Vektor67 Posted January 26, 2009 Report Share Posted January 26, 2009 I googled this error and found this thread: http://forum.utorrent.com/viewtopic.php?id=45865So I followed the instructions that were given to that poster.Here are the requested log files.Hijack This Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:09:10 PM, on 1/26/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Launchy\Launchy.exeC:\Program Files (x86)\ASUS\AASP\1.00.81\aaCenter.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Utorrent\uTorrent.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exeO8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO13 - Gopher Prefix: O15 - Trusted Zone: *.line6.netO16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///I:/setup/RiffLick.cabO16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cabO20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exeO23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXEO23 - Service: CbEvtSvc - Unknown owner - C:\Windows\System32\CbEvtSvc.exeO23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeO23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exeO23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)--End of file - 10157 bytesProcess: uTorrent.exe Pid: 4940Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6001.18000ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.6001.18000comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6001.18000dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6001.18000dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6001.18000DnsApi.dll DNS Client API DLL Microsoft Corporation 6.00.6001.18000DUser.dll Windows DirectUser Engine Microsoft Corporation 6.00.6001.18000duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.00.6000.16386fltlib.dll Filter Library Microsoft Corporation 6.00.6000.16386GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18159GPAPI.dll Group Policy Client API Microsoft Corporation 6.00.6001.18000guard32.dll 3.05.57170.0438hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 6.00.6001.18000hnetcfg.dll.mui Home Networking Configuration Manager Microsoft Corporation 6.00.6000.16386iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.00.6001.18241IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6001.18000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000kernel32.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6001.18000msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.00.6000.16386msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6001.18000msxml3.dll MSXML 3.0 SP10 Microsoft Corporation 8.100.1048.0000msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6001.18000NETAPI32.dll Net Win32 API DLL Microsoft Corporation 6.00.6001.18157netshell.dll Network Connections Shell Microsoft Corporation 6.00.6001.18000NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6001.18000npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6001.18000oleaut32.dll Microsoft Corporation 6.00.6001.18000pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6001.18000PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6001.18051rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6001.18167shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6001.18000slc.dll Software Licensing Client Dll Microsoft Corporation 6.00.6001.18000SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.00.6000.16386SXS.DLL Fusion 2.5 Microsoft Corporation 6.00.6001.18000upnp.dll UPnP Control Point API Microsoft Corporation 6.00.6001.18000urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.00.6001.18241USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000USERENV.dll Userenv Microsoft Corporation 6.00.6001.18000USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6001.18000WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.00.6001.18000WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386winsta.dll Winstation Library Microsoft Corporation 6.00.6001.18000WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6001.18000wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.00.6001.18000wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.00.6001.18000wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.00.6001.18000WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6001.18000wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000Thanks in advance for any help the one might offer.~ Vektor67 Link to comment Share on other sites More sharing options...
DreadWingKnight Posted January 26, 2009 Report Share Posted January 26, 2009 guard32.dll 3.05.57170.0438Your hijackthis log is unreadable for whatever reason, but this injected module may be part of the problem. Link to comment Share on other sites More sharing options...
Vektor67 Posted January 27, 2009 Author Report Share Posted January 27, 2009 Sorry, I just got home from work, I undid wordwrap and it looked much better on my machine, but after copying it and pasting it it looks no better in this thread. Is there something I'm doing wrong? It would seem copying and pasting would do it. Thanks though. Gaurd32.DLL is part of Comodo Firewall if I'm not mistaken. Link to comment Share on other sites More sharing options...
moogly Posted January 27, 2009 Report Share Posted January 27, 2009 Hum you have a service that sounds like surely a troyan on your computer... (search on Google)O23 - Service: CbEvtSvc - Unknown owner - C:\Windows\System32\CbEvtSvc.exehttp://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=144165http://vil.nai.com/vil/content/v_144165.htmhttp://www.bleepingcomputer.com/startups/CbEvtSvc.exe-22167.htmlYou need to fix that and retest if uT has still this error. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.