Home > Hijackthis Log > HiJackTHis Log Posted - Plz Help

HiJackTHis Log Posted - Plz Help

User is a member of group BUILTIN\Administrators. Required The image(s) in the solution article did not display properly. Help us fight Enigma Software's lawsuit! (Click on the above link to learn more) Become a BleepingComputer fan: FacebookFollow us on Twitter! Good job Lawrence Abrams Don't let BleepingComputer be silenced. check over here

All rights reserved. It is Forum Policy that we only help home users in the HJT Forum and your machine clearly comes from a corporate environment. This will ensure your computer has always the latest security updates available installed on your computer. Here's the log:-----------------------------------------------------------------------------------------------Logfile of HijackThis v1.97.7Scan saved at 11:02:15 AM, on 6/30/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged C:\WINDOWS\SYSTEM32\DLLCACHE\ notepad.exe Sun Jun 27 2004 8:35:26p A.... 66,048 64.50 K 1 item found: 1 file, 0 directories. I do not see anything wrong with it at all. Help us fight Enigma Software's lawsuit! (Click on the above link to learn more) Become a BleepingComputer fan: FacebookFollow us on Twitter!

Copy the contents of that file into a reply to this post. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: (NI) ALLOW Read BUILTIN\Users (IO) ALLOW Read BUILTIN\Users (NI) ALLOW Read BUILTIN\Power Users (IO) ALLOW Read BUILTIN\Power Users (NI) ALLOW Full access BUILTIN\Administrators How exactly do you use the info from the log?

What was the problem with this solution? Without a firewall your computer can be more easily infected. In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. Actually currently trying to edit contents with another program.

At that time I usually run ad-ware & spybot, which shows coolwebsearch infections & possible hijack-attempt. Here's my new log:-----------------------------------------------------------------------------------------------Logfile of HijackThis v1.97.7Scan saved at 1:19:09 PM, on 6/30/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton Tick the checkbox of the malicious entry, then click Fix Checked.   Check and fix the hostfile Go to the "C:\Windows\System32\Drivers\Etc" directory, then look for the hosts file. Contact Support.

You don't need it anymore***********************Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If When it is completed it will automatically open a notepad window called Log.txt. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.Event ID #1900: ErrorEvent Submitted/Written: 08/12/2007 10:12:02 AMEvent Total of file sizes: 57,344 bytes 56.00 K unknown/hidden files...

Hang with us on LockerDomeCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector Simple and easy ways to keep your computer safe and secure on the Internet http://exomatik.net/hijackthis-log/hijackthis-log-posted-infected-with-antispyware.php Lawrence Abrams Don't let BleepingComputer be silenced. Here is my new log, plz say my system is now clean Adam-----------------------------------------------------------------------------------------------Logfile of HijackThis v1.97.7Scan saved at 3:00:09 PM, on 7/2/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: (NI) ALLOW Read BUILTIN\Users (IO) ALLOW Read BUILTIN\Users (NI) ALLOW Read BUILTIN\Power Users (IO) ALLOW Read BUILTIN\Power Users (NI) ALLOW Full access BUILTIN\Administrators

As far as Spybot & Spyware, I can't download Spybot & Spyware doesn't install properly(has an error possibly cuz of virus). Register now to gain access to all of our features, it's FREE and only takes one minute. Help us fight Enigma Software's lawsuit! (Click on the above link to learn more) Become a BleepingComputer fan: FacebookFollow us on Twitter! this content CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled.

Lawrence Abrams Don't let BleepingComputer be silenced. So I then run CWShredder, which states it removed the components of CWS, but then it all keeps coming back. The memory used by the user's registry has not been freed.

It is used to block a lot of suspicious items from the net.

Back to top #25 fivestar fivestar Topic Starter Members 22 posts OFFLINE Local time:06:07 PM Posted 06 July 2004 - 01:08 PM Well, once again I'm running into some problems, Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Click on the Scan button and when it is finished click on the Save Log button. Mon 07/05/2004 7:49pm up 0 days, 0:04 ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗***LOG!***╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Scanning for file(s)... ╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗ ╗╗╗╗╗ (*1*) ╗╗╗╗╗ ......... ╗╗Locked or 'Suspect' file(s) found...

You have any ideas or suggestions for a one-time fix, that would eliminate it from returning? Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Help us fight Enigma Software's lawsuit! (Click on the above link to learn more) Become a BleepingComputer fan: FacebookFollow us on Twitter! have a peek at these guys User is a member of group \Everyone.

Help us fight Enigma Software's lawsuit! (Click on the above link to learn more) Become a BleepingComputer fan: FacebookFollow us on Twitter! You should run both programs and clean up what it finds. C:\WINDOWS\SYSTEM32\DLLCACHE\ notepad.exe Sun Jun 27 2004 8:35:26p A.... 66,048 64.50 K 1 item found: 1 file, 0 directories. d l l vk vk X UDeviceNotSelecte 00001250:dTimeout 1 5 ( W 9 0 !

Hang with us on LockerDomeCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector Simple and easy ways to keep your computer safe and secure on the Internet Close however everything keeps coming back. The solution did not provide detailed procedure.

A Notepad window will open with the contents of this log. HiJackThis Log Posted - Plz Help! C:\WINDOWS\ notepad.exe Sun Jun 27 2004 8:35:26p A.... 66,048 64.50 K 1 item found: 1 file, 0 directories. Plz help me Hi LoneVagabond, After reading your log I regret to inform you that Webuser will be unable to help on this occassion.

Sniffed -> C:\JUNKXXX\COMCFK.222 **File C:\JUNKXXX\COMCFK.222 0000DEBE: 67 44 65 76 69 63 65 00 . 00 53 74 72 65 61 6D 69 gDevice. .Streami 0000DED3: 63 65 53 65 74 Lawrence Abrams Don't let BleepingComputer be silenced. Others.