Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Event Log Entries Indicate....cracked?...hacked?


  • Please log in to reply
2 replies to this topic

#1 quill

quill

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 19 November 2006 - 06:35 PM

The following log files were generated at a time when I was not present and my computer was turned off
it appears (to me, at least) that to have created these entries, one must have bypassed (or cracked) both the BIOS and windows passwords. Can any one tell me what has occurred here and what I can do to prevent future occurences of this nature?

system log:
Type Date Time Source Category Event User ComputerInformation 10/28/2006 8:40:50 PM eventlog None 6006 N/A PC120716747189
Error 10/28/2006 8:40:49 PM Service Control Manager None 7026 N/A PC120716747189
Error 10/28/2006 8:40:49 PM Service Control Manager None 7001 N/A PC120716747189
Error 10/28/2006 8:40:49 PM Service Control Manager None 7001 N/A PC120716747189
Error 10/28/2006 8:40:49 PM Service Control Manager None 7001 N/A PC120716747189
Error 10/28/2006 8:40:49 PM Service Control Manager None 7001 N/A PC120716747189
Error 10/28/2006 8:40:48 PM DCOM None 10005 SYSTEM PC120716747189
Error 10/28/2006 8:39:39 PM DCOM None 10005 SYSTEM PC120716747189
Error 10/28/2006 8:39:28 PM DCOM None 10005 Administrator PC120716747189
Information 10/28/2006 8:39:03 PM eventlog None 6005 N/A PC120716747189
Information 10/28/2006 8:39:03 PM eventlog None 6009 N/A PC120716747189
Information 10/28/2006 8:37:49 PM eventlog None 6006 N/A PC120716747189
Information 10/28/2006 8:18:39 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:34 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:33 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:33 PM Service Control Manager None 7035 Bryan PC120716747189
Information 10/28/2006 8:18:33 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:33 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:33 PM Service Control Manager None 7035 SYSTEM PC120716747189
Information 10/28/2006 8:18:33 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:32 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:32 PM Service Control Manager None 7035 SYSTEM PC120716747189
Information 10/28/2006 8:18:32 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:32 PM Service Control Manager None 7035 SYSTEM PC120716747189
Information 10/28/2006 8:18:32 PM Service Control Manager None 7035 SYSTEM PC120716747189
Information 10/28/2006 8:18:32 PM Service Control Manager None 7036 N/A PC120716747189
Information 10/28/2006 8:18:32 PM Service Control Manager None 7035 SYSTEM PC120716747189
Error 10/28/2006 8:18:32 PM Service Control Manager None 7000 N/A PC120716747189
Error 10/28/2006 8:18:32 PM Service Control Manager None 7009 N/A PC120716747189
Information 10/28/2006 8:17:59 PM eventlog None 6005 N/A PC120716747189
Information 10/28/2006 8:17:59 PM eventlog None 6009 N/A PC120716747189


Security Log:


Success Audit 10/28/2006 8:40:49 PM Security Logon/Logoff 538 Administrator PC120716747189
Success Audit 10/28/2006 8:40:47 PM Security Logon/Logoff 551 Administrator PC120716747189
Success Audit 10/28/2006 8:39:18 PM Security Privilege Use 576 Administrator PC120716747189
Success Audit 10/28/2006 8:39:18 PM Security Logon/Logoff 528 Administrator PC120716747189
Success Audit 10/28/2006 8:39:18 PM Security Account Logon 680 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:18 PM Security Logon/Logoff 538 Administrator PC120716747189
Success Audit 10/28/2006 8:39:18 PM Security Privilege Use 576 Administrator PC120716747189
Success Audit 10/28/2006 8:39:18 PM Security Logon/Logoff 528 Administrator PC120716747189
Success Audit 10/28/2006 8:39:18 PM Security Account Logon 680 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:07 PM Security Policy Change 806 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security Privilege Use 576 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security Logon/Logoff 528 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 518 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:39:03 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:37:49 PM Security System Event 513 SYSTEM PC120716747189
Success Audit 10/28/2006 8:37:43 PM Security Logon/Logoff 551 Bryan PC120716747189
Success Audit 10/28/2006 8:18:41 PM Security Privilege Use 576 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:18:41 PM Security Logon/Logoff 528 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:18:40 PM Security Privilege Use 576 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:18:40 PM Security Logon/Logoff 528 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 850 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 850 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 850 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 850 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 850 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 850 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 850 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 849 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 849 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 849 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 849 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 849 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Policy Change 848 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Privilege Use 576 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:33 PM Security Logon/Logoff 528 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:32 PM Security Privilege Use 576 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:32 PM Security Logon/Logoff 528 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:31 PM Security Privilege Use 576 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:31 PM Security Logon/Logoff 528 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:31 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:31 PM Security Policy Change 615 NETWORK SERVICE PC120716747189
Failure Audit 10/28/2006 8:18:31 PM Security Policy Change 615 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:18:31 PM Security Logon/Logoff 540 ANONYMOUS LOGON PC120716747189
Success Audit 10/28/2006 8:18:09 PM Security Privilege Use 576 Bryan PC120716747189
Success Audit 10/28/2006 8:18:09 PM Security Logon/Logoff 528 Bryan PC120716747189
Success Audit 10/28/2006 8:18:09 PM Security Account Logon 680 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:04 PM Security Policy Change 806 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:00 PM Security Privilege Use 576 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:00 PM Security Logon/Logoff 528 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:00 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:00 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:00 PM Security System Event 515 SYSTEM PC120716747189
Failure Audit 10/28/2006 8:18:00 PM Security Logon/Logoff 529 SYSTEM PC120716747189
Failure Audit 10/28/2006 8:18:00 PM Security Account Logon 680 SYSTEM PC120716747189
Failure Audit 10/28/2006 8:18:00 PM Security Logon/Logoff 529 SYSTEM PC120716747189
Failure Audit 10/28/2006 8:18:00 PM Security Account Logon 680 SYSTEM PC120716747189
Success Audit 10/28/2006 8:18:00 PM Security Privilege Use 576 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:18:00 PM Security Logon/Logoff 528 LOCAL SERVICE PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security Privilege Use 576 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security Logon/Logoff 528 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security Privilege Use 576 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security Logon/Logoff 528 NETWORK SERVICE PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 518 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 515 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 514 SYSTEM PC120716747189
Success Audit 10/28/2006 8:17:59 PM Security System Event 514 SYSTEM PC120716747189
thanks for any info anyone can provide

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:27 AM

Posted 03 December 2006 - 02:43 AM

Hello:

I see you are being helped here: http://www.bleepingcomputer.com/forums/t/72601/is-maxreexe-malware/

I would suggest you tell SifuMike about this issue and paste in the link to this topic in addition to what he has already asked you for.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:27 AM

Posted 03 December 2006 - 09:14 AM

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

As Orange Blossom advised, tell SifuMike about this issue.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users