arodisi Posted February 16, 2010 Report Share Posted February 16, 2010 Hm, sorry, I have to do what everybody else did....bother you nice people to help me since I haven't a clue...It started today, only one file, all other files are downloading and uploading fine....did this: enable option "append .!ut to incomplete files" in uT (Preferences > General)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:16:17 PM, on 2/16/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Cyberlink\Power2Go\CLMLSvc.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\WINDOWS\System32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /optiO4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"O4 - HKLM\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /StartupO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [scanRegistry] C:\WO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 16, 2010 Report Share Posted February 16, 2010 Incomplete hijackthis log. Link to comment Share on other sites More sharing options...
arodisi Posted February 16, 2010 Report Share Posted February 16, 2010 ok, here it is againLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:18:28 PM, on 2/16/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Cyberlink\Power2Go\CLMLSvc.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\WINDOWS\System32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /optiO4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"O4 - HKLM\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /StartupO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [scanRegistry] C:\WO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe--End of file - 4335 bytes Link to comment Share on other sites More sharing options...
moogly Posted February 16, 2010 Report Share Posted February 16, 2010 Enable option "append .!ut to incomplete files" in µT. Link to comment Share on other sites More sharing options...
arodisi Posted February 16, 2010 Report Share Posted February 16, 2010 append option enabled Link to comment Share on other sites More sharing options...
coyote33 Posted February 16, 2010 Report Share Posted February 16, 2010 Incomplete files have ".!ut" extension andI have disabled NOD32 but the problem still goes on. Here is the info:Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 9:46:07 PM, on 2/16/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeD:\kurulanlar\TortoiseSVN\bin\TSVNCache.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\vVX1000.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Intel\WiFi\bin\ZCfgSvc.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\RAMASST.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\uTorrent\uTorrent.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\TrendMicro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localO2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dllO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /runO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless TrayO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.62.0.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cabO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ethz.ch,ethz.chO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ethz.ch,ethz.chO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ethz.ch,ethz.chO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe--End of file - 9739 bytes Link to comment Share on other sites More sharing options...
arodisi Posted February 17, 2010 Report Share Posted February 17, 2010 Today everything is working fine so far and I don't see any difference in hijack this log(except for the + programs I have disabled yesterday)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:36:58 PM, on 2/17/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Cyberlink\Power2Go\CLMLSvc.exeC:\Program Files\CyberLink\Power2Go\Power2GoExpress.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\WINDOWS\System32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /optiO4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"O4 - HKLM\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /StartupO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [scanRegistry] C:\WO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe--End of file - 4488 bytesCould this be something to do with torrent file, seeders etc.....?And the download speed was much faster yesterday, now its slow but that seems normal since it was that way when I started to download the file (a 1933 movie), that might mean something... Link to comment Share on other sites More sharing options...
porrasnick Posted February 18, 2010 Report Share Posted February 18, 2010 I'm having the same issue, here's my HijackThis log...Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 11:37:34 PM, on 2/17/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\My-Proxy\Forum Proxy Leecher\FPL.exeC:\Program Files (x86)\AutoHotkey\AutoHotkey.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 131.179.112.71:3128R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO1 - Hosts: ::1 localhostO2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dllO4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [svchost] svchost.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -pO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: Citrus Alarm Clock.lnk = C:\Program Files (x86)\Citrus Alarm Clock\Citrus Alarm Clock.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dllO13 - Gopher Prefix: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeO23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exeO23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 8728 bytes Link to comment Share on other sites More sharing options...
moogly Posted February 18, 2010 Report Share Posted February 18, 2010 @arodisi: if this error appears only for a torrent movie, the culprit can be a media indexer or Windows Indexer. Make some tries to disable it and check if the error is still here.As I see, you run Win XP. You can try to use Unlocker on the file presenting this error message.http://ccollomb.free.fr/unlocker/And enable option "append .!ut to incomplete files" in µT. Link to comment Share on other sites More sharing options...
