Brmfrmps.exe Link to comment Share on other sites More sharing options...
ghostly Posted December 17, 2005 Share Posted December 17, 2005 Do NOT delete that service unless you know for sure that the program is no longer on your system! Hijackthis has problems with some 023 entries and mislabels them as missing . Link to comment Share on other sites More sharing options...
Monkey Proof Posted December 17, 2005 Author Share Posted December 17, 2005 @ ghostly...thanks for the advice but i will only take direction from the knowledgeable staff of Lunarsoft Link to comment Share on other sites More sharing options...
Administrator Tarun Posted December 17, 2005 Administrator Share Posted December 17, 2005 I'd Search to see if the file is in that location to be safe. :realmad: Link to comment Share on other sites More sharing options...
Monkey Proof Posted December 17, 2005 Author Share Posted December 17, 2005 duh..i should have thought of that. anyways, searched and it does not exist. Link to comment Share on other sites More sharing options...
ghostly Posted December 17, 2005 Share Posted December 17, 2005 Is all good . I would do the same. You can confirm what I have said though. Link to comment Share on other sites More sharing options...
Monkey Proof Posted December 17, 2005 Author Share Posted December 17, 2005 ok..i still can not get rid of this. im not too concerned about it since its not associated with any malware. im bored so i was playing around with it. O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) Link to comment Share on other sites More sharing options...
ghostly Posted December 18, 2005 Share Posted December 18, 2005 Go to Start>>Run and type regedit Press enter. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Brother Popup Suspend service for Resource manager (brmfrmps) If Brother Popup Suspend service for Resource manager (brmfrmps) exists , right click on it and choose delete from the menu. Now navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Brother Popup Suspend service for Resource manager (brmfrmps) If LEGACY_Brother Popup Suspend service for Resource manager (brmfrmps) exists then right click on it and choose delete from the menu. Reboot and the entry should be gone . Link to comment Share on other sites More sharing options...
Monkey Proof Posted December 19, 2005 Author Share Posted December 19, 2005 thanks for the instructions. i didnt find it so thats that. but i did find a bunch of stuff that i thought i had uninstalled. whats up with that? Link to comment Share on other sites More sharing options...
ghostly Posted December 19, 2005 Share Posted December 19, 2005 Few programs clean up their mess completely when you uninstall them. Invariably there are registry entries left behind. If you are certain the programs you uninstalled are now gone, then right click on those entries you found and delete them. I strongly advise that you back up the registry first, or create a system restore point. Link to comment Share on other sites More sharing options...
Recommended Posts