Help required, multiple 627 change password attempts?

[sinky]

Hi, I'm looking for some help / reasurrance about a potential security issue on my PC and found my way to this forum via Hijack this.

After leaving my computer switched on overnight and finding it unexpectadly restarted i checked the system event log. I have noticed a large number of 627 change password failure audits from both NT AUTHORITY\SYSTEM and NT AUTHORITY\ANONYMOUS LOGON.
there around 30 failed 627 events usually followed by a succesfull change all happening within a few seconds.
In all cases the target account is mine( the only and administrator account).


I'm not really sure what i'm looking at but its got me worried as i thought this message was only generated by a user attempting to change password.
The other thing is that the large number of failed events seem to coocur every half hour or so. Is someone trying to hack my machine or is it a normal error message.

I'm have attempted to scan / clean my system with all the suggest utilities.
I have bitdefender 2009 and ZA installed and up to date.

Some experienced help would really be appreciated, especially if someone has time to go over my hijack this log.

thanks in advance
Sinky

 

[kimsland]

I haven't read your log yet. But I feel you should read here first:

Is your system infected? Read this before Cleaning or Formatting

Instead of cleaning, maybe format?
How do you feel about that?

In any case, you should change all Passwords immediately

 

[sinky]

Thanks for the advice. I hope that it will be possible for me to recover the system.

Formatting my windows partition is a possibility but i hope i can at least understand the cause of the problem first.

In the meantime i'm taking precations with my more sensative data.

Any thoughts on my hijack this log?

 

[kimsland]

I haven't looked still

Because I want you to backup and then install Windows clean
I think this is what you will eventually do anyway
Therefore no need to put time on the log

 

[geekygirl63]

And disconnect from the internet until you do because it sounds like someone has found an open port on your system and has exploited it. If running ZA for firewall you should look at the logs and you will be able to see the intrusions.

Agree with Kimsland. Backup your data and build from scratch. I would suggest running a cleanup too before the backup so that you don't back up a bunch of unnecessary temporary files.

I use Cleanup by Steven Gould. You can get it here.

http://www.stevengould.org/index.php?Itemid=69&id=15&option=com_content&task=view