arodisi Posted February 19, 2010 Report Share Posted February 19, 2010 thanks moogly if the problem occurs again I'll try what you recommended, but it seems that it was only that day, some weird torrent behavior, and now everything is going smoothly....puzzled Link to comment Share on other sites More sharing options...
wordsinrows Posted February 19, 2010 Report Share Posted February 19, 2010 I have the same problem. I am guessing that it is caused by one of those trend micro entries, but I have no idea which one or how to turn it off.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:44:59 AM, on 2/19/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\PLFSetI.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exeC:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exeC:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= … 5a4851x450R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= … 5a4851x450R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b= … 5a4851x450R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllO3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dllO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDO4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -kO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -aO4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exeO4 - HKLM\..\Run: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exeO4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lockO4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO13 - Gopher Prefix:O15 - Trusted IP range: http://192.168.1.254O15 - ESC Trusted IP range: http://192.168.1.254O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exeO23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (filePEProcess PID CPU Description Company NameSystem Idle Process 0 71.04 svchost.exe 692 4.49 procexp64.exe 3036 4.49 Sysinternals Process Explorer Sysinternals - www.sysinternals.comlsass.exe 532 4.49 ePowerEvent.exe 4008 4.49 VideoWebCamera.exe 2224 2.99 Video Web Camera SuyinSynTPEnh.exe 1308 2.24 Synaptics TouchPad Enhancements Synaptics Incorporateddwm.exe 1884 2.24 Desktop Window Manager Microsoft Corporationexplorer.exe 1896 1.50 Windows Explorer Microsoft CorporationTmPfw.exe 4248 0.75 firefox.exe 4968 0.75 Firefox Mozilla CorporationDPCs n/a 0.75 Deferred Procedure Calls wmpnetwk.exe 3712 WmiPrvSE.exe 3592 WLIDSVCM.EXE 3064 WLIDSVC.EXE 2824 WINWORD.EXE 504 Microsoft Office Word Microsoft Corporationwinlogon.exe 576 wininit.exe 452 uTorrent.exe 2264 µTorrent BitTorrent, Inc.UpdaterService.exe 2788 unsecapp.exe 2140 Sink to receive asynchronous callbacks for WMI client application Microsoft CorporationUfSeAgnt.exe 2156 Trend Micro Server Agent Trend Micro Inc.TSCFPlatformCOMSvr.exe 2116 TSCFPlatformCOMSvr Trend Micro Inc.TmProxy.exe 5100 TMBMSRV.exe 2364 taskhost.exe 1804 Host Process for Windows Tasks Microsoft Corporationtaskeng.exe 2324 Task Scheduler Engine Microsoft CorporationSystem 4 SynTPHelper.exe 3152 svchost.exe 960 svchost.exe 796 svchost.exe 1000 svchost.exe 884 svchost.exe 464 svchost.exe 916 svchost.exe 3164 svchost.exe 1192 svchost.exe 1552 svchost.exe 3112 svchost.exe 3400 spoolsv.exe 1144 splwow64.exe 2464 Print driver host for 32bit applications Microsoft Corporationsmss.exe 280 sidebar.exe 2256 Windows Desktop Gadgets Microsoft CorporationSfCtlCom.exe 1740 services.exe 516 SearchProtocolHost.exe 4000 SearchIndexer.exe 2964 SearchFilterHost.exe 4900 SeaPort.exe 1704 SCServer.exe 2220 Microsoft Search Client Server Microsoft CorporationProToolbarUpdate.exe 5108 ProToolbarComm.exe 4620 Trend Micro TrendSecure Trend Micro Inc.procexp.exe 4088 Sysinternals Process Explorer Sysinternals - www.sysinternals.comPLFSetI.exe 1412 DefaultSettingEXE MFC Application PDVD8Serv.exe 3320 PowerDVD RC Service CyberLink Corp.mswinext.exe 3536 MSN® Toolbar Microsoft Corp.MOM.exe 2616 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.mDNSResponder.exe 1424 lsm.exe 540 LManager.exe 3264 jusched.exe 3508 Java Platform SE binary Sun Microsystems, Inc.iTunesHelper.exe 