Jump to content

HJT Log analysis only! :-)


Guest

Recommended Posts

Dear Forum,

Could somebody kindly provide any suggestions about my HJT log?

I posted this here in this forum, as apparently I posted it in the wrong forum before! :-) http://forums.malwarebytes.org/index.php?showtopic=64919

Thanks!

Newbi3

PS: An analysis by www.hijackthis.de noted these six items:

1. - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe - ? - very safe - This is an unknown process

2. - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe - ? - - This is an unknown process

3. - O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe - ? - - unknown application

4. - O4 - Global Startup: Digital Line Detect.lnk = ? - neutral - Unknown application.

The entry is unnecessary and can be fixed.

5. - O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) - X - very safe - Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.

6. - 023 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe - ? - - Unknown service. (MICMUTE.exe)

7. O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

hijackthis.log

Link to post
Share on other sites

Dear Kahdah,

Thank you for the reply. I would like to know whether I should fix these entries with HJT. Entry number 7, for example, with 'file missing' is able to be fixed, isn't it?

Suggestions, comments or other tips are most welcome.

Thanks in advance.

Link to post
Share on other sites

Hi Hijackthis will not remove the service for the O23 entry it only disables it.

I can help you do this but I would need to see the entire log first.

Hi Kadah,

Thanks again for your reply. The full HJT log is attached in the first post for this thread, and I have reattached it below.

Look forward to your reply.

Cheers,

Newbi3

HJT.txt

Link to post
Share on other sites

Do you use a proxy to connect: http=localhost:12080

You can fix all of the following with Hijackthis:

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: VPN Client.lnk = ? <-this one if you don't want VPN starting up with the computer.

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

Then to delete the service please do the following:

Go to start > Run > type in cmd then hit ok.

Then type the following sc delete PsaSrv then hit enter it will say delete service success.

Then you are all done.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.