35 replies to this topic

[prairie dog]

I was wondering if someone could take a look at my autoruns and let me know what I could weed out. What would be the best way to attach this? Thanks in advance to any advice

[yardbird]

Please post the reason why you would want someone to read the logs in Autoruns, what are the issues. You can download it from here: http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

Save it to your Desktop, then run the Program, Depending on the instructions you receive from an admin. or someone who will read this from the HiJackLog forum.

As soon as you start the program, press the Esc. key to stop it. In the menu bar of the program go to Options and drop down to "Verify Code Signatures" place a check there.

Then Press F5 to start the program again. When its Finished scanning, Go to File, Save. and save it to the desktop. it will be saved as an .am file Then zip the the file up, (since there over 5MB+) and attach it to your post.

note: unless you were sent here? I would contact an admin like: AdvancedSetup via PM.
one reason is my instructions above may need to be changed? Its not up to me! regards (any questions?)

[DaChew]

A more efficient approach for non malware problems is to use a simpler program to get started

Please download and run Processexplorer


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply

[prairie dog]

DaChew, on Jul 1 2009, 07:19 PM, said:

A more efficient approach for non malware problems is to use a simpler program to get started

Please download and run Processexplorer


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply

Thanks. Advanced setup had told me that I could probably weed out some things on startup when he was looking at my logs for malware in the HJT forum (no malware was found). Just trying to trim some stuff down. Here is the log you requested. Thanks for the help!

Process PID CPU Description Company Name
System Idle Process 0 95.05
Interrupts n/a 1.98 Hardware Interrupts
DPCs n/a 0.99 Deferred Procedure Calls
System 4
smss.exe 612 Windows NT Session Manager Microsoft Corporation
csrss.exe 676 Client Server Runtime Process Microsoft Corporation
winlogon.exe 700 Windows NT Logon Application Microsoft Corporation
services.exe 744 0.99 Services and Controller app Microsoft Corporation
ibmpmsvc.exe 932 ThinkPad Power Management Service Lenovo
ati2evxx.exe 964 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 984 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1048 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1144 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1216 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1284 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1768 Spooler SubSystem App Microsoft Corporation
sched.exe 1820 Antivirus Scheduler Avira GmbH
svchost.exe 1916 Generic Host Process for Win32 Services Microsoft Corporation
acs.exe 596 ACS Atheros
DiskMonitorService.exe 672 Active@ Disk Monitor Service LSoft Technologies Inc
avguard.exe 660 Antivirus On-Access Service Avira GmbH
BcmSqlStartupSvc.exe 880 BCM SQL Startup Service Microsoft Corporation
jqs.exe 1108 Java™ Quick Starter Service Sun Microsystems, Inc.
mdm.exe 1168 Machine Debug Manager Microsoft Corporation
QCONSVC.EXE 1236
SbieSvc.exe 1596 Sandboxie Service tzuk
sqlbrowser.exe 1740 SQL Browser Service EXE Microsoft Corporation
sqlwriter.exe 1876 SQL Server VSS Writer Microsoft Corporation
wdfmgr.exe 2012 Windows User Mode Driver Manager Microsoft Corporation
sqlservr.exe 516 SQL Server Windows NT Microsoft Corporation
alg.exe 1620 Application Layer Gateway Service Microsoft Corporation
lsass.exe 756 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 3056 Windows Explorer Microsoft Corporation
rundll32.exe 3212 Run a DLL as an App Microsoft Corporation
jusched.exe 3312 Java™ Platform SE binary Sun Microsystems, Inc.
avgnt.exe 3332 Antivirus System Tray Tool Avira GmbH
IObit SmartDefrag.exe 3344 Smart Defrag IObit
ctfmon.exe 3364 CTF Loader Microsoft Corporation
SUPERANTISPYWARE.EXE 3376 0.99 SUPERAntiSpyware Application SUPERAntiSpyware.com
ISUSPM.exe 3384 Macrovision Software Manager Macrovision Corporation
DiskMonitor.exe 3428 Active@ Hard Disk Monitor LSoft Technologies Inc
DiskMonitor.exe 3520 Active@ Hard Disk Monitor LSoft Technologies Inc
SbieCtrl.exe 3548 Sandboxie Control tzuk
procexp.exe 1096 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

[prairie dog]

Quote

Well from what I can tell there does not appear to be any infection. You do have a few programs that do a lot of Input/Output to the hard drive and its possible that maybe they can cause a minor slowdown or mini freeze from time to time.

I would get a program like AutoRuns from Microsoft and weed down some of the programs that are not absolutely needed to run during startup.
Uninstall those that you also no longer want or use

Above is what Advanced setup said, if that helps any. Thanks!

[yardbird]

@ prairie dog ok very well, if AdvancedSetup said post an autoruns log here. very good. You may want to save the autoruns instructions above. I can't get in the middle btw. DaChew & AdvanedSetup. cya later regards....

[DaChew]

@yardbird don't worry

how much ram does this thinkpad have?

[prairie dog]

1GB of Ram

[DaChew]

You should still post the autoruns, I see a lot of stuff that could go, Advanced gave you good advice on that.

Ram only helps so much, still a heavy load for an old laptop with slow cpu and hard drive

[prairie dog]

should I just copy and paste like the last one? Thanks

[yardbird]

No please not the autoruns! Follow my Install instructions above & where to download it, after its done & on your desktop, then zip it and attach it here! you now how to attach it? (use the browse, then upload) if you need help...post back... regards

[prairie dog]

@yardbird. HA! that would be a pretty long copy/paste. Sorry about that

Attached is the zipped autoruns. Thanks!

[yardbird]

Great! nice work... its a good program...

EDIT: ok its just a matter of time, depending on how busy AdvancedSetup is?

You can read the top 3 pinned topics in this forum: http://www.malwareby...php?showforum=7

It may be done tonight or a day from now.... will cya out there on ther board..

[prairie dog]

Thanks for the help Yardbird. I'll wait for DaChew to go over the log?

[yardbird]

very good whatever you had agreed to... ... all I did was get you to autoruns & the rest you did! see you out on the forums

[exile360]

@prairie dog: I just took a look at your Autoruns file, looks like you forgot to refresh and let it scan again after checking the entry for verify code signatures. Please post another per the instructions below:

Please download Sysinternals Autoruns from here.

• Save Autoruns.exe to your desktop and double-click it to run it.
  
• Once it starts, please press the Esc key on your keyboard.
  
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop.
  
• Now right-click on the Autoruns.arn file located on your desktop and highlight Send To and select Compressed (zipped) Folder
  
• Please attach the Autoruns.zip file you just created to your next post.

Thanks .

[AdvancedSetup]

I see no Exile on IM

[exile360]

Yeah, I'm at work, no IM's here unfortunately (I don't like to install software on the work PC since it's against policy, even though I could get away with it ).

[prairie dog]

exile360, on Jul 2 2009, 01:56 AM, said:

@prairie dog: I just took a look at your Autoruns file, looks like you forgot to refresh and let it scan again after checking the entry for verify code signatures. Please post another per the instructions below:

Please download Sysinternals Autoruns from here.

• Save Autoruns.exe to your desktop and double-click it to run it.
  
• Once it starts, please press the Esc key on your keyboard.
  
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop.
  
• Now right-click on the Autoruns.arn file located on your desktop and highlight Send To and select Compressed (zipped) Folder
  
• Please attach the Autoruns.zip file you just created to your next post.

Sorry about that. I thought I had sent the right one. Here is the new autoruns log. Thanks again!
Thanks .

[DaChew]

Do you run disk cleanup and keep at least 20% free space on your hard drive?

Do you see the same problems when sandbox is disabled?