3348 iTunesHelper Apple Inc.iTunes.exe 4800 iTunes Apple Inc.IScheduleSvc.exe 1584 iPodService.exe 3756 Interrupts n/a Hardware Interrupts ielowutil.exe 1832 Internet Low-Mic Utility Tool Microsoft CorporationGregHSRW.exe 1500 FLMain.exe 2284 Trend Micro Vault Program Trend Micro Inc.ePowerTray.exe 2060 ePowerTray Acer IncorporatedePowerSvc.exe 1460 csrss.exe 484 csrss.exe 384 conhost.exe 4320 CLMLSvc.exe 3296 CyberLink MediaLibray Service CyberLinkCCC.exe 2444 Catalyst Control Centre: Host application ATI Technologies Inc.cAudioFilterAgent64.exe 992 Conexant High Definition Audio Filter Agent Conexant Systems, Inc.BackupManagerTray.exe 2384 Gateway MyBackup NewTech Infosystems, Inc.atiesrxx.exe 840 atieclxx.exe 1336 AppleMobileDeviceService.exe 1284 Link to comment Share on other sites More sharing options...
moogly Posted February 19, 2010 Report Share Posted February 19, 2010 When the culprit is a FW or AV, enable the option "append !.ut to incomplete files" in µT is enough in many cases. Did you enable it?Does the issue appear with media files (mp3, movies etc)? Link to comment Share on other sites More sharing options...
hanza123 Posted February 20, 2010 Report Share Posted February 20, 2010 Same problem:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:58:05, on 2010-02-20Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Windows NT\Accessories\WORDPAD.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\haginho\USTAWI~1\Temp\Rar$EX00.906\UnlockerAssistant.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15003&l=disR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dllR3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dllO2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dllO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "d:\Turbine Download Manager\TurbineDownloadManagerIcon.exe"O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silentO4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [Prec] C:\Program Files\Prec\PrecStarter.exeO4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /SO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: PowerReg Scheduler.exeO8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{1FC3EE07-8CB3-4DC7-9E6F-F31CB0A6F48E}: NameServer = 83.238.255.76 213.241.79.37O17 - HKLM\System\CS1\Services\Tcpip\..\{1FC3EE07-8CB3-4DC7-9E6F-F31CB0A6F48E}: NameServer = 83.238.255.76 213.241.79.37O17 - HKLM\System\CS4\Services\Tcpip\..\{1FC3EE07-8CB3-4DC7-9E6F-F31CB0A6F48E}: NameServer = 83.238.255.76 213.241.79.37O17 - HKLM\System\CS5\Services\Tcpip\..\{1FC3EE07-8CB3-4DC7-9E6F-F31CB0A6F48E}: NameServer = 83.238.255.76 213.241.79.37O17 - HKLM\System\CS6\Services\Tcpip\..\{1FC3EE07-8CB3-4DC7-9E6F-F31CB0A6F48E}: NameServer = 83.238.255.76 213.241.79.37O17 - HKLM\System\CS7\Services\Tcpip\..\{1FC3EE07-8CB3-4DC7-9E6F-F31CB0A6F48E}: NameServer = 83.238.255.76 213.241.79.37O17 - HKLM\System\CS8\Services\Tcpip\..\{1FC3EE07-8CB3-4DC7-9E6F-F31CB0A6F48E}: NameServer = 83.238.255.76 213.241.79.37O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - d:\Turbine Download Manager\TurbineMessageService.exeO23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - d:\Turbine Download Manager\TurbineNetworkService.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exeO23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe--End of file - 10638 bytesIt's not AVG as I excluded .!ut files, and not winamp agent as i disabled the whole thing (couldn't find a way to exclude .!ut files in that one). I'm puzzled, because i get the error message just with some torrent, but not with others. Unlocker helped, yet i see it as a temporary solution and i'm looking for one more permanent. Thanks a bunch in advance Link to comment Share on other sites More sharing options...
wordsinrows Posted February 20, 2010 Report Share Posted February 20, 2010 Checking that box worked great! Thank you very much. And just to answer the question I was having the problem when downloading multiple MP3's. Link to comment Share on other sites More sharing options...
Picollo30 Posted February 21, 2010 Report Share Posted February 21, 2010 im having the same problem can someone give me a hand? Started happening todayLogfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 4:28:20, on 21-02-2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Microsoft Security Essentials\MsMpEng.exeC:\Programas\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Programas\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\Programas\iTunes\iTunesHelper.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\Creative\Shared Files\CTAudSvc.exeC:\Programas\QuickTime\QTTask.exeC:\Programas\Startup Faster\SFAgent.exeC:\Programas\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Google\Update\1.2.183.13\GoogleCrashHandler.exeC:\Programas\cFosSpeed\spd.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Programas\Easy-Hide-IP\services\EasyHideIp.exeC:\Programas\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exeC:\Programas\cFosSpeed\cfosspeed.exeC:\Programas\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exeC:\Programas\Java\jre6\bin\jqs.exeC:\Programas\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exeC:\Programas\Creative\MediaSource\Detector\CTDetect.exeC:\Programas\Malwarebytes' Anti-Malware\mbamservice.exeC:\Programas\McAfee\SiteAdvisor\McSACore.exeC:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Programas\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Programas\Ficheiros comuns\Java\Java Update\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\Programas\Ficheiros comuns\Seagate\Schedule2\schedul2.exeC:\WINDOWS\system32\BTSetBootKey.exeC:\Programas\Ficheiros comuns\Nokia\MPlatform\NokiaMServer.exeC:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\Programas\NVIDIA Corporation\System Update\UpdateCenterService.exeC:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Programas\Alwil Software\Avast4\ashMaiSv.exeC:\Programas\iPod\bin\iPodService.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Programas\Alwil Software\Avast4\ashWebSv.exeC:\Programas\NVIDIA Corporation\nTune\nTuneCmd.exeC:\PROGRA~1\Crawler\CToolbar.exeC:\Programas\SpeedFan\speedfan.exeC:\Programas\PC Connectivity Solution\ServiceLayer.exeC:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Programas\PC Connectivity Solution\Transports\NclMSBTSrv.exeC:\Programas\DAEMON Tools Pro\DTProShellHlp.exeC:\Programas\DU Meter\DUMeter.exeC:\Programas\DU Meter\DUMeterSvc.exeC:\Programas\Alarm\Alarm.exeC:\Programas\Opera\opera.exeC:\WINDOWS\system32\BTSetBootKey.exeC:\Programas\SpeedFan\speedfan.exeC:\Programas\CpuIdle\cpuidle.exeC:\WINDOWS\system32\wuauclt.exeC:\Programas\uTorrent\uTorrent.exeC:\Programas\Soulseek\slsk.exeC:\Programas\Orbitdownloader\orbitdm.exeC:\Programas\Orbitdownloader\orbitnet.exeC:\WINDOWS\explorer.exeC:\Programas\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\BTSetBootKey.exeC:\WINDOWS\explorer.exeC:\Programas\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exeC:\WINDOWS\system32\SearchProtocolHost.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesR3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllR3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programas\Freecorder\tbFree.dllO1 - Hosts: 255.255.255.255 broadcasthostO1 - Hosts: ::1 localhostO1 - Hosts: 216.34.181.45 s # slashdot.orgO1 - Hosts: 64.233.187.104 g # google.comO2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programas\Orbitdownloader\orbitcth.dllO2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programas\TechSmith\Snagit 9\SnagitBHO.dllO2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programas\Freecorder\tbFree.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programas\Crawler\ctbr.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dllO2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Paulo Monteiro.TITANIUM.000\Application Data\FlashGetBHO\FlashGetBHO3.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dllO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHF~1.6FI\IEFlash.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dllO2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programas\Crawler\ctbr.dllO3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programas\Orbitdownloader\GrabPro.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programas\TechSmith\Snagit 9\SnagitIEAddin.dllO3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programas\Freecorder\tbFree.dllO3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dllO4 - HKLM\..\Run: [startupFaster] "C:\Programas\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUPO4 - HKCU\..\Run: [uTorrent] "C:\Programas\uTorrent\uTorrent.exe"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O4 - Startup: StartupFasterO4 - Global Startup: StartupFasterO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htmO8 - Extra context menu item: &Download by Orbit - res://C:\Programas\Orbitdownloader\orbitmxt.dll/201O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htmO8 - Extra context menu item: &Grab video by Orbit - res://C:\Programas\Orbitdownloader\orbitmxt.dll/204O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: Crawler Search - tbr:iemenuO8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programas\Orbitdownloader\orbitmxt.dll/203O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programas\Orbitdownloader\orbitmxt.dll/202O8 - Extra context menu item: Download All by FlashGet3 - C:\Documents and Settings\Paulo Monteiro.TITANIUM.000\Application Data\FlashGetBHO\GetAllUrl.htmO8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Paulo Monteiro.TITANIUM.000\Application Data\FlashGetBHO\GetUrl.htmO8 - Extra context menu item: Google Sidewiki... - res://C:\Programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.htmlO9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: @C:\Programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: @C:\Programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra button: Click here to support the xp-AntiSpy project. - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programas\xp-AntiSpy\sponsoring\sponsor.html (HKCU)O9 - Extra 'Tools' menuitem: Support for xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programas\xp-AntiSpy\sponsoring\sponsor.html (HKCU)O15 - Trusted Zone: http://software.kuaiche.comO16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234140877046O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219114038593O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cabO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programas\Crawler\ctbr.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLLO22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exeO23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programas\Ficheiros comuns\Creative Labs Shared\Service\CTAELicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTAudSvc.exeO23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Programas\DU Meter\DUMeterSvc.exeO23 - Service: EasyHideIP - Unknown owner - C:\Programas\Easy-Hide-IP\services\EasyHideIp.exeO23 - Service: Serviço Google Update (gupdate1c9b3e1381cb02c) (gupdate1c9b3e1381cb02c) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programas\Ahead\InCD\InCDsrv.exeO23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programas\McAfee\SiteAdvisor\McSACore.exeO23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Programas\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ServiceLayer - Nokia - C:\Programas\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Programas\Ficheiros comuns\Seagate\Schedule2\schedul2.exeO23 - Service: Serviço SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)O23 - Service: Serviço Trap SNMP (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Programas\NVIDIA Corporation\System Update\UpdateCenterService.exe--End of file - 18432 bytes Link to comment Share on other sites More sharing options...
moogly Posted February 21, 2010 Report Share Posted February 21, 2010 @Picollo30: surely one of your security softwares like Avast, McAfee or MalwareBytes.Try to enable the option "append .!ut to incomplete files" in µT and exclude extention .!ut in your firewall/AV. Link to comment Share on other sites More sharing options...
jonifan Posted February 22, 2010 Report Share Posted February 22, 2010 Hi I am having this problem also and would appreciate any help. I did the "append the !ul" thingy on U Torrent but it does not seem to help. I am really a computer novice so please be gentle. Thank You.Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 8:11:32 AM, on 2/22/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\ps2.exeC:\WINDOWS\ALCXMNTR.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\System32\hphmon05.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Common Files\AOL\1174315143\ee\AOLSoftware.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Java\jre1.5.0_17\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Safari\Safari.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\SpaceWare\AMan\Amazon.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\TrendMicro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.localO2 - BHO: (no name) - {3561DD7C-5C84-4168-A6B2-8971BC74CA9A} - (no file)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {7B28A3A4-1C4C-459A-878B-53990FF5BD6C} - (no file)O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1174315143\ee\AOLSoftware.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178037103312O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: nxsawx.dllO20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 10746 bytes Link to comment Share on other sites More sharing options...
moogly Posted February 22, 2010 Report Share Posted February 22, 2010 Did you exclude the extension .!ut in AVG? Link to comment Share on other sites More sharing options...
mincey101 Posted February 25, 2010 Report Share Posted February 25, 2010 Ahh im having the same problem! I checked the box for the append to !bt but it didnt make any difference. I also allowed .!ut in my anti virus software but no luck. Here's my HiJackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:45:05, on 25/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exeC:\WINDOWS\system32\nvsvc32.exeC:\Apps\Softex\OmniPass\Omniserv.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exeC:\Program Files\O2\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\BitTorrent\bittorrent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\foobar2000\foobar2000.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\SearchProtocolHost.exeD:\Documents and Settings\Mincey\Desktop\HiJackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: (no name) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -backgroundO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exeO9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exeO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htmO15 - Trusted Zone: http://*.broadband.o2.co.ukO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exeO23 - Service: Google Update Service (gupdate1c9938276ca1592) (gupdate1c9938276ca1592) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (file missing)O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exeO23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exeO23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe--End of file - 9732 bytes Link to comment Share on other sites More sharing options...
moogly Posted February 25, 2010 Report Share Posted February 25, 2010 @mincey101: where do you see this error? various files or only audio/video files?I see you have many burning softwares, they have some file indexers.Same about Foobar2000 (media center).So check all the files indexers. Link to comment Share on other sites More sharing options...
Jajjimus Posted February 25, 2010 Report Share Posted February 25, 2010 I am getting the same message how do i fix this?? Link to comment Share on other sites More sharing options...
chantash Posted February 25, 2010 Report Share Posted February 25, 2010 I am getting the same message too. Avast found a Trojan Horse and advised that it be moved to the chest. but I got the same message "Avast: The process cannot access the file...". I have read I need the hijackthis logfile but cannot interept it, can someone help please? This is the logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:48:12, on 25/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Virgin Broadband Wireless uk\AffinegyService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exeC:\Program Files\WinPcap\rpcapd.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Creative\Mixer\CTSVolFE.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\V-Gear BEE\VBService.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Java\jre6\bin\javaw.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Java\jre6\bin\java.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1070519R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forexfactory.com/forum.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1070519R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLLO1 - Hosts: HPE8FDFB.my-domain HP0019BBE8FDFBO2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLLO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLLO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLLO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /rO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /sO4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless uk\Wireless Manager.exe" startupO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [sGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exeO4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exeO4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPFO4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /hO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Dell Network Assistant.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm301YYGBO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cabO16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe/accounttracking.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229549017671O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless uk\AffinegyService.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exeO23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exeO23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXEO23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXEO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exeO23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 13385 bytes Link to comment Share on other sites More sharing options...
moogly Posted February 25, 2010 Report Share Posted February 25, 2010 GoogleDesktopManager - - file indexer.Set it to exclude the torrent download folder or disable it. Link to comment Share on other sites More sharing options...
chantash Posted February 25, 2010 Report Share Posted February 25, 2010 Thank you for your help but I am really not computer savvy, how do I do that? Sorry Link to comment Share on other sites More sharing options...
designedsilence Posted February 27, 2010 Report Share Posted February 27, 2010 Having the same issue with win7 64 bit.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:13:59 PM, on 2/26/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\Logitech\SetPoint\x86\SetPoint32.exeC:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeC:\Users\Designed\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Designed\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Designed\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Designed\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeC:\Users\Designed\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Designed\AppData\Local\Google\Chrome\Application\chrome.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dllF2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dllO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [Google Update] "C:\Users\Designed\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeO4 - Global Startup: Logitech SetPoint.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 8167 bytes Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.