lamuskrat
-
Content Count
193 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by lamuskrat
-
-
lmao...
-
Now I'm confused...lol
-
Chappy is right,
It will take hard work and dedication, I have been a member at SWI / boot camp for sometime now and still haven't even tested (scared I guess). Just when you think you have a handle on somethings, the CREEPS come out with something new or some variant. It is an neverending battle. Come and join the fight. It is very rewarding to assist others and get them back up and running.
Note: Chappy if I recall you helped me get in at SWI. Thanks, now all I do is spend hours upon hours fighting malware. I thought this internet thing was suppose to be fun. Seems like alot of work.....
-
Good one...
-
LMAO....good ones, keep em coming.
-
First let me say thanks to all for the words of wisdom and understanding my dilemna. I have made no effort as of yet to take corrective measures.
Again thanks for the valuable advice.
-
Sidekick and Blim
Thanks for the words of wisdom. What my heart says and what my head says are two different things. I can't afford to loose my job at present and that would probably be the outcome. I am a sub-contractor who works there regularly. I have a good working repor with my colleagues from the plant, and don't wish to be black-balled (banned).
-
Sultan..you can't leave, I have so mush more to learn from you. Your the Linkmaster
Welcome Home
-
Reality check...good one
-
I was at a well known industrial plant today. While speaking to my contact he explained some computer problems he was having when I noticed his cursor moving all by itself. The MAJOR corp. was utilizing remote assistance, and had installed Adaware SE personal edition on his pc and was attempting to clean it of malware. I also noticed that they did not know the correct settings to properly clean his system, so I volunteered a few tweaks. My point is... isn't that the free end user (home user) edition, and shouldn't they have purchased the product for commercial use? It wouldn't chap my a%^ so bad if they were a small mom and pop business, but this is a global Major corp. that throws money away at the drop of a hat...(you would be surprised at the monetary waste there, and you and I pay for it everytime we shop at the store), should I report them to the makers of Adaware or just keep my mouth shut.
He found 98 items in the first scan, after my tweaks he found another 112, yes I feel guilty for my minimal participation, but I was helping a good co-worker.
Any opinions on this matter...?
-
Cool, I'm not as nerdy as my wife thinks...29%
-
Thanks Chappy,
Will enjoy this tweak, and your tutorial was very easy to follow. Sure hope you post some more reg tweaks.
-
No problem Dave...
haven't read your post and don't really care too, I know coming from you it had to have some validity. You are one of the the most respected persons in this (and other) forums.
I know you to be sincere and honest and most importantly very conscience of others needs and willing to help....
for this you are to be applauded...
Keep up the good work....my friend.
-
Please help with DLL list and reg keys/.....
Homepage · What is Kill Spyware ? · What We want from YOU Forums Search Members Calendar
Logged in as: lamuskrat ( Log Out ) My Controls · 0 New Messages · View New Posts · My Assistant
Please support Subratam.org
Subratam.org -> Kill Spyware Forums -> Security -> HijackThis Logs and Malware Removal
Useful Tools
Useful Tools
HijackThis | Spybot S&D | AdAware | CWShredder | Online Virus Scan | For more information please click here
help with HJT log?
Track this topic | Email this topic | Print this topic
lamuskrat Posted: Apr 28 2005, 12:37 AM
Newbie
Group: Members
Posts: 6
Member No.: 1740
Joined: 14-April 05
For some strange reason my boot time has gotten to be extremely long and the only thing I can find that is out of ordinary is when I opened Codestuff starter its showing 80 for winlogon.exe. So heres my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:22:17 PM, on 4/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Documents and Settings\lamuskrat\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110843264265
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
I must have missed something???
Win xp pro
Intel p4 3.06
1 gig ddr ram
No new hardware or software added (except alternative browsers, when my FF upgrade failed and caused FF to keep crashing)
--------------------Thanks in advance!
--------------------
Lamuskrat
little eagle Posted: Apr 28 2005, 02:07 AM
Member
Group: Security Assistant
Posts: 87
Member No.: 386
Joined: 13-July 04
You didn't miss a thing you just have to AV's running. Not a good idea.
Although you could kill these
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
--------------------
If my advice has helped you and you would like to donate click here.
Then stop in and say HI here
lamuskrat Posted: Apr 28 2005, 09:33 PM
Newbie
Group: Members
Posts: 6
Member No.: 1740
Joined: 14-April 05
I know I have two, I usually disable AVG after my e-mail scan. Still confused about the high percentage for winlogon.exe though.
Bye the way thanks,
--------------------
Lamuskrat
little eagle Posted: Apr 29 2005, 01:28 AM
Member
Group: Security Assistant
Posts: 87
Member No.: 386
Joined: 13-July 04
WinLogon.exe is the Windows NT login manager. It handles the login and logout procedures on your system.
winlogon.exe is a process which is registered as the W32.Netsky.D@mm worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open it’s hostile attachment. The worm has it’s own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
Go here and run online scans, allow them to delete whatever they find:
TrendMicro HouseCall
eTrust AntiVirus Web Scanner
Note any thing that can't be fixed
Reboot when done. Rescan with HJT and post a new log here.
