A question for any experienced users that frequent the site (if you have a minute!)... I always have a browse through the HJT logs that people post on here. I don't feel I'm able to safely advise anyone on what to do with theirs but I've noticed every log on here (and other sites it seems) is absolutely massive. When I run HJT this I get a handful of running processes and maybe 10 lines in the second part. Is this more common for a clean system? Or do a lot of clean systems have 75 line HJT logs as well?

You have two things going for you, a clean system and 2000, instead of XP.

Hi _SB_, I think this link may interest you HJT Log Tutorial (Merigin.org) Regards i_XpUser

And to add, to capt's response. ...and not a lot of bells and whistles. What I mean is, you don't have a lot of extra add on stuff. Sounds like mine. I run it, and wonder if I have ;-) Yes, the things that are suppose to be there, ect., are there, on mine ;-) But, it does look, like I'm missing things. If I compare it, to others. J CrazyOne

capt, Just thought about that again :-) By "clean system", did you mean clean of parasites, or as I said, add ons. Every time I see the words "clean system" anymore, I think of parisites (virus, worms, trojans, bots, dialers, ect.) If it was the later, whoops, sorry about that ;-) CrazyOne

A sample from a "clean" system with very few bells and whistles loaded: (Yes, I just pulled off every protection but Spy Sweeper for test purposes yesterday, so don't be alarmed). Logfile of HijackThis v1.98.0 Scan saved at 1:11:19 PM, on 7/17/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft Office\Office\FINDFAST.exe C:\Program Files\Microsoft Office\Office\OSA.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Clay Sanger\My Documents\Adware-Virus-071504\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{3F04E14A-BE6A-4080-8A90-C48ADE4E25A6}: NameServer = none of your business Something I tend to look for when I first sit down to do a clean out on a machine: Running processes. Kind of gives me a quick overview as to what kind of mess I have on my hands. I have seen XP machines with 40-50 running processes, and they were barely functioning. When I get done with them, that number is frequently whittled down to half that. Some machines are so bad off that most of their "energy" is being put into running malware. After a while, you get to where you can spot alien/malicious processes at a glance. You just start to recognize what should and shouldn't be there. Of couse, some very legitimate processes and entries look very suspicious. You have to be very careful. Practice makes perfect. And yes, that is MY HJT log. Its almost naked, just like I like it. :) PS: If you think Hijack Logs are bad, you should look at a complete log from SpyBot or Ad-Aware. Then you'll think Hijack Logs are simple! AOSCLAY PEBKAC, baby

That still looks massive! Maybe I only installed half of my OS? :-) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVG6\avgserv.exe D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe D:\WINNT\System32\svchost.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\svchost.exe D:\WINNT\Explorer.exe D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe D:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp O4 - HKCU\..\Run: [Mozilla Quick Launch] "D:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA44401-8380-4F65-8A0B-ED5E8F69F7E3}: NameServer = 192.168.0.1