Tech Support Forum - View Single Post

TechPaul · 03-16-2005, 06:39 AM

Good morning,

It is not going well this morning. Every time I reboot, the 020 Winlogon Notify line changes. And even when I try to delete whatever new dll file name it tosses at me, it tells me the file is in use, and I must shut something down in order to delete it. Usually I only have the Search window open, or a Windows Explorer window that I used to navigate to the C:\WINDOWS\SYSTEM32 folder with. I have done this in both Safe mode, and Normal mode (see note below about how I've been booting into Safe Mode)

I'm giving you another analyzed HJT file that was done after a normal reboot.

Also, I just realized something that may or may not make a difference, but for some reason I can't get f8 to launch safe mode on this laptop (an hp pavilion xt155), so I've been using msconfig and choosing the Diagnostic Start up.

Thanks again for your assistance,

Paul

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 5:35:23 AM, on 3/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE
C:\Program Files\Utilities\Notebook Utilities\hptasks.exe
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Presentation Ready] C:\Program Files\Utilities\Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\Utilities\Notebook Utilities\hptasks.exe /s
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\u0ru0a99ed.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

End of KRC HijackThis Analyzer Log.
====================================================================

03-16-2005, 06:39 AM	#5 (permalink)
TechPaul Registered User Join Date: Mar 2005 Posts: 17 OS: Win XP	Good morning, It is not going well this morning. Every time I reboot, the 020 Winlogon Notify line changes. And even when I try to delete whatever new dll file name it tosses at me, it tells me the file is in use, and I must shut something down in order to delete it. Usually I only have the Search window open, or a Windows Explorer window that I used to navigate to the C:\WINDOWS\SYSTEM32 folder with. I have done this in both Safe mode, and Normal mode (see note below about how I've been booting into Safe Mode) I'm giving you another analyzed HJT file that was done after a normal reboot. Also, I just realized something that may or may not make a difference, but for some reason I can't get f8 to launch safe mode on this laptop (an hp pavilion xt155), so I've been using msconfig and choosing the Diagnostic Start up. Thanks again for your assistance, Paul ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 5:35:23 AM, on 3/16/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE C:\Program Files\Utilities\Notebook Utilities\hptasks.exe C:\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE O4 - HKLM\..\Run: [Presentation Ready] C:\Program Files\Utilities\Presentation Ready\PresRdy.exe -r O4 - HKLM\..\Run: [Display Settings] C:\Program Files\Utilities\Notebook Utilities\hptasks.exe /s O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\u0ru0a99ed.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe End of KRC HijackThis Analyzer Log. ====================================================================