Please help - HJT LOG

Status
Not open for further replies.
More information

Its my work computer...!! Thera are some company programs runing and remote acess.

Thanks
 
Download and install Adaware Here

REBOOT in SAFE MODE (press F8 a few times when booting or see how
Here

XP/ME only: DISABLE SYSTEM RESTORE, see how Here .

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how Here .

Run Hijackthis: Put a check mark next to
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

and this if it has nothing to do with your network:
O14 - IERESET.INF: START_PAGE_URL=http://intranet.emb

Click fix checked

Run Adaware and remove any problems found.

Restart the computer and turn System Restore back on. Post a fresh HJT log if problems persist and I'm sure Howard can help he is the expert!!!
 
Thanks!

Everything just fine again!

Just one more thing... my Task Manager acess still disabled. (when I press ctrl+alt+del) How can I turn it on again?

Thanks!
 
Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

LW69C0.EXE
HSIWrapper.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [HSInventory] C:\HSI\HSIWrapper.exe

Fix all 016-DPF entries

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.ad.emb
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.ad.emb
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sjk.emb,corp.ad.emb
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.ad.emb
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = sjk.emb,corp.ad.emb
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sjk.emb,corp.ad.emb

Only fix the above 017 entries, if they don`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINNT\TEMP\LW69C0.EXE

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard :wave: :wave:
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html



Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there)

sysbr.exe
QR4D63.EXE

Close task manager.

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Sysconfig] C:\WINNT\system32\Sysbr\sysbr.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINNT\TEMP\QR4D63.EXE
C:\WINNT\system32\Sysbr\sysbr.exe

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard :)
 
Status
Not open for further replies.
Back