--------------------
If my advice has helped you and you would like to donate click here.
Then stop in and say HI here
lamuskrat Posted: Apr 29 2005, 01:21 PM
Newbie
Group: Members
Posts: 6
Member No.: 1740
Joined: 14-April 05
Well while were on the subject here is a dll log for winlog, could someone check it too... Module information for 'winlogon.exe'
MODULE BASE SIZE PATH
winlogon.exe 1000000 524288 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon Application
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
AUTHZ.dll 776c0000 69632 C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Authorization Framework
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL
GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
NDdeApi.dll 75940000 32768 C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network DDE Share Management APIs
PROFMAP.dll 75930000 40960 C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
REGAPI.dll 76bc0000 61440 C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Registry Configuration APIs
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Light-weight Utility Library
COMCTL32.dll 5d090000 618496 C:\WINDOWS\system32\COMCTL32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
odbcint.dll 20000000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
SHSVCS.dll 776e0000 143360 C:\WINDOWS\system32\SHSVCS.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell Services Dll
Apphelp.dll 77b40000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
sfc.dll 76bb0000 20480 C:\WINDOWS\system32\sfc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows
WINSCARD.DLL 723d0000 114688 C:\WINDOWS\system32\WINSCARD.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Smart Card API
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
sxs.dll 75e90000 720896 C:\WINDOWS\system32\sxs.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
wldap32.dll 76f60000 180224 C:\WINDOWS\system32\wldap32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
mpr.dll 71b20000 73728 C:\WINDOWS\system32\mpr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
xpsp2res.dll 1300000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
Will run both scans and post back
Thank you...
--------------------
Lamuskrat
1 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
1 Members: lamuskrat
« Next Oldest | HijackThis Logs and Malware Removal | Next Newest »
Fast Reply
Show Smilies Pop Up Window | Enable Smilies | Enable Signature
Close Topic Options
Track this topic
Receive email notification when a reply has been made to this topic and you are not active on the board.
Subscribe to this forum
Receive email notification when a new topic is posted in this forum and you are not active on the board.
Download / Print this Topic
Download this topic in different formats or view a printer friendly version.
Forum Home Search Help The Site - FAQ - Catherine's Corner - Announcements - Comments, Suggestions and Ideas - Tools/Softwares Security - Special fixes - Canned messages - The Archive Desk - HijackThis Logs and Malware Removal - Security Tips - Protecting Online Privacy & Security Ad-aware Support - Ad-aware Support Forum Threats - Adware/Spyware - Viruses/Worms - Trojans/Backdoors Security Tools - Antispyware - Firewalls - AntiVirus/AntiTrojans Operating Systems - Windows 9x/Me - Windows NT/2k/XP - Windows 2003/Future versions - Linux/Unix - Macintosh Computing and Support - Software Lounge - Networking Lounge - Hardware Lounge - Programs & PC Troubleshooting & Discussions Polls - Polls -> Security - Polls -> Non-Security Updates and Alerts - Current Affairs - Security Warnings - Security Update Announcements Fly Away - Open Space - Sassy Talks ---- Introductions - Open Chatroom - Leave a message - Test Place
THIS DID NOT COME OUT RIGHT!!!!!!
[ Script Execution time: 0.0838 ] [ 12 queries used ] [ GZIP Enabled ]
Powered by Invision Power Board(U) v1.3.1 Final © 2003 IPS, Inc.
-
OK call me stupid...
I did the coupon thing and checked the conf. e-mail...so where is the download or did I royally goof this up...lol
TIME FOR ANOTHER BEER!
Nevermind...Oh wretched man I am
-
here a thinker. BestTechie is now up to 418 members, a lot of which are newbies that haven't posted yet. what would you classify us as and why? a town, a village, small city, or what? or maybe were more of a just and internet club, or a community?
yeah i know another weird question from me. but it's fun.
hmmm 418 members, i wander how many lurkers we get?
Unincorporated Community
thats pretty good,
how about a township...close yet unrelated community
-
I too have installed SP2 (from M$ cd) and have yet to have any problems....running xp pro and have some open source software....no problems
-
I use it quite frequently just to see if I'm infected (which thank God I haven't been) and it has never caused any pc issues.
-
PeteC is a very nice guy and didn't deserve the BS they put him through over there. I always took his advice. If he tells you something in advice/repair or dealing with HJT logs take heed. I don't know how or where he got his pc training, but I trust him implicitly. I even made a post "Pete for President"....lol
-
Well you beat me to it again...lol
-
Good catch Tg1911
-
Dude that was an excellent tip...
I tried it on Firefox and thunderbird, both of which are on my second partition and both open alot faster.
-
Might want to try DeepBurner. I use it and have yet to have problems.
-
I gave him the nickname "linkmaster". I don't know how he does it, but you ask a question over at G4 and he'll respond with a half a page of links. I wish I was as quick and on top of things as Sultan is. He seems to always have the latest news on any [particular subject.
Good job Sultan, thanks for the heads-up.
Prayer
in The Comedy Club
Posted
Ditto...RV56