Jump to content

someone take a look at my autoruns?


Recommended Posts

Please post the reason why you would want someone to read the logs in Autoruns, what are the issues. You can download it from here: http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

Save it to your Desktop, then run the Program, Depending on the instructions you receive from an admin. or someone who will read this from the HiJackLog forum.

As soon as you start the program, press the Esc. key to stop it. In the menu bar of the program go to Options and drop down to "Verify Code Signatures" place a check there.

Then Press F5 to start the program again. When its Finished scanning, Go to File, Save. and save it to the desktop. it will be saved as an .am file Then zip the the file up, (since there over 5MB+) and attach it to your post.

note: unless you were sent here? I would contact an admin like: AdvancedSetup via PM.

one reason is my instructions above may need to be changed? Its not up to me! regards (any questions?)

Link to post
Share on other sites

A more efficient approach for non malware problems is to use a simpler program to get started

Please download and run Processexplorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply

Thanks. Advanced setup had told me that I could probably weed out some things on startup when he was looking at my logs for malware in the HJT forum (no malware was found). Just trying to trim some stuff down. Here is the log you requested. Thanks for the help!

Process PID CPU Description Company Name

System Idle Process 0 95.05

Interrupts n/a 1.98 Hardware Interrupts

DPCs n/a 0.99 Deferred Procedure Calls

System 4

smss.exe 612 Windows NT Session Manager Microsoft Corporation

csrss.exe 676 Client Server Runtime Process Microsoft Corporation

winlogon.exe 700 Windows NT Logon Application Microsoft Corporation

services.exe 744 0.99 Services and Controller app Microsoft Corporation

ibmpmsvc.exe 932 ThinkPad Power Management Service Lenovo

ati2evxx.exe 964 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 984 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1048 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1144 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1216 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1284 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 1768 Spooler SubSystem App Microsoft Corporation

sched.exe 1820 Antivirus Scheduler Avira GmbH

svchost.exe 1916 Generic Host Process for Win32 Services Microsoft Corporation

acs.exe 596 ACS Atheros

DiskMonitorService.exe 672 Active@ Disk Monitor Service LSoft Technologies Inc

avguard.exe 660 Antivirus On-Access Service Avira GmbH

BcmSqlStartupSvc.exe 880 BCM SQL Startup Service Microsoft Corporation

jqs.exe 1108 Java Quick Starter Service Sun Microsystems, Inc.

mdm.exe 1168 Machine Debug Manager Microsoft Corporation

QCONSVC.EXE 1236

SbieSvc.exe 1596 Sandboxie Service tzuk

sqlbrowser.exe 1740 SQL Browser Service EXE Microsoft Corporation

sqlwriter.exe 1876 SQL Server VSS Writer Microsoft Corporation

wdfmgr.exe 2012 Windows User Mode Driver Manager Microsoft Corporation

sqlservr.exe 516 SQL Server Windows NT Microsoft Corporation

alg.exe 1620 Application Layer Gateway Service Microsoft Corporation

lsass.exe 756 LSA Shell (Export Version) Microsoft Corporation

explorer.exe 3056 Windows Explorer Microsoft Corporation

rundll32.exe 3212 Run a DLL as an App Microsoft Corporation

jusched.exe 3312 Java Platform SE binary Sun Microsystems, Inc.

avgnt.exe 3332 Antivirus System Tray Tool Avira GmbH

IObit SmartDefrag.exe 3344 Smart Defrag IObit

ctfmon.exe 3364 CTF Loader Microsoft Corporation

SUPERANTISPYWARE.EXE 3376 0.99 SUPERAntiSpyware Application SUPERAntiSpyware.com

ISUSPM.exe 3384 Macrovision Software Manager Macrovision Corporation

DiskMonitor.exe 3428 Active@ Hard Disk Monitor LSoft Technologies Inc

DiskMonitor.exe 3520 Active@ Hard Disk Monitor LSoft Technologies Inc

SbieCtrl.exe 3548 Sandboxie Control tzuk

procexp.exe 1096 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Link to post
Share on other sites

Well from what I can tell there does not appear to be any infection. You do have a few programs that do a lot of Input/Output to the hard drive and its possible that maybe they can cause a minor slowdown or mini freeze from time to time.

I would get a program like AutoRuns from Microsoft and weed down some of the programs that are not absolutely needed to run during startup.

Uninstall those that you also no longer want or use

Above is what Advanced setup said, if that helps any. Thanks!

Link to post
Share on other sites

No please not the autoruns! Follow my Install instructions above & where to download it, after its done & on your desktop, then zip it and attach it here! you now how to attach it? (use the browse, then upload) if you need help...post back... regards

Link to post
Share on other sites

@prairie dog: I just took a look at your Autoruns file, looks like you forgot to refresh and let it scan again after checking the entry for verify code signatures. Please post another per the instructions below:

Please download Sysinternals Autoruns from here.

  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop.
  • Now right-click on the Autoruns.arn file located on your desktop and highlight Send To and select Compressed (zipped) Folder
  • Please attach the Autoruns.zip file you just created to your next post.

Thanks :D .

Link to post
Share on other sites

@prairie dog: I just took a look at your Autoruns file, looks like you forgot to refresh and let it scan again after checking the entry for verify code signatures. Please post another per the instructions below:

Please download Sysinternals Autoruns from here.

  • Save Autoruns.exe to your desktop and double-click it to run it.

  • Once it starts, please press the Esc key on your keyboard.

  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures

  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.

  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop.

  • Now right-click on the Autoruns.arn file located on your desktop and highlight Send To and select Compressed (zipped) Folder

  • Please attach the Autoruns.zip file you just created to your next post.

Sorry about that. I thought I had sent the right one. Here is the new autoruns log. Thanks again!

Thanks :D .

Link to post
Share on other sites

For some reason the second one you posted is still coming up blank as well. I tested Autoruns with another user's .arn file just to make sure it's not my software having the issue and it read his just fine. Did you press F5 as instructed after selecting Verify code signatures and make sure it said Ready at the bottom before saving the file?

Link to post
Share on other sites

Ok, let's try that then :D :

Please download RunScanner from here.

  • Save runscanner.exe to your desktop and double-click it to run it.
  • Once it starts, select Expert Mode and click Ok
  • When the main program opens, click on the Scan Computer button at the top, be patient it may take a few moments.
  • Once that's done click on the Save run file button at the top and when the save dialogue box opens, save the file as runlog and save it to your desktop.
  • Now right-click on the runlog.run file located on your desktop and highlight Send To and select Compressed (zipped) Folder
  • Please attach the runlog.zip file you just created to your next post.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.