|
|
#11
23rd Mar 2009, 09:35
|
|||
|
|||
|
No worries, it is probably a better idea to post the log, I'd just jump in and remove the little blighter but often steaming in is not best practice!
|
|
#12
23rd Mar 2009, 09:48
|
||||||||||||
|
||||||||||||
 Quite. I accidently rendered a laptop useless for a few months this way.I was cleaning out several programs I thought were unwanted. One of which turned out to be the trackpad drivers... Anyway, sorry bit of an off-topic comment but, just post the log and we can have a butchers ;)
__________________
__________________
"Why did they [PS3 Slim] stick with the UFO landing on a rectangle look" --- Nilay Patel; Engadget Ep. 160 My System: FordyPC
|
|
#13
23rd Mar 2009, 10:42
|
|||
|
|||
|
Hello again,
I removed some left over folders of Antivir and deleted (hopefully related!!) registry keys using their registrycleaner.exe. I also deleted 3 'drivers' one of which was the avgntmgr.sys - which are all apparently related to Antivir (assuming they're not malware etc). During these processes there was a couple of blue screens with different error messages but no crash dump and I did not make a note of the stop error messages  . However, I know I've seen them before, one of which mentions a driver (i think it's a driver) at the bottom of the stop error screen called ep* (some numbers - can't remember!). Anyway, after the BSODs I deleted the 3 'antivir drivers' and no blue screens since.I downloaded Hijackthis and installed after having to install MSVBVM60.DLL. This resulting log file is... C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 5716 bytes |
|
#14
23rd Mar 2009, 11:04
|
||||||||||||
|
||||||||||||
|
Also check C:\Windows\ System32 \drivers folder for avgntmgr.sys, as this is a genuine Avira file.
__________________
Did you check msconfig start up to see if it's listed ? My System: Home Build
|
|
#15
23rd Mar 2009, 11:08
|
|||
|
|||
|
Sorry I missed your last post ..... how are things now ?
|
|
#16
23rd Mar 2009, 11:11
|
|||
|
|||
|
I'm no HJT expert but most of that looks OK apart from the entries that have 'No File'
I can only presume that if you didn't use HJT to fix the files and just did a search and binned them, that would mean that possibly there is still a registry entry for them. Hence they are showing in the log as no file. The HP thingy looks like a hewlet packard driver, If you check it and click fix it will disable it from startup but not remove it, so I believe. Or you could do it in msconfig if you prefer. But your HP printer may not work without it |
|
#17
23rd Mar 2009, 11:30
|
|||
|
|||
|
Yeah that's what I thought, generally looked okay, wait for evilfantasy to give it a look though, he's the grand-wizard
__________________
"Why did they [PS3 Slim] stick with the UFO landing on a rectangle look" --- Nilay Patel; Engadget Ep. 160 |
|
#18
23rd Mar 2009, 11:37
|
|||
|
|||
|
Right then,
I have only 3 programs at start up: gmail notifier pop peeper ctfmon (whatever that is?) avgntmgr.sys doesn't seem to exist anymore. Hijackthis says I have an 'ipod service' but I haven't!! Is the basic idea of HJT to 'fix' the entries that are not genuine?? |
|
#19
23rd Mar 2009, 11:45
|
|||
|
|||
|
Yes and No,
Do you have itunes installed? If so I reckon 'bobs yer uncle' to the ipod services and I would leave them alone. Something needs to be watching for when you plug in your mp3 player if you have one. I'd say the 'no files' are duff but if there is a guy here who can give you the full gen on your entries I'd wait a little while. HJT shows services and the like that are loaded in to memory some are required some are not but you must not delete stuff just because you think you don't use it. The site where you got HJT from do analyse logs for people if you wanted a quick response, but if it's working at the mo just see how you get on. |
|
#20
23rd Mar 2009, 11:47
|
|||
|
|||
|
Just thought I'd add that I think the log looks reasonably healthy. Some people with serious malware problems have lists as long as your arm from HJT.
|
