Suspicious logfile ???

Suspicious logfile ???

Secure Home | Search | About

Login Password

Microsoft Antivirus Discussions

Post an article

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Suspicious logfile ???

*rain.drops*

06-06-2007

Re: Suspicious logfile ???

Malke

Re: Suspicious logfile ???

*rain.drops*

Re: Suspicious logfile ???

Malke

Posted by *rain.drops* on June 6, 2007, 4:13 pm

If you were Registered and logged in, you could reply and use other advanced thread options

(BTW, I still can't get into safe mode; still freezes at mup.sys;
asked again in performance NG).

I have this logfile in my C: directory:

caisslog.txt

It purports to be from PestPatrol and contains this key:
EHX8Y-ECYXL-XY1ML-4IGKW. Odd, since I've never had a key for PP!

Is this a sign of nefarious activity?

PS:
Where can I DL HIJACKTHIS and what NG do I posts the results in?

Thanks, guys.

*rain.drops*

Posted by Malke on June 6, 2007, 5:02 pm

If you were Registered and logged in, you could reply and use other advanced thread options

*rain.drops* wrote:

> (BTW, I still can't get into safe mode; still freezes at mup.sys;

> asked again in performance NG).

>

> I have this logfile in my C: directory:

>

> caisslog.txt

>

> It purports to be from PestPatrol and contains this key:

> EHX8Y-ECYXL-XY1ML-4IGKW. Odd, since I've never had a key for PP!

>

> Is this a sign of nefarious activity?

>

> PS:

> Where can I DL HIJACKTHIS and what NG do I posts the results in?

Hijack This - where to post logs, etc.:

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/

You can get HJT at AumHa - http://aumha.org/downloads/hijackthis.zip

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by *rain.drops* on June 6, 2007, 6:21 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Malke, thanks for the links.. I like the new HijackThis and the codes
for listing items. I was able to clear out several annoyances. But I
still have QUESTIONS about a couple of entries.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.toshibadirect.com/dpdstart
        Q: Since this is a Toshiba laptop ... but I don't like that
start page. It keeps resetting, even after HJT kills it.

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
        Q: There are several igfx*** dll files. Is this one OK? Or is
it a bad AppInit_DLL?

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file
missing)
        Q: What does this mean?

Thank you! Rain
--------------------------------------------------

wrote:

>*rain.drops* wrote:

>> (BTW, I still can't get into safe mode; still freezes at mup.sys;

>> asked again in performance NG).

>>

>> I have this logfile in my C: directory:

>>

>> caisslog.txt

>>

>> It purports to be from PestPatrol and contains this key:

>> EHX8Y-ECYXL-XY1ML-4IGKW. Odd, since I've never had a key for PP!

>>

>> Is this a sign of nefarious activity?

>>

>> PS:

>> Where can I DL HIJACKTHIS and what NG do I posts the results in?

>

>Hijack This - where to post logs, etc.:

>

>http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn

>http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -

>another tutorial

>http://aumha.net/ - Click on the HijackThis forum. Read the announcement

>and the stickies *first*.

>http://www.atribune.org/forums/index.php?showforum=9

>http://aumha.net/viewforum.php?f=30

>http://www.bleepingcomputer.com/forums/forum22.html

>http://castlecops.com/forum67.html

>http://www.dslreports.com/forum/cleanup

>http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

>http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

>http://gladiator-antivirus.com/forum/index.php?showforum=170

>http://spywarewarrior.com/viewforum.php?f=5

>http://forums.techguy.org/54-security/

>http://forums.tomcoyote.org/

>

>You can get HJT at AumHa - http://aumha.org/downloads/hijackthis.zip

>

>

>Malke

Posted by Malke on June 6, 2007, 8:06 pm

If you were Registered and logged in, you could reply and use other advanced thread options

*rain.drops* wrote:

> Malke, thanks for the links.. I like the new HijackThis and the codes

> for listing items. I was able to clear out several annoyances. But I

> still have QUESTIONS about a couple of entries.

>

> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

> http://www.toshibadirect.com/dpdstart

> Q: Since this is a Toshiba laptop ... but I don't like that

> start page. It keeps resetting, even after HJT kills it.

>

> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

> Q: There are several igfx*** dll files. Is this one OK? Or is

> it a bad AppInit_DLL?

>

> O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -

> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file

> missing)

> Q: What does this mean?

You should do as I suggested. Register at one of the forums such as
AumHa - or one of the other many links I gave you - and get expert help.
Analyzing HJT links takes a great deal of time and expertise. You will
not get the attention you need in these newsgroups. The HJT forums I
gave you are the correct venue for that.

I would need to see your entire HJT log in order to answer your
questions and I won't do that here in the MS newsgroups.

Make
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Similar Threads	Posted
2 small questions about Avira logfile	April 8, 2008, 3:20 pm
Suspicious E-Mail Messages	January 13, 2007, 4:37 am
Re: Please help me interpret a suspicious netstat SYN_SENT TCP port 1058 ?	February 25, 2006, 1:04 am

The site map in XML format XML site map

Contact Us | Privacy Policy