rgb192
asked on
hijack this log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:15:10 PM, on 6/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\SWsoft\Plesk\admin\bin\ traymonito r.exe
C:\SWsoft\Plesk\admin\bin\ traymonito r.exe
C:\SWsoft\Plesk\Additional \PleskPHP5 \php.exe
C:\SWsoft\Plesk\Additional \PleskPHP5 \php.exe
C:\Program Files (x86)\NuSphere\PhpED\phped .exe
C:\SWsoft\Plesk\Additional \PleskPHP5 \php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\ php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\ php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\ php.exe
C:\Windows\SysWOW64\inetsr v\w3wp.exe
C:\Windows\SysWOW64\inetsr v\w3wp.exe
C:\PROGRA~2\NuSphere\PhpED \Debugger\ DBGLIS~1.E XE
C:\Program Files (x86)\NuSphere\PhpED\srv.e xe
C:\Program Files (x86)\NuSphere\PhpED\php5\ php-cgi.ex e
C:\Windows\SysWOW64\conime .exe
C:\Program Files (x86)\WinSCP\WinSCP.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShe ll\Common7 \IDE\SqlWb .exe
C:\Program Files (x86)\NuSphere\PhpED\php5\ php-cgi.ex e
C:\Windows\SysWOW64\MPK\MP KView.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\inetsr v\w3wp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\inetsr v\w3wp.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Administrator\App Data\Local \Google\Ch rome\Appli cation\chr ome.exe
C:\Users\Administrator\App Data\Local \Google\Ch rome\Appli cation\chr ome.exe
C:\Users\Administrator\App Data\Local \Google\Ch rome\Appli cation\chr ome.exe
C:\Users\Administrator\App Data\Local \Google\Ch rome\Appli cation\chr ome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\SWsoft\Plesk\Additional \PleskPHP5 \php-cgi.e xe
C:\SWsoft\Plesk\Additional \PleskPHP5 \php-cgi.e xe
C:\SWsoft\Plesk\Additional \PleskPHP5 \php-cgi.e xe
C:\Users\Administrator\Dow nloads\Hij ackThis.ex e
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = res://iesetup.dll/SoftAdmi n.htm
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmi n.htm
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank. htm
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F A578C2EBDC 3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEHe lperShim.d ll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D 0F3C7C82AC A} - C:\Program Files (x86)\NuSphere\PhpED\NuSph ereIEBar.d ll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeA RM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\Ap pData\Loca l\Google\U pdate\Goog leUpdate.e xe" /c
O4 - HKLM\..\Policies\Explorer\ Run: [Mpk.exe] C:\Windows\SysWOW64\MPK\Mp k.exe
O4 - Startup: ebaypricechangepd.cmd
O4 - Startup: ebaypricechangerc.cmd
O4 - Startup: old
O4 - Startup: phped.exe - Shortcut.lnk = ?
O4 - Startup: SmartFTP.exe - Shortcut.lnk = ?
O4 - Startup: taskmgr.exe - Shortcut.lnk = ?
O4 - Startup: tracking.cmd
O4 - Startup: whatever2.cmd
O4 - Startup: whatever2robscamera.cmd
O4 - Startup: whatevercie.cmd
O4 - Global Startup: Plesk Services Monitor.lnk = ?
