Hijack logs from Freddy. Can you analyze this for me please? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 02-18-2008, 03:19 PM   #1 (permalink)
Lookin' for higher ground
 
Join Date: Feb 2007
Location: Sacramento
Posts: 1,107
Thumbs up Hijack logs from Freddy. Can you analyze this for me please?

Hi again.

Ok, I ran the first four programs [smit, vun, cleaner, cleanup] and then after updating Panda, Panda said it had removed the malicious software. I am posting to see if anyone can see anything else that should not be there.

BTW my entire system seems to be running much faster now. Perhaps I should be using these programs on a consistent basis?

Thanks again!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:39 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\New Folder\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\New Folder\PsCtrls.exe
D:\New Folder\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\New Folder\pavsrv51.exe
D:\New Folder\AntiSpam\pskmssvc.exe
D:\New Folder\AVENGINE.EXE
d:\new folder\firewall\PSHOST.EXE
D:\New Folder\PsImSvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Microsoft Active Sync\wcescomm.exe
D:\Hallmark Card Studio\Planner\PLNRnote.exe
D:\MICROS~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
D:\New Folder\PavBckPT.exe
D:\New Folder\apvxdwin.exe
D:\New Folder\SRVLOAD.EXE
D:\New Folder\WebProxy.exe
D:\Program Files\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\DIRKF~1.BRU\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [APVXDWIN] "D:\New Folder\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "D:\New Folder\Inicio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft Active Sync\wcescomm.exe"
O4 - Global Startup: Event Planner Reminder.lnk = D:\Hallmark Card Studio\Planner\PLNRnote.exe
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1201414327367
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - D:\New Folder\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\New Folder\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\New Folder\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\New Folder\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - d:\new folder\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - D:\New Folder\PsImSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - D:\New Folder\TPSrv.exe

--
End of file - 8293 bytes



StartupList report, 2/18/2008, 11:25:13 AM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\DIRKF~1.BRU\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\New Folder\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\New Folder\PsCtrls.exe
D:\New Folder\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\New Folder\pavsrv51.exe
D:\New Folder\AntiSpam\pskmssvc.exe
D:\New Folder\AVENGINE.EXE
d:\new folder\firewall\PSHOST.EXE
D:\New Folder\PsImSvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Microsoft Active Sync\wcescomm.exe
D:\Hallmark Card Studio\Planner\PLNRnote.exe
D:\MICROS~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
D:\New Folder\PavBckPT.exe
D:\New Folder\apvxdwin.exe
D:\New Folder\SRVLOAD.EXE
D:\New Folder\WebProxy.exe
D:\Program Files\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\DIRKF~1.BRU\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Event Planner Reminder.lnk = D:\Hallmark Card Studio\Planner\PLNRnote.exe
Event Reminder.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

APVXDWIN = "D:\New Folder\APVXDWIN.EXE" /s
SCANINICIO = "D:\New Folder\Inicio.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
H/PC Connection Agent = "D:\Microsoft Active Sync\wcescomm.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
flashget urlcatch - D:\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
(no name) - D:\Program Files\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL - {955BE0B8-BC85-4CAF-856E-8E0D8B610560}
(no name) - D:\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA}

--------------------------------------------------

Enumerating Task Scheduler jobs:

!In_Touch.job
!Ultimate_Fighting.job
!Veggie Tales 2.job
!Veggie_Tales_1.job
In_Touch.job
Ultimate_Fighting.job
Veggie Tales 2.job
Veggie_Tales_1.job

--------------------------------------------------

Enumerating Download Program Files:

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/wind...?1201414327367

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: D:\New Folder\Downloads\ProtInfo\Prevent.sig||D:\New Folder\Downloads\PavExp\PavExp.sig||D:\New Folder\Downloads\Antispam\sc1.bin.full.2008.02.13. 23.47.00.sig||D:\New Folder\Downloads\ProtInfo\Prevent.sig


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 6,891 bytes
Report generated in 0.032 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
__________________

__________________
soarwitheagles is offline  
Old 02-18-2008, 06:06 PM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Hijack logs from Freddy. Can you analyze this for me please?

What did it remove from here?
__________________

__________________
Osiris is offline  
Old 02-18-2008, 08:32 PM   #3 (permalink)
Lookin' for higher ground
 
Join Date: Feb 2007
Location: Sacramento
Posts: 1,107
Default Re: Hijack logs from Freddy. Can you analyze this for me please?

Quote:
Originally Posted by Osiris View Post
What did it remove from here?
Sorry, Os. I think after reading your post I realize perhaps I was suppose to take a Hijack pic before and after?

Is that how it works?

Freddy
__________________
soarwitheagles is offline  
Old 02-18-2008, 08:44 PM   #4 (permalink)
Super Techie
 
Join Date: Nov 2007
Location: Null
Posts: 300
Default Re: Hijack logs from Freddy. Can you analyze this for me please?

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

coolwebsearch I believe. other than that it looks ok.

*EDIT*

Sorry, that is a known windows process, it is ok.
__________________

Rig:
LONG VERSION:
eMachines T5062
Single-core AMD Athlon 64 3800+ (UC'd to 1.06 GHZ)
256MB 667MHz DDR2 - Nvidia GeForce 6150SE (integrated)
20GB 4800rpm IDE - Eight channel (7.1) Audio
Windows ME... and Playing Crysis at 1 fps

SHORT VERSION:
Hard-Core
mcovalt is offline  
Old 02-19-2008, 06:52 AM   #5 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Hijack logs from Freddy. Can you analyze this for me please?

Quote:
Originally Posted by mcovalt View Post
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

coolwebsearch I believe. other than that it looks ok.

*EDIT*

Sorry, that is a known windows process, it is ok.
You know, this is why only TF SECURITY MEMBERS are supposed to do these logs. What if cftmon.exe was a critical system process and you told him to remove it and it screwed up his system, now what? Oh well to him/her right?? Luckily it's not, and only part of office. I have been sitting back and watching mulitple members instruct one log poster on how to remove items, sometimes they are wrong, sometimes they are correct. Frankly, I really don't want to do these logs anymore because of this. If you was to visit another forum that you wasn't a part of the log reading team, you wouldn't be analyzing the logs. This forum isn't big enough to have multiple log readers so I really haven't been asking anyone to help out. There's nothing wrong with helping out but if you dont know what you are doing 99%-100% of the time, then you don't need to be giving advice. I'm not saying I'm perfect as I do miss an entry here and there but to date I have never screwed up any members computers, I cant say the same for one member on here.
__________________
Osiris is offline  
Old 02-19-2008, 07:25 AM   #6 (permalink)
Techalicious
 
Redmo0n's Avatar
 
Join Date: Aug 2007
Location: Perth, Australia
Posts: 1,566
Send a message via MSN to Redmo0n
Default Re: Hijack logs from Freddy. Can you analyze this for me please?

Quote:
You know, this is why only tech forums SECURITY MEMBERS are supposed to do these logs. What if cftmon.exe was a critical system process and you told him to remove it and it screwed up his system, now what? Oh well to him/her right?? Luckily it's not, and only part of office. I have been sitting back and watching mulitple members instruct one log poster on how to remove items, sometimes they are wrong, sometimes they are correct. Frankly, I really don't want to do these logs anymore because of this. If you was to visit another forum that you wasn't a part of the log reading team, you wouldn't be analyzing the logs. This forum isn't big enough to have multiple log readers so I really haven't been asking anyone to help out. There's nothing wrong with helping out but if you dont know what you are doing 99%-100% of the time, then you don't need to be giving advice. I'm not saying I'm perfect as I do miss an entry here and there but to date I have never screwed up any members computers, I cant say the same for one member on here.

I never knew that, if you don't want me to help with logs anymore just say and ill leave them to you and mak, or what about if it put at the end of each time i analyze a log that the person should wait for you or mak's ok, before deleting the files.

Also have i stuffed anything up?
__________________
Back to stay?
Redmo0n is offline  
Old 02-19-2008, 09:42 AM   #7 (permalink)
Super Techie
 
Join Date: Nov 2007
Location: Null
Posts: 300
Default Re: Hijack logs from Freddy. Can you analyze this for me please?

Quote:
Originally Posted by Osiris View Post
You know, this is why only tech forums SECURITY MEMBERS are supposed to do these logs. What if cftmon.exe was a critical system process and you told him to remove it and it screwed up his system, now what? Oh well to him/her right?? Luckily it's not, and only part of office. I have been sitting back and watching mulitple members instruct one log poster on how to remove items, sometimes they are wrong, sometimes they are correct. Frankly, I really don't want to do these logs anymore because of this. If you was to visit another forum that you wasn't a part of the log reading team, you wouldn't be analyzing the logs. This forum isn't big enough to have multiple log readers so I really haven't been asking anyone to help out. There's nothing wrong with helping out but if you dont know what you are doing 99%-100% of the time, then you don't need to be giving advice. I'm not saying I'm perfect as I do miss an entry here and there but to date I have never screwed up any members computers, I cant say the same for one member on here.

Well alright then. I am actually not stupid with hijack this. If you see, I edited the post literally 2 seconds after I posted it, realizing my stupid mistake. But if you want to be the one and only designated log reader, go for it. It's no chip of my shoulder.
__________________

Rig:
LONG VERSION:
eMachines T5062
Single-core AMD Athlon 64 3800+ (UC'd to 1.06 GHZ)
256MB 667MHz DDR2 - Nvidia GeForce 6150SE (integrated)
20GB 4800rpm IDE - Eight channel (7.1) Audio
Windows ME... and Playing Crysis at 1 fps

SHORT VERSION:
Hard-Core
mcovalt is offline  
Old 02-19-2008, 09:31 PM   #8 (permalink)
Lookin' for higher ground
 
Join Date: Feb 2007
Location: Sacramento
Posts: 1,107
Wink Re: Hijack logs from Freddy. Can you analyze this for me please?

I just wanted to say thank you for posting all the information about the process on how to work this through. Do you realize I would have been totally lost if you guys had not posted that sequence of events to do to move toward a virus/spyware free rig?

So, Mak and Os, thank you from the bottom of my heart!

And I agree with the way you have set up this forum...I kind of think it is best if the more sensitive issues are left to security members because one mistake could cause a person to literally lose 1-3 weeks of their life [the amount of time it has taken me to download and install all programs and updates].

So you have saved me an enormous amount of frustration and confusion. You have accurately empowered me to clean my system of a very serious threat. You have also helped me to speed up my system in a way I never dreamed possible.

Do you realize just last year my laptop was infected in a way that I could not undo, simply because I had no knowledge. I spent several days reformatting and then reinstalling everything. You have saved me from having to do that with my desktop. Man, that is way cool.

Thank you so much. I hope you will not give up or stop the good work you are doing here.

It is me,

Thankful Freddy
__________________
soarwitheagles is offline  
Old 02-20-2008, 07:19 AM   #9 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Hijack logs from Freddy. Can you analyze this for me please?

Quote:
Originally Posted by Redmo0n View Post
I never knew that, if you don't want me to help with logs anymore just say and ill leave them to you and mak, or what about if it put at the end of each time i analyze a log that the person should wait for you or mak's ok, before deleting the files.

Also have i stuffed anything up?

It's a sticky on this forum
And no you didn't mess anything up
__________________
Osiris is offline  
Old 02-20-2008, 07:21 AM   #10 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Hijack logs from Freddy. Can you analyze this for me please?

Quote:
Originally Posted by mcovalt View Post
Well alright then. I am actually not stupid with hijack this. If you see, I edited the post literally 2 seconds after I posted it, realizing my stupid mistake. But if you want to be the one and only designated log reader, go for it. It's no chip of my shoulder.
I didn't say you or anyone was stupid. I know it may not seem like a lot of time but 2 seconds is plenty of time to mess a system up because once they see your reply, they go ahead with the removal and only then to come back and see that you edited your post with a different answer. I just don't want to see anyone messing up their pc any worse than they already are.
__________________

__________________
Osiris is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hijack logs mayaseattle HijackThis Logs (finished) 2 10-27-2007 07:23 PM
hijack this analyze j12 HijackThis Logs (finished) 11 06-15-2007 02:45 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:14 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.