| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 89261 | 2008-04-25 13:20:00 | hijack this plz | password (5384) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 662556 | 2008-04-25 13:20:00 | Could someone have a look at this, my pc has been really action up but i cant seem to find the problem.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:41 AM, on 4/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Documents and Settings\Matt\Desktop\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background O4 - HKCU\..\Run: [Virtual DAEMON Manager] C:\Program Files\DAEMON Tools\daemon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5415 bytes Thanks NAV |
password (5384) | ||
| 662557 | 2008-04-25 15:50:00 | Did you check it out here.... www.hijackthis.de Jaymom |
Jaymom (13668) | ||
| 662558 | 2008-04-25 19:30:00 | What does this do?? It looks suss to me C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe Put HJT in its own folder run it then tick this, then tick fix checked Close browsers O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k |
Speedy Gonzales (78) | ||
| 662559 | 2008-04-25 22:27:00 | Hey speedie, it just seems to lock up and stop, then when i go to open task manager it wont open and it comes up with this big error.... And also sometimes when i open firefox or nero it comes up with this program has to close, then under details it said the problem was firefox.exe or nero.exe and the mod name keeps changing... any ideas? |
password (5384) | ||
| 662560 | 2008-04-25 22:29:00 | What big error? What does that say? Whats that Wincare program do?? That sounds suss to me |
Speedy Gonzales (78) | ||
| 662561 | 2008-04-25 22:41:00 | It says something like "windows has to terminate this program" then it has the big "OK" button Wincare was ment to be a windows care thing..www.spotmau.com But its caused more problems then its worth |
password (5384) | ||
| 662562 | 2008-04-25 22:45:00 | Uninstall Wincare then. Then reboot then see what happens |
Speedy Gonzales (78) | ||
| 662563 | 2008-04-25 22:48:00 | ok yup i just did that, i will get back to you if it happens again =) Thank you very very much Speedie =) | password (5384) | ||
| 662564 | 2008-04-25 22:50:00 | No probs :) | Speedy Gonzales (78) | ||
| 662565 | 2008-04-26 01:52:00 | Ahhhhhh Here we go speedie, it happened again, i was using ff and playing a game as it loaded... slow internet..... and it locked up on me.... everything stopped working so i got ff closed and tryed to open up task manager, and it came up with this... Attached file: lockup.jpg (www.imagef1.net.nz) (98 KB) To make anything work again, i have to do a restart by pressing the button, (its a laptop) Any ideas? |
password (5384) | ||
| 1 2 3 | |||||