0

yes, i know i get cookies from every website, its how your address bar remembers the sites, but what im saying is, every single time i scan with spybot i get the same thing pop up called "right media", i fix the problem , it gets the green check as in fixed, but also, usually when i fix a problem from spyboy sd they go to recovery right, but when i fix this problem, the "right media: it never shows up in recovery after i fix it, i mean i never really thought too much into that, but now that it wont go away and always shows up on scan i figured it might have something to do with it, anyway, if you know what it is and how to get rid of it id really appreciate it, oh yah, one more thing..What is this "JQSIEStartDetectorImpl Class" file, it is on my add on's but i know it has something to do with java but i already have soooo many things that have java or have something to do with java, dude, im ready to friggin reboot my whole computer, as in just delete everytghing and start all over..aight, thanks for your help, hope to hear from you soon, later.. rj

0

Make sure you have any browser windows closed when you use spybot. Not sure what the other file is.

0

when i ran spyboy i did have everything else closed down, every time that right media came up on the scan, also, if its ok with you, i would like to show you my hijackthis log and tell me if you see anything, i will point out a couple things that look a lil suspicious to me, but let me know if its ok and then ill send it, thanks again.. rj

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:16 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\qsb.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 4017 bytes

Ok, the ones i would like you to check out and see is,
F2 - REG, i have never seen that before, this just came up, looks wierd.
O9 - both (no name)'s
O18 - Filter
and
O20 - Winlogon Notify, never seen this one before either.
I really think the F2 one is REAL suspicious, looks crazy, but, i did recently today get rid of AVG and installed Avira antivirus, which seems to be ok, but i wouls also like your opinion on that. Ok, talk to you later, thanks again, bye. rj

0

your telling me that none of the ones i names off to you were bad, even the F2 one, that was never there before, and popped up in the scan before i copied it here, aight, well if you say that they are ok, then i trust yah, thanks again, yah, i like avira, its pretty neat, but, if i have any other questions can i use this thread still so i dont have to go through the crap of doing another one, i have this one in my favorites?

0

Both 09's you are worried about are Java. It says so in the line.
The 018 is Google.
The 020 is SuperAntispyware.
Explorer.exe is a legit file.

0

yah, i know the lines are java, but heres the thing, i have more than one of the same one, and i have for a lil while now, and i found out that viruses , backdoors, worms and so on can use real names such as that to hide themselves, just seemed suspicious cause two of the same, even in my add-ons theres like 4 or 5 of them, when i bring up security task manager, one of them two java's its at potensially dangerous, but in the STM its not always a virus just cause its somewhat dangerous, but, its deffinately possible, ...My question i guess is, is there anyway for me to find out whats real and whats not legit, so i can find out if i have a hidden virus somewhere. The only reason i ask that is because i keep finding viruses fromdifferent scans, like one day it will be a clean scan, then the next thing you know, i feel like something aint right with the pc and i scan again, and it finds a couple viruses, like malewarebytes, i ran scans for awhile every day after a virus i had a while ago, nothing ever popped up anymore, and then a few days ago, i ran a complete scan after finding nothing in the other programs, cause i havent used it in a lil bit, and like 6 major viruses popped up, trojan, rogue and a couple more, dont know where they came from, its like i have a virus in my pc thats hiding and every once in awhile it releases a couple litttle viruses , its really wierd, i would actually think its probably better that i just delete everything off my pc and restart it all all over again, i just dont know how to do it, as in you know, put in the cd to redo it all, backup files and all that stuff..anyway, if you can respond to all this, lol, then i appreciate it, ttys and thanks again, bye. rj

0

You can usually tell from where it is running from. For instance; explorer.exe is legitimate when running from the Windows folder, but anywhere else, it's not.

Running the file through Jotti's or virustotal will usually tell you too.

