Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Help Needed!


  • Please log in to reply
3 replies to this topic

#1 LACarr

LACarr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 June 2010 - 10:47 AM

Can anyone help?

I "started" my security logs on 5/17- although I am not sure why they didn't run automatically when XP installed. For two days. the events logged and then all Security Logs from 5/18 "disappeared"- and new events did not log. Suddenly, beginning June 1 events appear to log again although they display several failures and applications listening on unassigned ports. When I tried to view the System Files under Administrative Tools, they displayed briefly and then I received an error message saying that the system is corrupt. Now the contents don't display at all

I am new to Hijack This and New to My Bleeping Computer.
This is my Hijack This Log. Not sure how to move forward with this . Can anyone help?


Index % of PCs with item Code Data
28 0.0% P01 F:\Windows\Explorer.EXE

29 0.0% P01 F:\WINDOWS\System32\smss.exe

30 0.0% P01 F:\WINDOWS\system32\services.exe

31 0.0% P01 F:\WINDOWS\system32\lsass.exe

32 0.0% P01 F:\WINDOWS\system32\svchost.exe

33 0.0% P01 F:\WINDOWS\system32\winlogon.exe

34 0.0% P01 F:\WINDOWS\system32\spoolsv.exe

35 0.0% P01 F:\WINDOWS\system32\ctfmon.exe

36 0.0% P01 F:\Program Files\Internet Explorer\iexplore.exe

37 0.0% P01 F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

38 0.0% P01 F:\WINDOWS\system32\brss01a.exe

39 0.0% P01 F:\WINDOWS\system32\brsvc01a.exe

40 0.0% P01 F:\WINDOWS\system32\mmc.exe

41 0.0% P01 F:\Program Files\Analog Devices\SoundMAX\Smtray.exe

42 0.0% P01 F:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

43 0.0% P01 F:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

44 0.0% P01 F:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

45 0.0% P01 F:\Program Files\Common Files\Java\Java Update\jusched.exe

46 0.0% P01 F:\Documents and Settings\tom carr\Desktop\HijackThis.exe

47 0.0% P01 F:\Program Files\Java\jre6\bin\jqs.exe

48 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

49 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:58 PM

Posted 05 June 2010 - 11:41 AM

OK, let's start with finding out what your computer issues are??

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 LACarr

LACarr
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 June 2010 - 01:39 PM

OK, let's start with finding out what your computer issues are??


I found several files that were duplicates that ~$avelersguide.doc instead of travelersguide.doc. I have also found several photos/services that have multipe users when you tab to advanced.
Examples of users include CHAP, LANMAN, Everyone, Anonymous Log In and Unknown User.

The file Migration Wizard was frequently displayed in recently used programs until I figured out how to disable it. Also, the sound icon frequently displays in the tray.

I have also see in the events and using netstat, that several ports are being used as are processes that may or may not let me shut them down using the process tree.

Additionally, files not created by me have been added such as DrWatson DO NOT DELETE in recent documents. I moved my cursor with the intent to delete, the computer screen suddenly went blank and the file disappeared"

Those are a few of the issues. Thanks in advance for any ideas/

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:58 PM

Posted 05 June 2010 - 02:09 PM

Duplicate files best approach - leave them alone.
DrWatson is a legit Windows process.
No need to dig into Event Viewer, unless you have some computer issues.

Speaking of which, we still don't about what your computer issues are.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users