KaoticK Posted September 19, 2008 Report Share Posted September 19, 2008 What is this? And how can I fix it? Link to comment Share on other sites More sharing options...
Ultima Posted September 19, 2008 Report Share Posted September 19, 2008 a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here Link to comment Share on other sites More sharing options...
KaoticK Posted September 19, 2008 Author Report Share Posted September 19, 2008 HJT:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:07:42 AM, on 9/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\LTMSG.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\interMute\SpamSubtract\SpamSub.exeC:\Program Files\LMTD300\LSVICENT.EXEc:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.localR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dllO2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silentO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - Startup: Organize.lnk = ?O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exeO4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LacViet mtd300 Service - Unknown owner - C:\Program Files\LMTD300\LSVICENT.EXEO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe--End of file - 8947 bytesProcess Explorer:Process PID CPU Description Company NameSystem Idle Process 0 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 720 Windows NT Session Manager Microsoft Corporation csrss.exe 796 Client Server Runtime Process Microsoft Corporation winlogon.exe 820 Windows NT Logon Application Microsoft Corporation services.exe 868 Services and Controller app Microsoft Corporation svchost.exe 1032 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1112 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1256 Generic Host Process for Win32 Services Microsoft Corporation wscntfy.exe 2508 Windows Security Center Notification App Microsoft Corporation svchost.exe 1304 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1408 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1836 Spooler SubSystem App Microsoft Corporation mDNSResponder.exe 756 Bonjour Service Apple Inc. ccSetMgr.exe 832 Common Client Settings Manager Service Symantec Corporation LSVICENT.EXE 1372 96.92 navapsvc.exe 1472 Norton AntiVirus Auto-Protect Service Symantec Corporation nvsvc32.exe 1588 NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation svchost.exe 164 Generic Host Process for Win32 Services Microsoft Corporation wdfmgr.exe 228 Windows User Mode Driver Manager Microsoft Corporation ccEvtMgr.exe 788 Common Client Event Manager Service Symantec Corporation alg.exe 2796 Application Layer Gateway Service Microsoft Corporation AppleMobileDeviceService.exe 1528 Apple Mobile Device Service Apple Inc. lsass.exe 880 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 1756 Windows Explorer Microsoft Corporation jusched.exe 172 Java Platform SE binary Sun Microsystems, Inc. hpsysdrv.exe 160 hpsysdrv Hewlett-Packard Company hphmon05.exe 192 HPHmon05 Hewlett-Packard kbd.exe 204 KBD EXE Hewlett-Packard Company ccApp.exe 232 Symantec Common Client User Session Symantec Corporation ltmsg.exe 248 ltmsg Agere Systems shwicon2k.exe 268 Alcor Micro, Corp. mmtask.exe 276 TODO: <File description> TODO: <Company name> ALCXMNTR.EXE 352 Realtek Audio - Event Monitor Realtek Semiconductor Corp. BackWeb-1940576.exe 108 SpamSub.exe 1216 SpamSubtract interMute, Inc. firefox.exe 3784 Firefox Mozilla Corporation uTorrent.exe 2768 3.08 µTorrent BitTorrent, Inc. procexp.exe 492 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 2768Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3394GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180IadHide4.dll IAdHide BackWeb 6.02.0003.0066Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2945LINKINFO.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751locale.nls mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0004.0012MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.3394NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2952netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180rsvpsp.dll Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation 5.01.2600.0000rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2951shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3354sortkey.nls sorttbls.nls SpSubLSP.dll SpamSubtract Layered Service Provider interMute, Inc. 2.00.0000.0046unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180 Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 19, 2008 Report Share Posted September 19, 2008 SpSubLSP.dll SpamSubtract Layered Service Provider interMute, Inc. 2.00.0000.0046EEW. Injected where it doesn't need to be.IadHide4.dll IAdHide BackWeb 6.02.0003.0066Also doesn't need to be injected.Both most likely causes of problems. Link to comment Share on other sites More sharing options...
KaoticK Posted September 19, 2008 Author Report Share Posted September 19, 2008 How do I uninject them? Lol, bad wording. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 19, 2008 Report Share Posted September 19, 2008 You don't. They inject themselves.What you need to do is figure out what's causing them to inject and stop it. Link to comment Share on other sites More sharing options...
KaoticK Posted September 19, 2008 Author Report Share Posted September 19, 2008 How wold I do that? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 19, 2008 Report Share Posted September 19, 2008 The spamsubtract one is easy, turn that application off before launching uT.The other one, I'm not quite as sure about. Link to comment Share on other sites More sharing options...
KaoticK Posted September 19, 2008 Author Report Share Posted September 19, 2008 Would changing the name of the .dll help? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 19, 2008 Report Share Posted September 19, 2008 Nope, it would just cause other problems. Figure out what's launching the DLLs and force-injecting them and block it. Link to comment Share on other sites More sharing options...
KaoticK Posted September 19, 2008 Author Report Share Posted September 19, 2008 What if I say that only the file I am downloading is giving me that error in Status? Same thing?Oh yah, another problem that might be connected...Whenever I close uT, I have to use Ctrl Alt Del. If I close it by using the X, then whenever I open it, it doesnt Respond. But whenever I use Ctrl Alt Del, to close, then when I open it, it takes me back to installing the program. Then it has to recheck the download and stuff.Just a little more info of what I am doing. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 19, 2008 Report Share Posted September 19, 2008 Then you have some obnoxious programs on your system that are interfering greatly. Link to comment Share on other sites More sharing options...
konstrukt Posted August 5, 2009 Report Share Posted August 5, 2009 I'm having the same problem. I'm running Windows Server 2003 x64 and just recently started having this error. Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:56:04 PM, on 8/5/2009Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Program Files (x86)\copSSH\bin\cygrunsrv.exeC:\Program Files (x86)\FileZilla Server\FileZilla Server.exeC:\Program Files (x86)\copSSH\bin\sshd.exeC:\Program Files (x86)\Java\jre6\bin\jqs.exeC:\Program Files (x86)\BandwidthMonitor\BWMonitor.exeC:\Program Files (x86)\MagicDisc\MagicDisc.exeC:\WINDOWS\SysWOW64\ctfmon.exeC:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htmR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/F2 - REG:system.ini: UserInit=userinitO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME (x86)\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\SysWow64\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\SysWow64\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\SysWOW64\JMRaidTool.exe bootO4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"O4 - HKLM\..\Run: [NBMonitor] "C:\Program Files (x86)\Nsasoft\NBMonitor\NBMonitor.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bandwidthMonitor] C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -pO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-3449750385-349296877-1836725808-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SvcCOPSSH')O4 - HKUS\S-1-5-21-3449750385-349296877-1836725808-1004\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SvcCOPSSH')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO15 - ESC Trusted Zone: http://mozilla.mirrors.evolva.roO15 - ESC Trusted Zone: http://www.google.frO15 - ESC Trusted Zone: http://www.mozilla.comO15 - ESC Trusted Zone: http://runonce.msn.comO15 - ESC Trusted Zone: http://mozilla.snt.utwente.nlO15 - ESC Trusted Zone: http://mozilla2.snt.utwente.nlO15 - ESC Trusted Zone: http://m.webtrends.comO15 - ESC Trusted Zone: http://*.windowsupdate.comO15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182182446101O17 - HKLM\System\CCS\Services\Tcpip\..\{04EF15B5-2E49-4B9E-8137-B5FA575ED829}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{0E04BDCD-C453-4FC4-90B4-54E019716D6F}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{1073A361-7E3C-474B-AF2F-0B8857382C38}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB85F30-BEA9-4CA7-BD99-E2A39D8981A6}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{3AABE1FB-68F5-450C-BEC1-0DE37833A46E}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{4C541F01-5E77-486F-9149-FE5D64F66451}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{64B1D3C0-ED74-4C82-BA2A-E36F011D302A}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{9409D708-7D20-4E71-82E9-E49DBCF7A299}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{97695322-447E-4C65-A0B8-DC6EF243DCD4}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A6165D-32C2-455E-8979-17E9658B690B}: NameServer = 10.48.100.2O17 - HKLM\System\CCS\Services\Tcpip\..\{F815D980-4D5D-4898-A704-AC6E42B255A5}: NameServer = 213.186.33.99O17 - HKLM\System\CS1\Services\Tcpip\..\{04EF15B5-2E49-4B9E-8137-B5FA575ED829}: NameServer = 10.48.100.2O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - C:\Program Files (x86)\copSSH\bin\cygrunsrv.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exeO23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)--End of file - 9003 bytes Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.