0

hey there, i have a question, i have asked many people, but i cant get a straight answer . ok, i have noticed that my task manager memory usage for the iexplore is steadily getting higher and higher while on the internet, and when i minimize it it drops back down, but as soon as i bring the page back up the MU rises again, it was a lil high, but every day it seems that it gets higher, now it goes up to about in the 213,000 k's, and will usually start around 40 to 1 hundred, its weird, but i have seen others complain bout the same problem, do you think i should judt go ahead and backup everything i need to keep and just redo my whole computer, reboot, or whatever you call it, if there is a way to do something about the memory usage going so high like i just talked about please let me know, it is driving me nutts, it makes the internet crazy slow and sluggish, im ready to take the computer outside and pull an officespace on it, the movie, member?, lol. Anyway, ttys, have a good day, later. RJ

0

All I can say is that the memory is there to be used. If you do not have ehough, buy some more :). Depending on the content of the page you are viewing, the memory use will be greater or smaller. Just the way it is.

0

Ok, i think i have asked you too many questions, cause really you arent being much of a help anymore, like your getting annoyed, lol, oh well, thats what this is here for i thought, all good, thanks for your past help and i will most deffinately find elsewhere for help, the question i asked you in which you said "its just the way it is" i have asked a few others and they all had different solutions on why it might be doing that, and things i can do to try and fix it..Before you give more advice to people you really might wanna think about freshening up your computer knowledge, because when your on a forum giving people advice for almost any computer problem but dont have the knowledge of most computer problems all your doing is waisting peoples time and kinda being a fruad, you could give someone the wrong info and screw there pc all up.. I had a problem i asked you earlier in this forum, and what you said was completely wrong, i did whatever it was on my own and fixed the problem myself, well also had someone else help me with the same problem, i told them what you emplied for me to do and they laughed and told me i should really know or even look at other answers they have given others before taking advice from someone..Dont take offense to this, im not trying to be a jerk or anything, but after your last reply, all you got to do is say, i really dont think i can help you with that rj, or , make another topic so you can get more replies on what to do, but instead you just said what you said which was a bogus very unintelligent statement. gl in helping others but i hope they have situations you know a lil better, but thanks again for the help you tried to give me earlier. Oh, and btw, the last hijackthis log i showed you and you said everything was good and looked fine, it wasnt, i cant remember exactly what it was, but one of the ones i mensioned for you to look at was bad, and you just blew it off to say it looks good, like i just said though, you really should be honest with people and say, i really dont know, or i dont wanna help you instead of giving bad advice, a persons computer isnt something to just guess about, anyway, take care and gl bro. late. RJ

0

Ok, i think i have asked you too many questions, cause really you arent being much of a help anymore, like your getting annoyed, lol, oh well, thats what this is here for i thought, all good, thanks for your past help and i will most deffinately find elsewhere for help, the question i asked you in which you said "its just the way it is" i have asked a few others and they all had different solutions on why it might be doing that, and things i can do to try and fix it..Before you give more advice to people you really might wanna think about freshening up your computer knowledge, because when your on a forum giving people advice for almost any computer problem but dont have the knowledge of most computer problems all your doing is waisting peoples time and kinda being a fruad, you could give someone the wrong info and screw there pc all up.. I had a problem i asked you earlier in this forum, and what you said was completely wrong, i did whatever it was on my own and fixed the problem myself, well also had someone else help me with the same problem, i told them what you emplied for me to do and they laughed and told me i should really know or even look at other answers they have given others before taking advice from someone..Dont take offense to this, im not trying to be a jerk or anything, but after your last reply, all you got to do is say, i really dont think i can help you with that rj, or , make another topic so you can get more replies on what to do, but instead you just said what you said which was a bogus very unintelligent statement. gl in helping others but i hope they have situations you know a lil better, but thanks again for the help you tried to give me earlier. Oh, and btw, the last hijackthis log i showed you and you said everything was good and looked fine, it wasnt, i cant remember exactly what it was, but one of the ones i mensioned for you to look at was bad, and you just blew it off to say it looks good, like i just said though, you really should be honest with people and say, i really dont know, or i dont wanna help you instead of giving bad advice, a persons computer isnt something to just guess about, anyway, take care and gl bro. late. RJ

LOL, you got to be kidding ,You should box you computer up and send it back to where ever you bought it, and go get yourself a yoyo to play with !

-1

lmao, first off, who the hell are you, and second, i have alot of different programs on my pc because it is used for bussiness type shit. That was a pretty smart and clever remark there smart guy, lol, what an idiot, let me tell you something, i dont know if you are the same person i have been talking to, but if not, im assuming your another mr. know it all but dont no SHIT, lol, well you at least act like you do, to be honest, everything i have asked on this forum in this topic i had pretty much knew but wanted second oppinions or thought sincase i was wrong, lol, but whats funny, the people that are supposed to know alot or at least act like they do dont know jack, cause everything that was said was WRONG, lmao, just as you would have said also most likely..Look here big guy, before you make a comment like the one you just made, you should get a pen and paper, write it down and go over it again and again so you can at least sat something worth reading, ignorance is bliss, specially with dealing with kids as yourself there bud, lol, goodnight youngbuck.

Votes + Comments
No need to bad mouth members
0

Last time I spend hours of my free time helping an ungrateful (expletive deleted) as you.
You got help from someone else? Good luck to you, but don't come back here bad mouthing when the help you received was free and given in good faith.
When you first posted you never included the whole log because you thought it was not important. The Hijackthis version was out-of-date, now your an expert? No worries :).
I use Opera and it can use anywhere up to 2-300 Mb of memory. That a problem? No. I got enough to spare.
Can there be memory leaks in a browser? Course there can, but mostly it's from badly written websites.
No, I wasn't getting annoyed. Why would I help in my own free time, if I got annoyed with doing it?
You didn't get the answer you wanted? They were the only answers I had for you. Not good enough for you? Sorry, I don't know everything and never claimed to.

0

BTW.

F2 is the UserInit entry which corresponds to the key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit which is found in Windows NT, 2000, XP and 2003. This key specifies what program should be launched right after a user logs into Windows.

Your entry F2 - REG:system.ini: Shell=explorer.exe is legitimate. If it had an entry after it such as scvhosts.exe or whatever, then it would have been a bad entry.

0

ok, the log your refering to that i didnt send the whole thing, when you told me that i went and did it again and posted the whole thing, if you remember correctly, and before hand i updated the version, so YES i did send a updated full hijack log, so look back for info before making un true statements. But i do wanna say something to what you said in the beginning of your reply, your right about what you said, it is free, and was in good faith, but, i honestly did mean what i said when i said that i didnt mean anything by this and i asnt trying to be a jerk, i was just kinda pissed off because i really was asking your advice or somewhat help about my memory usage being so high, many people had reasons to why it would be doing that, but you, all you had to say was buy some more memory, and sometimes it happens , basically for no reason. Now, that was the most part of why i said what i said, i felt like you were just being disrespectful towards me because maybe you were frustrated with me replying after reply, it seemed as you were just trying to blow me off and not waste your time in coming up with a legitimate reason to why it is doing what its doing.. I do appolagize for how i said what i said to you though, because yes, i do understand you were taking your time to help me and you were doing it in good faith, and i really do appreciate that. Maybe i could have been a lil less vulgar or even ignorant toward the way i said the things i said, i am sorry for that.. To be honest with you, i was just really have a AWFUL bad day and i guess i kinda took it out on your last reply, well, not really guess, i did. You didnt deserve that bro, but just so you know the last reply i did was to the ass that said something to me about what i said towards you, obviously defending you, "which" he did in good intension, i deserved it, lol, really though, i would probably have said the same thing to me if i was him too,. Anyway, i do appreciate the help and advice you gave to me before, i honestly do, and again i do appolagize for the way i acted and what i said. If ok, i would still like to talk to you about stuff that has to do with computers again sometime, you know, because im an "expert" and all, lmao. Nah, but being for real, i understand if you really dont ever wanna reply back to anything i ask or say, but either way, take care bru, and thanks again, hopefully youll see where i am coming from with why i acted the way i did. The reason for all this is because i know that you were trying to be a good guy and seriously help me, and i became an a-hole, hagd bro, later. RJ

0

I know this is an old thread but I was wondering if someone could look at my hajackthis log and let me know if it looks good. What led me to this site is that I was upgrading my AVG and received a message saying that I should remove the following application EA551C00-2AE5-11d3-8592-00A0C98E9EA4 and I was not able to figure out what it is. When I searched online I found that this is one of the things that rjmc79 was trying to get rid of. I am pretty new to this but any help would be great.

0

Hi Dgreazy7.

First of all- welcome to Daniweb :).

We ask that members not piggy-back questions on to a thread previously started by another member here in the Viruses, Spyware & other Nasties forum, (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/forums/faq.php?faq=daniweb_policies


Thanks for understanding.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.