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files (x86)\NuSphere\PhpED\NuSph ereIEBar.d ll/1000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~2\MICROS~2\Offic e12\REFIEB AR.DLL
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{D F5BB93C-FE 76-4E47-B4 22-226EBF3 780FF}: NameServer = xx,xx
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3 078302C203 0} - C:\Windows\system32\browse ui.dll
O23 - Service: @%SystemRoot%\system32\Alg .exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.ex e (file missing)
O23 - Service: @%systemroot%\system32\CIS VC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC. EXE (file missing)
O23 - Service: @%windir%\system32\inetsrv \iisres.dl l,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsr v\inetinfo .exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint. exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn. exe
O23 - Service: MailEnable List Connector (MELCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc. exe (file missing)
O23 - Service: MySQL Server (MySQL) - Unknown owner - C:\SWsoft\Plesk\Databases\ MySQL\bin\ mysqld-nt. exe
O23 - Service: Plesk Name Server (named) - Unknown owner - C:\SWsoft\Plesk\dns\bin\na med.exe
O23 - Service: @%SystemRoot%\System32\net logon.dll, -102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: Parallels Plesk Panel service (PleskControlPanel) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\ PleskContr olPanel.ex e
O23 - Service: Plesk Management Service (plesksrv) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\ plesksrv.e xe
O23 - Service: Plesk PopPass Service (PopPassD) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\ PopPassD.e xe
O23 - Service: @%systemroot%\system32\psb ase.dll,-3 00 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: @%systemroot%\system32\Loc ator.exe,- 2 (RpcLocator) - Unknown owner - C:\Windows\system32\locato r.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPPr ov.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sam srv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: Sitebuilder for Windows Hosting Service (SBPreviewHost) - Parallels - C:\SWsoft\Plesk\SiteBuilde r\HostingS ervice\Bin \HostingSe rvice.exe
O23 - Service: Sitebuilder for Windows Updater Service (SBUpdater) - Parallels - C:\SWsoft\Plesk\SiteBuilde r\HostingS ervice\Bin \HostingSe rvice.exe
O23 - Service: @%SystemRoot%\system32\SLs vc.exe,-10 1 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc. exe (file missing)
O23 - Service: @%windir%\system32\inetsrv \smtpsetup .exe,-1 (SMTPSVC) - Unknown owner - C:\Windows\system32\inetsr v\inetinfo .exe (file missing)
O23 - Service: @%SystemRoot%\system32\snm ptrap.exe, -3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptr ap.exe (file missing)
O23 - Service: @%systemroot%\system32\spo olsv.exe,- 1 (Spooler) - Unknown owner - C:\Windows\System32\spools v.exe (file missing)
O23 - Service: Plesk SSL Wrapper Service (stunnel) - Unknown owner - C:\SWsoft\Plesk\stunnel\st unnel.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Windows\System32\tlntsv r.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\SWsoft\Plesk\Additional \Tomcat\bi n\tomcat5. exe
O23 - Service: @%SystemRoot%\system32\ui0 detect.exe ,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Det ect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds .exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.ex e (file missing)
O23 - Service: @%systemroot%\system32\vss vc.exe,-10 2 (VSS) - Unknown owner - C:\Windows\system32\vssvc. exe (file missing)
O23 - Service: @%systemroot%\system32\wbe ngine.exe, -104 (wbengine) - Unknown owner - C:\Windows\system32\wbengi ne.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4 .exe
O23 - Service: @%Systemroot%\system32\wbe m\wmiapsrv .exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\W miApSrv.ex e (file missing)
--
End of file - 9614 bytes
Scan saved at 5:15:10 PM, on 6/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\SWsoft\Plesk\admin\bin\
C:\SWsoft\Plesk\admin\bin\
C:\SWsoft\Plesk\Additional
C:\SWsoft\Plesk\Additional
C:\Program Files (x86)\NuSphere\PhpED\phped
C:\SWsoft\Plesk\Additional
C:\Program Files (x86)\NuSphere\PhpED\php5\
C:\Program Files (x86)\NuSphere\PhpED\php5\
C:\Program Files (x86)\NuSphere\PhpED\php5\
C:\Windows\SysWOW64\inetsr
C:\Windows\SysWOW64\inetsr
C:\PROGRA~2\NuSphere\PhpED
C:\Program Files (x86)\NuSphere\PhpED\srv.e
C:\Program Files (x86)\NuSphere\PhpED\php5\
C:\Windows\SysWOW64\conime
C:\Program Files (x86)\WinSCP\WinSCP.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShe
C:\Program Files (x86)\NuSphere\PhpED\php5\
C:\Windows\SysWOW64\MPK\MP
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\inetsr
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\inetsr
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Administrator\App
C:\Users\Administrator\App
C:\Users\Administrator\App
C:\Users\Administrator\App
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\SWsoft\Plesk\Additional
C:\SWsoft\Plesk\Additional
C:\SWsoft\Plesk\Additional
C:\Users\Administrator\Dow
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeA
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\Ap
O4 - HKLM\..\Policies\Explorer\
O4 - Startup: ebaypricechangepd.cmd
O4 - Startup: ebaypricechangerc.cmd
O4 - Startup: old
O4 - Startup: phped.exe - Shortcut.lnk = ?
O4 - Startup: SmartFTP.exe - Shortcut.lnk = ?
O4 - Startup: taskmgr.exe - Shortcut.lnk = ?
O4 - Startup: tracking.cmd
O4 - Startup: whatever2.cmd
O4 - Startup: whatever2robscamera.cmd
O4 - Startup: whatevercie.cmd
O4 - Global Startup: Plesk Services Monitor.lnk = ?
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files (x86)\NuSphere\PhpED\NuSph
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O17 - HKLM\System\CCS\Services\T
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
O23 - Service: @%SystemRoot%\system32\Alg
O23 - Service: @%systemroot%\system32\CIS
O23 - Service: @%windir%\system32\inetsrv
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.
O23 - Service: MailEnable List Connector (MELCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.
O23 - Service: MySQL Server (MySQL) - Unknown owner - C:\SWsoft\Plesk\Databases\
O23 - Service: Plesk Name Server (named) - Unknown owner - C:\SWsoft\Plesk\dns\bin\na
O23 - Service: @%SystemRoot%\System32\net
O23 - Service: Parallels Plesk Panel service (PleskControlPanel) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\
O23 - Service: Plesk Management Service (plesksrv) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\
O23 - Service: Plesk PopPass Service (PopPassD) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\
O23 - Service: @%systemroot%\system32\psb
O23 - Service: @%systemroot%\system32\Loc
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPPr
O23 - Service: @%SystemRoot%\system32\sam
O23 - Service: Sitebuilder for Windows Hosting Service (SBPreviewHost) - Parallels - C:\SWsoft\Plesk\SiteBuilde
O23 - Service: Sitebuilder for Windows Updater Service (SBUpdater) - Parallels - C:\SWsoft\Plesk\SiteBuilde
O23 - Service: @%SystemRoot%\system32\SLs
O23 - Service: @%windir%\system32\inetsrv
O23 - Service: @%SystemRoot%\system32\snm
O23 - Service: @%systemroot%\system32\spo
O23 - Service: Plesk SSL Wrapper Service (stunnel) - Unknown owner - C:\SWsoft\Plesk\stunnel\st
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Windows\System32\tlntsv
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\SWsoft\Plesk\Additional
O23 - Service: @%SystemRoot%\system32\ui0
O23 - Service: @%SystemRoot%\system32\vds
O23 - Service: @%systemroot%\system32\vss
O23 - Service: @%systemroot%\system32\wbe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4
O23 - Service: @%Systemroot%\system32\wbe
--
End of file - 9614 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:15:10 PM, on 6/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\SWsoft\Plesk\admin\bin\traymonitor.exe
C:\SWsoft\Plesk\admin\bin\traymonitor.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\phped.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\PROGRA~2\NuSphere\PhpED\Debugger\DBGLIS~1.EXE
C:\Program Files (x86)\NuSphere\PhpED\srv.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php-cgi.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\WinSCP\WinSCP.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php-cgi.exe
C:\Windows\SysWOW64\MPK\MPKView.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\Users\Administrator\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Windows\SysWOW64\MPK\Mpk.exe
O4 - Startup: ebaypricechangepd.cmd
O4 - Startup: ebaypricechangerc.cmd
O4 - Startup: old
O4 - Startup: phped.exe - Shortcut.lnk = ?
O4 - Startup: SmartFTP.exe - Shortcut.lnk = ?
O4 - Startup: taskmgr.exe - Shortcut.lnk = ?
O4 - Startup: tracking.cmd
O4 - Startup: whatever2.cmd
O4 - Startup: whatever2robscamera.cmd
O4 - Startup: whatevercie.cmd
O4 - Global Startup: Plesk Services Monitor.lnk = ?
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll/1000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5BB93C-FE76-4E47-B422-226EBF3780FF}: NameServer = xx,xx
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MailEnable List Connector (MELCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL Server (MySQL) - Unknown owner - C:\SWsoft\Plesk\Databases\MySQL\bin\mysqld-nt.exe
O23 - Service: Plesk Name Server (named) - Unknown owner - C:\SWsoft\Plesk\dns\bin\named.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Parallels Plesk Panel service (PleskControlPanel) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\PleskControlPanel.exe
O23 - Service: Plesk Management Service (plesksrv) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\plesksrv.exe
O23 - Service: Plesk PopPass Service (PopPassD) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\PopPassD.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sitebuilder for Windows Hosting Service (SBPreviewHost) - Parallels - C:\SWsoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: Sitebuilder for Windows Updater Service (SBUpdater) - Parallels - C:\SWsoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\smtpsetup.exe,-1 (SMTPSVC) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Plesk SSL Wrapper Service (stunnel) - Unknown owner - C:\SWsoft\Plesk\stunnel\stunnel.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Windows\System32\tlntsvr.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\SWsoft\Plesk\Additional\Tomcat\bin\tomcat5.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 9614 bytes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER