Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java 1.5.0 Build 6 Problems


  • This topic is locked This topic is locked
5 replies to this topic

#1 I_am_CanadianEh?

I_am_CanadianEh?

  • Members
  • 489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 PM

Posted 28 March 2006 - 12:50 PM

Hi,
I just upgraded to Java 1.5.0_6 and uninstalled the previous 1.4 version. Everything was fine and the install went smoothly. Spy Sweeper alerted me that it was attempting to install ssv.dll. I googled this and it showed it was from Java Virtual Machine so I allowed it.

Then, about a week later I had trouble accessing a web page saying I needed to download Java VM. But my Internet Advanced options showed me it was already installed. I ran HJT and found an O2, and 2 O9 entries referencing the ssv.dll file but it said "file missing".

I don't know how this file "disappeared", nor can I trace back to something I may have done.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:58 PM, on 03/28/06
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\TPWRTRAY.EXE
C:\WINNT\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\hpnra.exe
C:\WINNT\system32\kmw_run.exe
C:\Program Files\TOSHIBA\Network Device Switch 3\NDSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\KMW_SHOW.EXE
C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
C:\WINNT\System32\cidaemon.exe
C:\Documents and Settings\timp\My Documents\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.1.5/index.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://home.microsoft.com/search/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - blank (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\system32\hpnra.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Network Device Switch.lnk = C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121267163188
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121267122680
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Plug-in 1.4.1_02) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{650C4EDD-C0F8-4859-B611-35EBAD733980}: NameServer = 172.16.1.22,172.16.52.5,66.163.0.161
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msb.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = msb.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = msb.local
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE

HERE ARE THE ENTRIES I'M CONCERNED ABOUT:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - blank (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)

These 3 entries used to reference "ssv.dll"

What happened and how do I get this back??

A couple other things:
- I went to Internet Options, clicked on settings in the General tab and then on Objects. I saw 2 entries referencing Java Runtime Environment 1.5 Both entries show "None" in the total size column and one of them sometimes shows "Unknown" in the Status column.

Here is a copy of my uninstall list (note the 2 entries in bold)

Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.7
ALi AGP Driver 1.80
ALi Audio Accelerator WDM Driver
Bluetooth Stack for Windows by Toshiba
CCleaner (remove only)
EasyCleaner
eDrawings 2006
ewido security suite
Google Toolbar for Internet Explorer
HexDump plug-in for Ad-Aware SE
HijackThis 1.99.1
Intel® PRO Ethernet Adapter and Software
Internet Explorer Q903235
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 6
Java Web Start
Kaspersky On-line Scanner
Kensington MouseWorks
Lavasoft VX2 Cleaner
Lexmark Printer Software Uninstall
LiveUpdate 2.6 (Symantec Corporation)
LSP Explorer plug-in for Ad-Aware SE
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 SR-1 Professional
Microsoft Project 2000 SR-1
Microsoft VGX Q833989
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
Mozilla Firefox (1.5.0.1)
MyMusicManager
Network Device Switch
Network Device Switch 3
Norton AntiVirus Corporate Edition
Panda ActiveScan
QuickTime
Registry Mechanic 5.1
SPANworks 2000
Spy Sweeper
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Toshiba Client Manager
TOSHIBA Console
Toshiba Hotkey Utility for Display Devices
TOSHIBA Mobile Extension3 V3.09.00
Toshiba Power Saver
TOSHIBA Software Modem
Toshiba Utilities
Tweak-SE plug-in for Ad-Aware SE
Update Rollup 1 for Windows 2000 SP4
Windows 2000 Service Pack 4
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player system update (9 Series)
WinZip
Wireless Hotkey

Wondering what you guys can recommend. Much appreciated. :thumbsup:

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:48 PM

Posted 02 April 2006 - 09:07 AM

Hello I_am_CanadianEh? and welcome tothe BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

The "(file missing)" entries in an HJT log might or might not be valid. Sometimes HJT reports them as missing when they are present. It's just a quirk in HJT.

You can verify the presence of the files by doing a search and seeing if they are actually present. If so, then HJT is incorrect in reporting them as "missing".

If the files are actually missing then uninstall/reinstall Java (and disable SpySweeper before reinstalling). If they are present, then you could still try the uninstall/reinstall and see what happens.

If the problem continues then I would suggest posting a question in the Win2k forum and let them analyze it a little deeper. They can assist in non-malware related issues.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 I_am_CanadianEh?

I_am_CanadianEh?
  • Topic Starter

  • Members
  • 489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 PM

Posted 03 April 2006 - 11:21 AM

Great, thanks for your help. :thumbsup:

I did a search and ssv.dll was NOT present on my system. So I uninstalled and reinstalled and everything seems fine now. I think that what I may have accidentally denied a "change" when a Spy Sweeper alert popped up and hence it did not allow the BHO to be installed properly. As much as I love Spy Sweeper, their shields are a little too agressive. When I installed the first time, I had no less than 4 alerts.....to a legitimate program. Doesn't Spy Sweeper know that Java is legitamite?

Anyways, thanks again. I'm glad to know my PC is clean. :flowers:

Cheers. :huh:

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:48 PM

Posted 05 April 2006 - 04:28 PM

Hi I_am_CanadianEh?. You would think that SpySweeper would know that wouldn't you (haha). I have been testing a program called SpyCatcher by Tenebril that is quite aggressive when it comes to analyzing files also. There were a large number of files designated as threats by SpyCatcher that are harmless which I had to tell it to ignore. I guess it's a case of better safe than sorry.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 I_am_CanadianEh?

I_am_CanadianEh?
  • Topic Starter

  • Members
  • 489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 PM

Posted 06 April 2006 - 09:20 AM

Hey OldTimer :thumbsup:

Another quirk about Spy Sweeper is that if your hosts file is too large, the Hosts shield will not work :flowers:
I loaded the MPVS hosts list and my hosts file was about 420kb, and the shield told me my hosts file was too large.

I don't know the size limit before this happens, but now I simply use the built in Common ads sites shield. Web sites look ugly when you see the ad sections blocked out with red X's or "This page cannot be displayed"

Spy Sweeper - awesome at detecting and removing spies, but it has some obvious bugs that need fixing in the next release, like alerting you on well-known legitimate items.

Cheers, and thanks again. :huh:

IAMCeh?

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:48 PM

Posted 09 April 2006 - 08:30 AM

You're very welcome I_am_CanadianEh?. I'm glad that we could help.

Now that your issues have been resolved I will close this topic. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users