lamuskrat

Members
 View Profile  See their activity

  • Content Count

    193

  • Joined

  • Last visited

 Content Type 

Posts posted by lamuskrat

  4. Hijack This Log Team?

    in Open Chat

    Posted

    Chappy is right,

    It will take hard work and dedication, I have been a member at SWI / boot camp for sometime now and still haven't even tested (scared I guess). Just when you think you have a handle on somethings, the CREEPS come out with something new or some variant. It is an neverending battle. Come and join the fight. It is very rewarding to assist others and get them back up and running.

    Note: Chappy if I recall you helped me get in at SWI. Thanks, now all I do is spend hours upon hours fighting malware. I thought this internet thing was suppose to be fun. Seems like alot of work.....:P:angry::);)

  8. What Do You Think?

    in Open Chat

    Posted

    Sidekick and Blim

    Thanks for the words of wisdom. What my heart says and what my head says are two different things. I can't afford to loose my job at present and that would probably be the outcome. I am a sub-contractor who works there regularly. I have a good working repor with my colleagues from the plant, and don't wish to be black-balled (banned).

  11. What Do You Think?

    in Open Chat

    Posted

    I was at a well known industrial plant today. While speaking to my contact he explained some computer problems he was having when I noticed his cursor moving all by itself. The MAJOR corp. was utilizing remote assistance, and had installed Adaware SE personal edition on his pc and was attempting to clean it of malware. I also noticed that they did not know the correct settings to properly clean his system, so I volunteered a few tweaks. My point is... isn't that the free end user (home user) edition, and shouldn't they have purchased the product for commercial use? It wouldn't chap my a%^ so bad if they were a small mom and pop business, but this is a global Major corp. that throws money away at the drop of a hat...(you would be surprised at the monetary waste there, and you and I pay for it everytime we shop at the store), should I report them to the makers of Adaware or just keep my mouth shut.

    He found 98 items in the first scan, after my tweaks he found another 112, yes I feel guilty for my minimal participation, but I was helping a good co-worker.

    Any opinions on this matter...?

  14. My Apologies To All

    in Open Chat

    Posted

    No problem Dave...

    haven't read your post and don't really care too, I know coming from you it had to have some validity. You are one of the the most respected persons in this (and other) forums.

    I know you to be sincere and honest and most importantly very conscience of others needs and willing to help....

    for this you are to be applauded...

    Keep up the good work....my friend. :D

  15. Any Suggestions

    in Spyware/Adware Information

    Posted

    Please help with DLL list and reg keys/.....

    Homepage · What is Kill Spyware ? · What We want from YOU Forums Search Members Calendar

    Logged in as: lamuskrat ( Log Out ) My Controls · 0 New Messages · View New Posts · My Assistant

    Please support Subratam.org

    Subratam.org -> Kill Spyware Forums -> Security -> HijackThis Logs and Malware Removal

    Useful Tools

    Useful Tools

    HijackThis | Spybot S&D | AdAware | CWShredder | Online Virus Scan | For more information please click here

    help with HJT log?

    Track this topic | Email this topic | Print this topic

    lamuskrat Posted: Apr 28 2005, 12:37 AM

    Newbie

    Group: Members

    Posts: 6

    Member No.: 1740

    Joined: 14-April 05

    For some strange reason my boot time has gotten to be extremely long and the only thing I can find that is out of ordinary is when I opened Codestuff starter its showing 80 for winlogon.exe. So heres my HJT log:

    Logfile of HijackThis v1.99.1

    Scan saved at 7:22:17 PM, on 4/27/2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Sygate\SPF\smc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\Program Files\Common Files\Command Software\dvpapi.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

    C:\Documents and Settings\lamuskrat\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110843264265

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe

    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    I must have missed something???

    Win xp pro

    Intel p4 3.06

    1 gig ddr ram

    No new hardware or software added (except alternative browsers, when my FF upgrade failed and caused FF to keep crashing)

    --------------------Thanks in advance!

    --------------------

    Lamuskrat

    little eagle Posted: Apr 28 2005, 02:07 AM

    Member

    Group: Security Assistant

    Posts: 87

    Member No.: 386

    Joined: 13-July 04

    You didn't miss a thing you just have to AV's running. Not a good idea.

    Although you could kill these

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    --------------------

    If my advice has helped you and you would like to donate click here.

    Then stop in and say HI here

    lamuskrat Posted: Apr 28 2005, 09:33 PM

    Newbie

    Group: Members

    Posts: 6

    Member No.: 1740

    Joined: 14-April 05

    I know I have two, I usually disable AVG after my e-mail scan. Still confused about the high percentage for winlogon.exe though.

    Bye the way thanks,

    --------------------

    Lamuskrat

    little eagle Posted: Apr 29 2005, 01:28 AM

    Member

    Group: Security Assistant

    Posts: 87

    Member No.: 386

    Joined: 13-July 04

    WinLogon.exe is the Windows NT login manager. It handles the login and logout procedures on your system.

    winlogon.exe is a process which is registered as the W32.Netsky.D@mm worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open it’s hostile attachment. The worm has it’s own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.

    Go here and run online scans, allow them to delete whatever they find:

    TrendMicro HouseCall

    eTrust AntiVirus Web Scanner

    Note any thing that can't be fixed

    Reboot when done. Rescan with HJT and post a new log here.

