We help IT Professionals succeed at work.

hijack this log

rgb192
rgb192 asked
on
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:15:10 PM, on 6/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\SWsoft\Plesk\admin\bin\traymonitor.exe
C:\SWsoft\Plesk\admin\bin\traymonitor.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\phped.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\PROGRA~2\NuSphere\PhpED\Debugger\DBGLIS~1.EXE
C:\Program Files (x86)\NuSphere\PhpED\srv.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php-cgi.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\WinSCP\WinSCP.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php-cgi.exe
C:\Windows\SysWOW64\MPK\MPKView.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\Users\Administrator\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Windows\SysWOW64\MPK\Mpk.exe
O4 - Startup: ebaypricechangepd.cmd
O4 - Startup: ebaypricechangerc.cmd
O4 - Startup: old
O4 - Startup: phped.exe - Shortcut.lnk = ?
O4 - Startup: SmartFTP.exe - Shortcut.lnk = ?
O4 - Startup: taskmgr.exe - Shortcut.lnk = ?
O4 - Startup: tracking.cmd
O4 - Startup: whatever2.cmd
O4 - Startup: whatever2robscamera.cmd
O4 - Startup: whatevercie.cmd
O4 - Global Startup: Plesk Services Monitor.lnk = ?
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll/1000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5BB93C-FE76-4E47-B422-226EBF3780FF}: NameServer = xx,xx
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MailEnable List Connector (MELCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL Server (MySQL) - Unknown owner - C:\SWsoft\Plesk\Databases\MySQL\bin\mysqld-nt.exe
O23 - Service: Plesk Name Server (named) - Unknown owner - C:\SWsoft\Plesk\dns\bin\named.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Parallels Plesk Panel service (PleskControlPanel) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\PleskControlPanel.exe
O23 - Service: Plesk Management Service (plesksrv) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\plesksrv.exe
O23 - Service: Plesk PopPass Service (PopPassD) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\PopPassD.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sitebuilder for Windows Hosting Service (SBPreviewHost) - Parallels - C:\SWsoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: Sitebuilder for Windows Updater Service (SBUpdater) - Parallels - C:\SWsoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\smtpsetup.exe,-1 (SMTPSVC) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Plesk SSL Wrapper Service (stunnel) - Unknown owner - C:\SWsoft\Plesk\stunnel\stunnel.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Windows\System32\tlntsvr.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\SWsoft\Plesk\Additional\Tomcat\bin\tomcat5.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9614 bytes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:15:10 PM, on 6/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\SWsoft\Plesk\admin\bin\traymonitor.exe
C:\SWsoft\Plesk\admin\bin\traymonitor.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\phped.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\PROGRA~2\NuSphere\PhpED\Debugger\DBGLIS~1.EXE
C:\Program Files (x86)\NuSphere\PhpED\srv.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php-cgi.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\WinSCP\WinSCP.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe
C:\Program Files (x86)\NuSphere\PhpED\php5\php-cgi.exe
C:\Windows\SysWOW64\MPK\MPKView.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\SWsoft\Plesk\Additional\PleskPHP5\php-cgi.exe
C:\Users\Administrator\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Windows\SysWOW64\MPK\Mpk.exe
O4 - Startup: ebaypricechangepd.cmd
O4 - Startup: ebaypricechangerc.cmd
O4 - Startup: old
O4 - Startup: phped.exe - Shortcut.lnk = ?
O4 - Startup: SmartFTP.exe - Shortcut.lnk = ?
O4 - Startup: taskmgr.exe - Shortcut.lnk = ?
O4 - Startup: tracking.cmd
O4 - Startup: whatever2.cmd
O4 - Startup: whatever2robscamera.cmd
O4 - Startup: whatevercie.cmd
O4 - Global Startup: Plesk Services Monitor.lnk = ?
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll/1000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5BB93C-FE76-4E47-B422-226EBF3780FF}: NameServer = xx,xx
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MailEnable List Connector (MELCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - Unknown owner - C:\SWsoft\Plesk\Mail Servers\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL Server (MySQL) - Unknown owner - C:\SWsoft\Plesk\Databases\MySQL\bin\mysqld-nt.exe
O23 - Service: Plesk Name Server (named) - Unknown owner - C:\SWsoft\Plesk\dns\bin\named.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Parallels Plesk Panel service (PleskControlPanel) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\PleskControlPanel.exe
O23 - Service: Plesk Management Service (plesksrv) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\plesksrv.exe
O23 - Service: Plesk PopPass Service (PopPassD) - Parallels, Inc - C:\SWsoft\Plesk\admin\bin\PopPassD.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sitebuilder for Windows Hosting Service (SBPreviewHost) - Parallels - C:\SWsoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: Sitebuilder for Windows Updater Service (SBUpdater) - Parallels - C:\SWsoft\Plesk\SiteBuilder\HostingService\Bin\HostingService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\smtpsetup.exe,-1 (SMTPSVC) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Plesk SSL Wrapper Service (stunnel) - Unknown owner - C:\SWsoft\Plesk\stunnel\stunnel.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Windows\System32\tlntsvr.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\SWsoft\Plesk\Additional\Tomcat\bin\tomcat5.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9614 bytes

Open in new window

Comment
Watch Question

Commented:
You have many system files missing. Run the system file checker. In the command box enter sfc  /scannow
Commented:
From your HiJackThis log there seems to be at least one 'suspect file', and because HiJackThis will not show all infections you may well have a Trojan.

Therefore i suggest you try running Combofix.
Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running.
Also it may be necessary to rename ComboFix.exe (to Combo-Fix.exe for example), before saving it to your desktop.  
If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD.  Rename it and carry to the infected machine, then try this key combination to reach a Run box>
Windows Logo+R: Run dialog box

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
Please post that log in a reply to us.
Do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor.
ComboFix should be run in normal mode.

In case you need it>   A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Author

Commented:
thanks