Official forum for Utopia Community

You are not logged in.

#1 2021-03-29 13:10:21

Registered: 2021-01-11
Posts: 93

HJT Log Analysis

Please look here https://www.techspot.com/vb/topic114567.html last post

Hi people, my PC I believed has been infected by virus (?) Well most likely, well I've done a HijackThis Log and wish for an analysis of the log.

Some symptoms is .. that the PC constantly restarts every now and then when I log on to a Windows Account. Most programs that I attempt to launch fail and result with an Error msg. Therefore I couldn't run the 8 step removal guide, but I did manage to do the CCleaner (because I had it installed previously).

Logging on to the windows account not in safe mode, usually crashes within the first few minute making it hard to actually run any processes. My anti-virus is Eset, but Eset also crashes while loads making it impossible to do a virus scan and during safe mode scanning also seems to close unexpectedly. To put it simply programs eventually crash when running.

Well I hope for the best and thank those whom help. Thanks!


#2 2021-03-29 13:15:46

Registered: 2021-01-11
Posts: 66

Re: HJT Log Analysis

Can HJT be run in normal mode? Can any of your virus scanners work in safe mode?
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\sdktemp.exe (file missing)
This entry hints you have been infected with a rootkit. But I cant be sure what causes your crashes, could be RAM or something else.

To be sure, please try downloading Panda antirootkit from HERE. Let us know the results of the scan.


#3 2021-03-29 22:13:51

Registered: 2021-03-22
Posts: 4

Re: HJT Log Analysis

You can download rescue disk from different av vendors, burn it to a USB with RUFUS, boot the pc from USB and run AV scan from there.


#4 2021-03-30 08:09:01

Registered: 2021-01-11
Posts: 64

Re: HJT Log Analysis

Do not fix O10 entry. Trained volunteer is needed.
O10 - Broken Internet access because of LSP provider 'c:\program files\netlimiter\nl_lsp.dll' missing

Disable these services. HJT fix check should accomplish this.
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\sdktemp.exe (file missing)

HJT fix check these entries
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Up to this point, no files are deleted.

Download ONLY the programs found in the 8-step Malware Removal Guide.

Caution: Our trained volunteers may substitute different tools from what is cited below:

Reason from HJT tutorial –
Seek advice from an experienced user when fixing these errors. It is also advised that you use LSPFix, see link below, to fix these.

You should use extreme caution when deleting these objects if it is removed without properly fixing the gap in the chain, you can have loss of Internet access.
There is a tool designed for this type of issue that would probably be better to use, called LSPfix. For a great list of LSP and whether or not they are valid you can visit Zupe's LSP List


Board footer

Powered by FluxBB