    --------------------

    If my advice has helped you and you would like to donate click here.

    Then stop in and say HI here

    lamuskrat Posted: Apr 29 2005, 01:21 PM

    Newbie

    Group: Members

    Posts: 6

    Member No.: 1740

    Joined: 14-April 05

    Well while were on the subject here is a dll log for winlog, could someone check it too... Module information for 'winlogon.exe'

    MODULE BASE SIZE PATH

    winlogon.exe 1000000 524288 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon Application

    ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL

    kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL

    ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API

    RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime

    AUTHZ.dll 776c0000 69632 C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Authorization Framework

    msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL

    CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32

    USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL

    GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL

    MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs

    NDdeApi.dll 75940000 32768 C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network DDE Share Management APIs

    PROFMAP.dll 75930000 40960 C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv

    NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL

    USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv

    PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper

    REGAPI.dll 76bc0000 61440 C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Registry Configuration APIs

    Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface

    SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API

    VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries

    WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library

    WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs

    IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper

    WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL

    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT

    MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL

    SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) Windows Shell Common Dll

    SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Light-weight Utility Library

    COMCTL32.dll 5d090000 618496 C:\WINDOWS\system32\COMCTL32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library

    ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager

    comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL

    comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library

    odbcint.dll 20000000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources

    SHSVCS.dll 776e0000 143360 C:\WINDOWS\system32\SHSVCS.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell Services Dll

    Apphelp.dll 77b40000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library

    sfc.dll 76bb0000 20480 C:\WINDOWS\system32\sfc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection

    sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection

    ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows

    WINSCARD.DLL 723d0000 114688 C:\WINDOWS\system32\WINSCARD.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Smart Card API

    WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs

    WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL

    sxs.dll 75e90000 720896 C:\WINDOWS\system32\sxs.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5

    rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider

    wldap32.dll 76f60000 180224 C:\WINDOWS\system32\wldap32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL

    UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library

    SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL

    mpr.dll 71b20000 73728 C:\WINDOWS\system32\mpr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL

    wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper

    xpsp2res.dll 1300000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages

    NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider

    msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper

    MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter

    midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper

    Will run both scans and post back

    Thank you...

    --------------------

    Lamuskrat

    1 User(s) are reading this topic (0 Guests and 0 Anonymous Users)

    1 Members: lamuskrat

    « Next Oldest | HijackThis Logs and Malware Removal | Next Newest »

    Fast Reply

    Show Smilies Pop Up Window | Enable Smilies | Enable Signature

    Close Topic Options

    Track this topic

    Receive email notification when a reply has been made to this topic and you are not active on the board.

    Subscribe to this forum

    Receive email notification when a new topic is posted in this forum and you are not active on the board.

    Download / Print this Topic

    Download this topic in different formats or view a printer friendly version.

    Forum Home Search Help The Site - FAQ - Catherine's Corner - Announcements - Comments, Suggestions and Ideas - Tools/Softwares Security - Special fixes - Canned messages - The Archive Desk - HijackThis Logs and Malware Removal - Security Tips - Protecting Online Privacy & Security Ad-aware Support - Ad-aware Support Forum Threats - Adware/Spyware - Viruses/Worms - Trojans/Backdoors Security Tools - Antispyware - Firewalls - AntiVirus/AntiTrojans Operating Systems - Windows 9x/Me - Windows NT/2k/XP - Windows 2003/Future versions - Linux/Unix - Macintosh Computing and Support - Software Lounge - Networking Lounge - Hardware Lounge - Programs & PC Troubleshooting & Discussions Polls - Polls -> Security - Polls -> Non-Security Updates and Alerts - Current Affairs - Security Warnings - Security Update Announcements Fly Away - Open Space - Sassy Talks ---- Introductions - Open Chatroom - Leave a message - Test Place

    THIS DID NOT COME OUT RIGHT!!!!!!

    [ Script Execution time: 0.0838 ] [ 12 queries used ] [ GZIP Enabled ]

    Powered by Invision Power Board(U) v1.3.1 Final © 2003 IPS, Inc.

  17. Just How Big Are We

    in Open Chat

    Posted

    here a thinker. BestTechie is now up to 418 members, a lot of which are newbies that haven't posted yet. what would you classify us as and why? a town, a village, small city, or what? or maybe were more of a just and internet club, or a community?

    yeah i know another weird question from me. but it's fun.

    hmmm 418 members, i wander how many lurkers we get?

    Unincorporated Community ;)

    thats pretty good,

    how about a township...close yet unrelated community

  20. A Plug For Our Board

    in On The Web

    Posted

    PeteC is a very nice guy and didn't deserve the BS they put him through over there. I always took his advice. If he tells you something in advice/repair or dealing with HJT logs take heed. I don't know how or where he got his pc training, but I trust him implicitly. I even made a post "Pete for President"....lol

  25. Flaws In Mozilla Browsers Soar

    in Security Alerts

    Posted

    I gave him the nickname "linkmaster". I don't know how he does it, but you ask a question over at G4 and he'll respond with a half a page of links. I wish I was as quick and on top of things as Sultan is. He seems to always have the latest news on any [particular subject.

    Good job Sultan, thanks for the heads-up.