Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Should I remove this? (hjt-log)


  • Please log in to reply
6 replies to this topic

#1 G-Sun

G-Sun

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:03:34 AM

Posted 13 August 2010 - 06:09 AM

Hi!

My pc is showing a few signs of infections..

I've..
- CCCleaner, cleaned files, register and startup
- Malwarebytes' Anti-Malware: Scanned and cleaned

From the HiJackThis-log I'm wondering about these entries:
(They where all marked in red in http://hjt.networktechs.com/parse.php?log=845875)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - 
C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - 
C:\WINDOWS\system32\browseui.dll

What do you think? Remove?
(I'd like to ask you first before doing something wrong..)

Thanks!

Edited by G-Sun, 13 August 2010 - 06:10 AM.


BC AdBot (Login to Remove)

 


#2 Blathnat

Blathnat

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:34 PM

Posted 13 August 2010 - 12:46 PM

Do not remove those entries. Hijackthis might seem like an inoffensive utility but you can easily damage your system using it without sufficient knowledge.

#3 G-Sun

G-Sun
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:03:34 AM

Posted 14 August 2010 - 06:02 AM

Do not remove those entries. Hijackthis might seem like an inoffensive utility but you can easily damage your system using it without sufficient knowledge.

Thanks a lot!
So, do you consider these entries harmless?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:34 PM

Posted 14 August 2010 - 10:46 AM

Do not remove anything.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:34 AM

Posted 14 August 2010 - 11:57 AM

All these entries are indeed harmless and should not be removed from your computer.

Do not remove those entries. Hijackthis might seem like an inoffensive utility but you can easily damage your system using it without sufficient knowledge.

This is correct. Automatic log analyzers are not to be trusted; if entries are legit or not depends on many things: file locations, operating system, and so on. Some malware imitates legit entries very cleverly in such a way that an automatic analyzer is easily fooled.

Here at BC only trained helpers are allowed to analyze HJT logs (just like other logs that are HJT-alike, i.e. DDS, OTL). This is not without a good reason; a lot of damage can be done when things are removed that not should be removed.


Also a general warning about Registry Cleaners:

I don't personally recommend the use of ANY registry cleaners for several reasons.

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.Finally, if you are looking for malware removal help, please follow the steps in this guide

Edited by elise025, 14 August 2010 - 03:09 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 G-Sun

G-Sun
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:03:34 AM

Posted 14 August 2010 - 02:22 PM

Thanks a lot!
Good to get some more info on registry cleaning.
I'll have to give my cleaning-practice a second thought..

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:34 AM

Posted 14 August 2010 - 03:10 PM

You're welcome. Please let me know if you need any more help. :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users