Suspect rootkits - HJT log attached

Oceanwatcher · 12-Sep-2008, 03:37 PM #1

This is PC number 2 of 4. The first one was cleaned in this thread:

http://forums.techguy.org/malware-re...ound-need.html

I ran HJT before doing anything.

Then Spybot, FSecure BlackLight, Rootkit Revealer, MBAM and SDFix. I have all the logs, but to keep the zero replies, I only post the first log, HJT. Will post the rest as soon as I get an answer here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:58, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Eset\nod32krn.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\arquivos de programas\asus\Probe\AsusProb.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\MULTI-MEDIA OPTICAL MOUSE\MULTI-MEDIA OPTICAL MOUSE\1.4\MOUSE32A.EXE
C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.BIN
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ASUS Probe] c:\arquivos de programas\asus\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\MULTI-MEDIA OPTICAL MOUSE\MULTI-MEDIA OPTICAL MOUSE\1.4\MOUSE32A.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [\\Julio\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P34 "\\Julio\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Suitcase 11.0.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Arquivos de programas\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9048 bytes

cybertech · 15-Sep-2008, 10:32 AM #2

The log looks fine.

Any problems with the machine?

Oceanwatcher · 17-Sep-2008, 12:06 PM #3

Well, there seem to be a few similarities in how the computer behaves to another PC on the same network. Slow, taking a long time opening some things.

I am far away from the PC right now, but will get back there during the week-end. But I have the logs from running a few tools. And the computer looked VERY clean in several of them. In fact, I have never seen Spybot not finding anything but a DoubleClick cookie on first run! And we usually say that if something looks too good to be true, it usually is

But there was one log showing the longest list I have seen so far... I will post all logs now and let you judge for yourself.

Here is the SpyBot log:

--- Report generated: 2008-09-08 20:24 ---

Hint of the Day: Click the bar at the right of this to see more information! ()

DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-09-08 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-09-02 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-02 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-02 Includes\Keyloggers.sbi (*)
2008-09-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-09-02 Includes\Malware.sbi (*)
2008-09-02 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-09-02 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-02 Includes\Spyware.sbi (*)
2008-09-02 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-09-03 Includes\Trojans.sbi (*)
2008-09-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Oceanwatcher · 17-Sep-2008, 12:08 PM #4

FSecure BlackLight log:

09/08/08 20:33:18 [Info]: BlackLight Engine 1.0.70 initialized
09/08/08 20:33:18 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/08/08 20:33:18 [Note]: 7019 4
09/08/08 20:33:18 [Note]: 7005 0
09/08/08 20:33:22 [Note]: 7006 0
09/08/08 20:33:22 [Note]: 7011 1288
09/08/08 20:33:22 [Note]: 7035 0
09/08/08 20:33:22 [Note]: 7026 0
09/08/08 20:33:23 [Note]: 7026 0
09/08/08 20:33:25 [Note]: FSRAW library version 1.7.1024
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:39:51 [Note]: 2000 1012
09/08/08 20:40:17 [Note]: 7007 0

Oceanwatcher · 17-Sep-2008, 12:19 PM #5

I looked through the last post and got a little concerned. There are a few e-mail addresses there and they are open for the world to read and harvest. I think you should consider closing world readbility in this forum and also making sure no search engines will index this particular forum....

Oceanwatcher · 17-Sep-2008, 12:22 PM #6

MAMB log.

Malwarebytes' Anti-Malware 1.27
Database version: 1130
Windows 5.1.2600 Service Pack 2

8/9/2008 21:32:00
mbam-log-2008-09-08 (21-32-00).txt

Scan type: Quick Scan
Objects scanned: 41733
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Oceanwatcher · 17-Sep-2008, 12:24 PM #7

SDFix log:

SDFix: Version 1.222
Run by Flávia on seg 08/09/2008 at 21:38

Microsoft Windows XP [vers o 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 22:18:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOW S\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Arquivos de programas\\Vono\\Softfone Vono\\System\\Vono.exe"="C:\\Arquivos de programas\\Vono\\Softfone Vono\\System\\Vono.exe:*:Enabled:Vono"
"F:\\Portable programs\\Skype\\skype\\Skype.exe"="F:\\Portable programs\\Skype\\skype\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"F:\\Portable programs\\vlc-0.8.6d\\vlc.exe"="F:\\Portable programs\\vlc-0.8.6d\\vlc.exe:*:Enabled:VLC media player"
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

Files with Hidden Attributes :

Tue 3 Aug 2004 60,416 A.SH. --- "C:\Arquivos de programas\Outlook Express\msimn.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Mon 21 Apr 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dd11bad8e5a7cea8026809f9bebc822d\ BIT26.tmp"

Finished!

Oceanwatcher · 17-Sep-2008, 12:26 PM #8

This is all I have right now. The logs have been posted in chronological order. Let me know if you want a re-post of any of them.

cybertech · 17-Sep-2008, 01:26 PM #9

Quote:

Originally Posted by Oceanwatcher

I looked through the last post and got a little concerned. There are a few e-mail addresses there and they are open for the world to read and harvest. I think you should consider closing world readbility in this forum and also making sure no search engines will index this particular forum....

I deleted the post.

I did not see anything bad in that. It looks like messenger logs.

All of the log look fine.

What kind of machine is this?

Oceanwatcher · 17-Sep-2008, 11:41 PM **#10**

It is a work pc that they use for revising translations of books. So it is not a pc that is in heavy use on internet although it is connected and running Skype as well as a few other things.

Any other programs I should use to check things when I get there?

cybertech · 18-Sep-2008, 01:43 PM **#11**

Check the default printer and make sure it's working.

Check all mapped drives and make sure they are accessable, if not disconnect them.

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!