Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: hijack this plz

  1. #1
    Regular Forum Dweller password's Avatar
    Join Date
    Aug 2007
    Location
    Invercargill
    Posts
    925

    Default hijack this plz

    Could someone have a look at this, my pc has been really action up but i cant seem to find the problem....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:22:41 AM, on 4/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Documents and Settings\Matt\Desktop\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
    O4 - HKCU\..\Run: [Virtual DAEMON Manager] C:\Program Files\DAEMON Tools\daemon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131505205729
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 5415 bytes

    Thanks NAV

  2. #2
    Junior Member
    Join Date
    Apr 2008
    Posts
    4

    Default Re: hijack this plz

    Did you check it out here.... http://www.hijackthis.de/index.php?langselect=english

    Jaymom

  3. #3
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: hijack this plz

    What does this do?? It looks suss to me

    C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe

    Put HJT in its own folder run it then tick this, then tick fix checked

    Close browsers

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

  4. #4
    Regular Forum Dweller password's Avatar
    Join Date
    Aug 2007
    Location
    Invercargill
    Posts
    925

    Default Re: hijack this plz

    Hey speedie, it just seems to lock up and stop, then when i go to open task manager it wont open and it comes up with this big error....

    And also sometimes when i open firefox or nero it comes up with this program has to close, then under details it said the problem was firefox.exe or nero.exe and the mod name keeps changing... any ideas?

  5. #5
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: hijack this plz

    What big error? What does that say?

    Whats that Wincare program do?? That sounds suss to me

  6. #6
    Regular Forum Dweller password's Avatar
    Join Date
    Aug 2007
    Location
    Invercargill
    Posts
    925

    Default Re: hijack this plz

    It says something like "windows has to terminate this program" then it has the big "OK" button

    Wincare was ment to be a windows care thing..http://www.spotmau.com/products/pack...m?SSAID=229705
    But its caused more problems then its worth

  7. #7
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: hijack this plz

    Uninstall Wincare then.

    Then reboot then see what happens

  8. #8
    Regular Forum Dweller password's Avatar
    Join Date
    Aug 2007
    Location
    Invercargill
    Posts
    925

    Default Re: hijack this plz

    ok yup i just did that, i will get back to you if it happens again =) Thank you very very much Speedie =)

  9. #9
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: hijack this plz

    No probs

  10. #10
    Regular Forum Dweller password's Avatar
    Join Date
    Aug 2007
    Location
    Invercargill
    Posts
    925

    Default Re: hijack this plz

    Ahhhhhh Here we go speedie, it happened again, i was using ff and playing a game as it loaded... slow internet..... and it locked up on me.... everything stopped working so i got ff closed and tryed to open up task manager, and it came up with this... Attached file: lockup.jpg (98 KB)

    To make anything work again, i have to do a restart by pressing the button, (its a laptop)
    Any ideas?

Similar Threads

  1. Hijack this.
    By password in forum PressF1
    Replies: 2
    Last Post: 24-03-2008, 02:38 PM
  2. Hijack log
    By kjaada in forum PressF1
    Replies: 2
    Last Post: 31-08-2007, 10:56 AM
  3. Hijack.
    By Cicero in forum PressF1
    Replies: 39
    Last Post: 12-03-2007, 10:30 AM
  4. hijack this
    By rawkus1020 in forum PressF1
    Replies: 4
    Last Post: 16-08-2006, 03:12 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •