shawnselig

Members
  • Content Count

    6
  • Joined

  • Last visited

Everything posted by shawnselig

  1. Logfile of HijackThis v1.99.1 Scan saved at 4:04:12 PM, on 07/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\sys
  2. "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"] "DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ISUSSchedule
  3. C:\Documents and Settings\Administrator.D3S6H341\Desktop PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\SYSTEM32\cpuinf32.dll: UPX! C:\WINDOWS\SYSTEM32\kl_upx.exe: UPX! C:\WINDOWS\SYSTEM32\kl_upx.exe: >UPX!t C:\WINDOWS\SYSTEM32\kl_upx.exe: t[hUPX! C:\WINDOWS\SYSTEM32\kl_upx.exe: MThUPX!PQ C:\WINDOWS\SYSTEM32\kl_upx.exe: hUPX! C:\WINDOWS\SYSTEM32\kl_upx.exe: hUPX! C:\WINDOWS\
  4. 07/18/2005 8:38:42 AM ccPwdSvc Information None 1 NT AUTHORITY\SYSTEM D3S6H341 Application started 07/18/2005 8:25:42 AM ccPwdSvc Information None 1 NT AUTHORITY\SYSTEM D3S6H341 Application started 07/18/2005 8:25:15 AM Userenv Warning None 1517 NT AUTHORITY\SYSTEM D3S6H341 Windows saved user D3S6H341\barb selig registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the
  5. 07/18/2005 8:42:57 AM Service Control Manager Information None 7036 N/A D3S6H341 The ewido security suite guard service entered the stopped state. 07/18/2005 8:38:54 AM Service Control Manager Information None 7036 N/A D3S6H341 The Symantec Password Validation service entered the stopped state. 07/18/2005 8:38:42 AM Service Control Manager Information None 7036 N/A D3S6H341 The Symantec Password Validation service entered the running state. 07/18/2005 8:38:42 AM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM D3S6H341 The Symantec Password Validation service was successfully
  6. Logfile of HijackThis v1.99.1 Scan saved at 8:30:56 AM, on 07/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\C