| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 78158 | 2007-04-05 08:30:00 | Is my PC hijacked? 3am restarts. | the_bogan (9949) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 538445 | 2007-04-05 08:30:00 | I leave my PC on most nights, generally because I'm in the middle of a game and can't be bothered restarting halfway through. Even though I make sure the phone line is disconnected, every now and then, I look at it in the morning, and it's decided to restart itself. Looking at altered files in the windows search menu, I can see most system start up files have been altered just after 3am. This is my hijackthis log. What have I let in that might be causing this? Any help much appreciated. Logfile of HijackThis v1.99.1 Scan saved at 7:16:40 p.m., on 5/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\Fast.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Bogan\LOCALS~1\Temp\Rar$EX02.735\Hijac kThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{706569D0-DC1A-4294-8C51-B14D80C31169}: NameServer = 203.96.152.4 203.96.152.12 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe Edit: Somehow the windows update has decided to install at 3am... that problem solved. |
the_bogan (9949) | ||
| 538446 | 2007-04-05 09:30:00 | Nothing Nasty in there just a couple of things you can remove. I would recommend to remove the following entries (if you want). Put HiJackThis into it's own folder, run it and tick these entries. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe |
radium (8645) | ||
| 538447 | 2007-04-05 09:55:00 | could be a power spike, hot water ripple control or power correction kicking in/off (i can't remeber the standard times the use). what PSU does the pc have ? |
tweak'e (69) | ||
| 538448 | 2007-04-05 10:01:00 | I used to get these but i found out it was installing updates.. check updates and see when they will install etc.. | w000t (11562) | ||
| 538449 | 2007-04-05 10:09:00 | Edit: Somehow the windows update has decided to install at 3am... that problem solved. Does this mean that you solved the problem of the 3am restarts? Or are they still occurring? |
FoxyMX (5) | ||
| 538450 | 2007-04-05 10:50:00 | Windows by default will install updates AT 3AM. Fracking annoying it was too. |
bob_doe_nz (92) | ||
| 538451 | 2007-04-05 13:27:00 | 3 AM is the time many power stations shed loads and/or switch from one generator to another as they feel that time is pretty good for not interfering with much human-related things like televisions, cooking, lights etc . The "power spike" is usually just shedding a load and switching to another supply system . . . sometimes for repairs, sharing line-hour clocks or such . In the US, bars close at 2 AM and all the drunks go home or wherever they go in that condition, so 3 AM is a safe time to blink the lights as it were, and change the power grid in some small way . Drunks don't seem to notice or even care if they do . Most heavy equipment is OFF at that time too, so the loss for a ¼ second or so doesn't really affect the user . . . ie factories, cement plants, manufacturing facilities, retail outlets etc . This is the best time for the power grid to be messed with for the least interruption to users . Computers however are usually set to restart after a power loss or glitch . . . unless you have a UPS unit . Just check your settings under Control Panel>>System>>Advanced>>Startup and click on the Settings Button and unclick Automatic Restart knob . That way if you have a glitch or whatever, the puter will go off and stay that way; if it was off, it'll not restart when it senses the glitch . This is usually the case if you have the puter in "hibernate" mode . Try the "Windows Key", "U", then "U" for a full shutdown . "Windows Key", "U" then "R" will restart the system and using the "S" as the last key will put it in "Sleep Mode" . |
SurferJoe46 (51) | ||
| 538452 | 2007-04-05 21:49:00 | I leave my PC on most nights, generally because I'm in the middle of a game and can't be bothered restarting halfway through. So why not just save the game? |
pctek (84) | ||
| 538453 | 2007-04-06 21:59:00 | So why not just save the game? And redo two to three hours worth of game time? The game in question, Diablo II, if you save, you go back to a certain point in the game. |
the_bogan (9949) | ||
| 538454 | 2007-04-07 01:01:00 | check the bios for preset startup times i've seen this happen | drcspy (146) | ||
| 1 | |||||