quorum log
quorum log The log where the quorum resource stores data. This data is maintained by the clustering software. Also known as the recovery log or change log.

log file
log file A file that stores messages generated by an application, service, or operating system. These messages are used to track the operations performed. For example, Web servers maintain log files listing every request made ...

security log
security log An event log containing information on security events that are specified in the audit policy.

trace log
trace log A type of log generated when the user selects a trace data provider using Performance. Trace logs differ sdff from counter-data logs in that they measure data continuously rather than take periodic samples.

Event Log service
Event Log service A service that records events in the system, security, and application logs. The Event Log service is located in Event Viewer.

Boot Logging
Boot Logging A process in which a computer that is starting (booting) creates a log file that records the loading of each device and service. The log file is called Ntbtlog.txt, and it is saved ...

log on
log on To begin using a network by providing a user name and password that identifies a user to the network.

Key Logger
Key Logger Any program that records keystrokes is, technically, a key logger. The term tends to be used in malware circles for programs that surreptitiously record keystrokes and then make the log of keyboard activity ...

logon right
logon right A user right that is assigned to a user and that specifies the ways in which a user can log on to a system. An example of a logon right is the right ...

winlogon.exe
[winlogon.exe]
Process File: winlogon or winlogon.exe
Process Name: Windows Logon Process
Description: Windows NT logon utility that manages user logons and logoffs. The utility prompts you for the password when you log on and allows you to ...

Example of a clean Hosts Log
Example of a clean Hosts Log # Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host ...

Re: HijackThisLog Analysis - Evon
Re: HijackThisLog Analysis - Evon Date: Thursday, 17 June, 2004 7:10 PM As for you log, it looks pretty clean.  The only entry that need attention is... O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe BackWeb-8876480.exe is a streaming web application. ...

How to easily Bypass the Windows Vista Boot Logon Screen
How to easily Bypass the Windows Vista Boot / Logon Screen? This is nothing more than simple account management. You will have to click the Start sphere, then enter "cmd" in the search box. In ...

Ad-Aware Log
Lavasoft Ad-aware Personal Build 6.181
Logfile created on  :Tuesday, June 15, 2004 10:33:04 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R319 15.06.2004 #:24 [save.exe]
    FilePath           : C:\Program Files\Save\
    ThreadCreationTime : 6-15-2004 2:16:57 AM
    BasePriority       : ...

Mcafee Log
Review Mcafee Scan Log: 9/4/2003 3:03:59 PM  C:\WINXP\system32\wins\DLLHOST.EXE W32/Nachi.worm
C:\System Volume Information\_restore{51AA6DBF-81DD-4C9D-A65D-E26C6DD1D3D5}\RP138\A0034475.EXE W32/Nachi.worm 6/8/2004 11:02:21 AM Move failed (Delete failed)   C:\Documents and Settings\SGNLW\Local Settings\Temp\ps_install-mt.exe Adware-PurityScan
C:\WINXP\system32\wintsu.exe Adware-PurityScan
C:\WINXP\system32\NAVSCAN32.exe W32/Sdbot.worm.gen.m
C:\WINXP\system32\NAVSCAN32.exe W32/Sdbot.worm.gen.m
C:\WINXP\system32\NAVSCAN32.exe W32/Sdbot.worm.gen.m
C:\WINXP\system32\NAVSCAN32.exe W32/Sdbot.worm.gen.m
C:\WINXP\system32\NAVSCAN32.exe W32/Sdbot.worm.gen.m
C:\WINXP\system32\NAVSCAN32.exe W32/Sdbot.worm.gen.m 6/14/2004 2:57:41 PM C:\Documents and Settings\SGNLW\Local Settings\Temp\VVSN_CLIC0404Inst.exe Adware-SaveNow
C:\WINXP\system32\wintsu.exe Adware-PurityScan
C:\Program Files\VVSN\URL1\SAVE-SYNCm-WHSE_sb.min.g2Inst.exe Adware-SaveNow
C:\Documents and Settings\SGNLW\Local Settings\Temp\B7C.WUT\WUSearch.cab\Search.exe Adware-SaveNow
6/14/2004 2:58:51 PM Move failed (Delete failed)  HAGGLUNDS\SGNLW C:\Program Files\WhenUSearch\SET15.tmp Adware-SaveNow
6/14/2004 2:58:53 PM Move failed (Delete failed)  HAGGLUNDS\SGNLW C:\Program Files\WhenUSearch\SET16.tmp Adware-SaveNow
6/14/2004 2:59:41 ...

Anti Spyware Removal Log
Anti Spyware Removal Log Occurred on: 02 / 09 / 2005 at 00:37:08 Internet Explorer URL for Search Bar has been allowed to be changed from website: byxsrzzuenamcqba.net / H5HFj1ucLs37QpjCIwwdNlcJzAX7byZOlE1WKl2QHP 60osqIjAWX0gLybIZeLR0P.jpg to website: wtwzibfpnbdgyuix.com / ...

Follow-up Log file
Follow-up Log file Logfile of HijackThis v1.97.7
Scan saved at 10:00:06 AM, on 10 / 8 / 2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C: \ WINNT \ System32 \ smss.exe
C: \ WINNT ...

Clean Log
Here is the log after the cleaning process: Logfile of HijackThis v1.97.7
Scan saved at 10:14:49 AM, on 8/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:??www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 ...

Ad-aware log
Lavasoft Ad-aware Personal Build 6.181
Logfile created on  :Tuesday, June 15, 2004 11:48:12 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R319 15.06.2004 Registry scan Alexa Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    ...

Re: HijackThisLog Analysis - Tipp87
Re: HijackThisLog Analysis - Tipp87 Date: Tuesday, 31 August, 2004 11:21 AM This log looks clean.  Here are some interesting observation: C:\WINDOWS\SM1BG.EXE ZCfgSvc.exe TPPALDR.EXE ...

Re: HijackThisLog Analysis - Todds
Re: HijackThisLog Analysis - Todds Date: 1 August 2004 Question: Please HELP!! We think we deleted approx 70 worms/viruses from our computer, but have not completely taken it back. Please let us know which entries to delete, ...

Logfile of HijackThis v1.98.2 - Anonymous
Logfile of HijackThis v1.98.2 - Anonymous Your log looks clean.  The following are some uncommon software, uninstall them if you are not frequently used: GhostTyp.exe (Typing Tools from sc-data.de) ...

Logfile of HijackThis v1.98.2 - Rasandy
Logfile of HijackThis v1.98.2 - Rasandy Your log looks clean.  The following are some uncommon software, uninstall them if you are not frequently used: PicasaMediaDetector.exe Media detector for Picasa's automatic photo ...

Log 2
I made several changes between when I sent the first log and when you responded. I am still having problems after making
the changes you suggested. I have a new log attached below for you to ...

Re: HijackThisLog Analysis - Jeff
Re: HijackThisLog Analysis - Jeff Date: Wednesday, 14 July, 2004 11:39 PM
This log looks clean. sstray.exe NVIDIA nForce Taskbar Utility. sstray.exe is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME, "C:\WINNT\SYSTEM32\" on Windows NT/2000 and "C:\WINDOWS\SYSTEM32\" on Windows XP. Ptipbmf.dll Probably ...

Log 3 - Cleaned/Good
CLEAN LOG Logfile of HijackThis v1.97.7
Scan saved at 6:27:55 PM, on 7/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\ACCESS LOCK\ALA.EXE
C:\PROGRAM ...

Pass 2 - Startuplist Log
Pass 2 - Startuplist Log StartupList report, 09/07/2004, 13:27:59
StartupList version: 1.52
Started from : C:\unzipped\1154483\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec ...

Re: HijackThisLog Analysis - PS25
Re: HijackThisLog Analysis - PS25 Date: 11 Nov 2004 Remember DO NOT run hijackthis.exe inside the zip file.  Unzip (extract) it to your desktop then double click on "HijackThis.exe" icon in this way a backup for the removed ...

Re: HijackThisLog Analysis - Luxin
Re: HijackThisLog Analysis - Luxin Date: 9 Nov 2004 References: WINSHOST.EXE; WINGO.EXE; Here is what you should do. End the below suspicious process : C: \ WINDOWS \ SYSTEM \ WINGO.EXE Remove these additional browser plug-in keys (O2...O4): O4 - HKLM \ ...

Re: HijackThisLog Analysis - Nick
Re: HijackThisLog Analysis - Nick Date: 7:09:14 PM, on 6/30/04 Looks like there is a remote control trojan in the system... Also there are multiple session of scvhost.exe. End the below suspicious process : C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\system32\scvhost.exe
Remove Unauthorised Software: DNTU26.EXE also suspected infection of W32/Deloder.worm. Download the latest ...

Re: HijackThisLog Analysis - Tom
Re: HijackThisLog Analysis - Tom Monday, 05 July, 2004 12:47 AM This log looks clean.  But you may want to take a closer look at... 016 - DPF: {69432678-2906-2705-1128-068943397621} - O16 - DPF: {5274A4E6-90C9-11D5-903D-00105AABADD3} (Seagull Web-to-Host Control Module) ...

Pass 3 - Cleaned Up Log
Pass 3 - Post Analysis and Review All clear except for: C:\WINDOWS\system32\srvany.exe C:\WINDOWS\system32\resetservice.exe Srvany,exe - Application that is associated with Microsoft Windows NT 4, 2000, and XP Resource Kits and is used to run normal Windows applications as services.  ...

Re: HijackThisLog Analysis - Peted
Re: HijackThisLog Analysis - peted Date: Tuesday, 22 June, 2004 11:42 PM This log looks clean! Below the the original log but with private information removed. ---- Logfile of HijackThis v1.97.7
Scan saved at 10:33:49 AM, on 6/22/2004
Platform: Windows 2000 SP4 ...

Logfile of HijackThis v1.97.7 - Anonymous
Logfile of HijackThis v1.97.7 - Anonymous This looks like a clean log. Scan saved at 1:14:22 PM, on 1 / 14 / 2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C: \ WINDOWS \ ...

Re: HijackThisLog Analysis - Ansteph
Re: HijackThisLog Analysis - Ansteph Here is what you should do. End the below suspicious process : C: \ WINDOWS \ System32 \ msserv32.exe
C: \ WINDOWS \ PMJ151LA.BIN
C: \ WINDOWS \ System32 \ lserv.exe
Remove these additional browser plug-in keys ...

Re: HijackThisLog Analysis - Dyanira
Re: HijackThisLog Analysis - Dyanira Date: Saturday, 26 June, 2004 12:16 AM This log looks clean.  Except for LzioMediaUpdater? (see link below) Process: C:\WINDOWS\System32\LzioMediaUpdater.exe Toolbar Object: O4 - HKLM\..\Run: [LzioMediaUpdater] C:\WINDOWS\System32\LzioMediaUpdater.exe
Below the the original log but with private information removed. ---- Logfile of ...

Re: HijackThisLog Analysis - Baraboon
Re: HijackThisLog Analysis - Baraboon Date: Wednesday, 11 August, 2004 12:31 AM
Here is what you should do. Remove these additional browser plug-in keys (O2...O4): O2 - BHO: (no name) - {1ce95e37-31a7-4b7a-9eec-d42d4db2af74} - C:\WINDOWS\System32\Q188652718.dll
O3 - Toolbar: (no name) ...

Re: HijackThisLog Analysis - LuxTour
Re: HijackThisLog Analysis - LuxTour Date: Friday, 24 September, 2004 6:25 PM Here is what you should do. Reboot the computer and put it to safe mode.  Then run the HJT scan again. End the below suspicious process : C: \ ...

Re: HijackThisLog Analysis - Richard
Re: HijackThisLog Analysis - Richard Date: Saturday, 18 September, 2004 1:38 AM Your log looks clean except for these two entries: O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k Generated probably due to a system fault ...

Re: HijackThisLog Analysis - Jim
Re: HijackThisLog Analysis - Jim Date: Wednesday, 30 June, 2004 5:07 AM
The log looks pretty clean except for the suspicious looking hayodr.exe - Does this initial meant anything to you?  Did you add any new program ...

Logfile of HijackThis v1.97.7 - cjtf
Logfile of HijackThis v1.97.7 - cjtf The following entries needs attention: R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: best-search.cc / search.php?v=6&aff=0
R1 - HKCU \ Software \ Microsoft \ Internet ...

Re: HijackThisLog Analysis - Barny
Re: HijackThisLog Analysis - Barny Date: Friday, 15 October, 2004 2:55 AM Remember DO NOT run hijackthis.exe inside the zip file.  Unzip (extract) it to your desktop then double click on "HijackThis.exe" icon in this way a backup ...

Re: Chuck (re-log)
Re: HijackThisLog Analysis - Chuck Date: Friday, 15 October, 2004 2:06 AM Remember DO NOT run hijackthis.exe inside the zip file.  Unzip (extract) it to your desktop then double click on "HijackThis.exe" icon in this way a backup ...

Re: HijackThisLog Analysis - Justine
Re: HijackThisLog Analysis - Justine Date: Tuesday, 15 June, 2004 1:12 PM This is quite a clean log.  But remove the following bad search entries: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:??www.alltheinternet.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:??www.alltheinternet.com/search.htm
R0 ...

Re: HijackThisLog Analysis - Lin
Re: HijackThisLog Analysis - Lin I need some help. When my computer first starts up it has a form 1 text box pop up. The process behind it is oppos. When I stop the process the ...

Re: HijackThisLog Analysis - Pistachio
Re: HijackThisLog Analysis - Pistachio Date: Thursday, 08 July, 2004 2:18 AM
Here is what you should do. End the below suspicious process : C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\AAF85H.EXE
C:\WINDOWS\SYSTEM\CKMV9I.EXE Remove these additional browser plug-in keys (O2...O4): O2 - BHO: BHO Class - {C82B55F0-60E0-478C-BC55-E4E22F11301D} - C:\WINDOWS\SYSTEM\CHGRGS.DLL O4 ...

Re: HijackThisLog Analysis - Optionstradr
Re: HijackThisLog Analysis - Optionstradr Date: Tuesday, 13 July, 2004 11:04 AM
Looks like you have corporate VPN and Novell components installed - it would be a good idea to document your removal process in the event ...

Re: HijackThisLog Analysis - Lou
Here is my Hijackthis Log, can someone help with telling me what to remove and what to keep? Thanks. Date: 1:00:37 PM, on 9 / 14 / 2004 Remember DO NOT run hijackthis.exe inside the zip file.  Unzip ...

Logfile of HijackThis v1.99.1 - drcpr
Logfile of HijackThis v1.99.1 - drcpr This log looks clean.  However, you may want to remove the following entries: R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Default_Page_URL = website: education.dellnet.com /
R1 - HKCU ...

Re: HijackThisLog Analysis - Didan
Re: HijackThisLog Analysis - Didan Date: Thursday, 15 July, 2004 9:13 AM
Here is what you should do. End the below suspicious process : C:\Paltalk\pnetaware.exe Remove these additional browser plug-in keys (O2...O4): O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe Reboot the computer and ...

Re: HijackThisLog Analysis - Costexx
Re: HijackThisLog Analysis - costexx Date: Thursday, 23 September, 2004 3:46 PM Message: The process dntus26.exe was also runing but i stoped that before. Response: DNTU26.EXE also suspected infection of W32/Deloder.worm.  Read this analysis. Here is what you should do. Remove these ...

Re: HijackThisLog Analysis - Nancy
Re: HijackThisLog Analysis - Nancy Date: 15 June, 2004 7:24 AM Following program found in [Add/Remove Software] Httper System Soap Pro 3.2-AC1 Zipclix MediaTickes ClockSync Task Manager shows: Remove the following keys: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:??www.hardcorevibe.com/pornvideo.php (Is just porn ads?)
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program ...

Re: HijackThisLog Analysis - Brown
Re: HijackThisLog Analysis - Brown Date: Sunday, 11 July, 2004 1:13 PM
Here is what you should do. Run Hijackthis again and remove these search keys: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:??my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:??my.netzero.net/s/search?r=minisearch
R1 ...

Re: HijackThisLog Analysis - Rob
Re: HijackThisLog Analysis - Rob Date: Wednesday, 14 July, 2004 8:42 AM 21 July, 2004 Rob wrote: Thanks for your help. It looks like I'm all cleaned up again. I wish this didn't happen at all but ...

Re: HijackThisLog Analysis - Lawrence
Re: HijackThisLog Analysis - Lawrence Date: Tuesday, 22 June, 2004 9:33 AM Looks like you have a Variants Traitor21 Trojan Virus on your computer plus a few bad search Adware. The virus may have already disabled or damage ...