Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system congig util.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Geoff777

Geoff777

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:09 PM

Posted 27 January 2005 - 07:19 AM

Hi all,
after cleaning my puter of a virus (or 2!!), I noticed when I ran the system configuration utility to see which items were running at start up, some files were still present, particularly;

AVSERVE2 and SKYNETAVE.

Does anyone know how to remove "dead wood" from the system config util. start up???

Many thanks

Geoff



please see hijack log

Logfile of HijackThis v1.99.0
Scan saved at 12:01:38, on 27/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\E_S00RP2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Documents and Settings\G Toon\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.f861.mail.yahoo.com/ym/login?.rand=678nd4iqskcq7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\System32\E_S415.tmp"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Microsoft® JavaScript® Console - {1ECB3AAE-4C13-43FC-8C13-8993BF270BBA} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {1ECB3AAE-4C13-43FC-8C13-8993BF270BBA} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft® JavaScript® Console - {1ECB3AAE-4C13-43FC-8C13-8993BF270BBA} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {1ECB3AAE-4C13-43FC-8C13-8993BF270BBA} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP2.EXE
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
Geoff

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:09 AM

Posted 27 January 2005 - 08:46 AM

Is this a different log from this one:

http://www.bleepingcomputer.com/forums/ind...showtopic=9978&

?

#3 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:09 PM

Posted 27 January 2005 - 08:53 AM

Hi Grinler yes it is,
one is for win 98 other for xp pro.

The win 98 is my sons; problem: cannot view any web pages.

The xp pro one is mine; problem: how to clear system config util. start up of unwanted items.

hope this clears up any confusion.
Many thanks
Geoff
Geoff

#4 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:09 PM

Posted 27 January 2005 - 12:23 PM

Hi Grinler,
the prob with my win xp pro was i could not remove remnants of
old progs (or virus) from system config util, start up.

However it was suggested in the win xp forum i download from;

http://www.mlin.net/StartupCPL.shtml

prog to clear "deadwood" from startup in sys.config.util.

Worked great,

Many thanks for ur efforts
Geoff

still have not sorted th win 98 browsing prob though. :thumbsup:
Geoff

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:09 AM

Posted 27 January 2005 - 02:20 PM

I do not see anything at all here. Are you having abrowsing issue here or on the other log we are working on?

#6 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:09 PM

Posted 27 January 2005 - 05:23 PM

Hi Grinler,
my apologies for the confusion, the browsing issue was with the win 98 log, that is the other we are working on with findit.
THis one was sorted with the link i mentioned.
Once again, many thanks
Geoff
Geoff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users