hijack this plz

**password** · 26-04-2008, 12:20 AM

Could someone have a look at this, my pc has been really action up but i cant seem to find the problem....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:41 AM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Desktop Secretary] "C:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - HKCU\..\Run: [Virtual DAEMON Manager] C:\Program Files\DAEMON Tools\daemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131505205729
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5415 bytes

Thanks NAV

**Jaymom** · 26-04-2008, 02:50 AM

Did you check it out here.... http://www.hijackthis.de/index.php?langselect=english

Jaymom

**Speedy Gonzales** · 26-04-2008, 06:30 AM

What does this do?? It looks suss to me

C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe

Put HJT in its own folder run it then tick this, then tick fix checked

Close browsers

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

**password** · 26-04-2008, 09:27 AM

Hey speedie, it just seems to lock up and stop, then when i go to open task manager it wont open and it comes up with this big error....

And also sometimes when i open firefox or nero it comes up with this program has to close, then under details it said the problem was firefox.exe or nero.exe and the mod name keeps changing... any ideas?

**Speedy Gonzales** · 26-04-2008, 09:29 AM

What big error? What does that say?

Whats that Wincare program do?? That sounds suss to me

**password** · 26-04-2008, 09:41 AM

It says something like "windows has to terminate this program" then it has the big "OK" button

Wincare was ment to be a windows care thing..http://www.spotmau.com/products/pack...m?SSAID=229705
But its caused more problems then its worth

**Speedy Gonzales** · 26-04-2008, 09:45 AM

Uninstall Wincare then.

Then reboot then see what happens

**password** · 26-04-2008, 09:48 AM

ok yup i just did that, i will get back to you if it happens again =) Thank you very very much Speedie =)

**Speedy Gonzales** · 26-04-2008, 09:50 AM

No probs

**password** · 26-04-2008, 12:52 PM

Ahhhhhh Here we go speedie, it happened again, i was using ff and playing a game as it loaded... slow internet..... and it locked up on me.... everything stopped working so i got ff closed and tryed to open up task manager, and it came up with this... Attached file: lockup.jpg (98 KB)

To make anything work again, i have to do a restart by pressing the button, (its a laptop)
Any ideas?