Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:25 PM, on 8/15/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Razer\Tarantula\razertra.exe
C:\Program Files (x86)\Trend Micro\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: # Copyright (c) 1993-2006 Microsoft Corp.
O1 - Hosts: #
O1 - Hosts: # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
O1 - Hosts: #
O1 - Hosts: # This file contains the mappings of IP addresses to host names. Each
O1 - Hosts: # entry should be kept on an individual line. The IP address should
O1 - Hosts: # be placed in the first column followed by the corresponding host name.
O1 - Hosts: # The IP address and the host name should be separated by at least one
O1 - Hosts: # space.
O1 - Hosts: #
O1 - Hosts: # Additionally, comments (such as these) may be inserted on individual
O1 - Hosts: # lines or following the machine name denoted by a '#' symbol.
O1 - Hosts: #
O1 - Hosts: # For example:
O1 - Hosts: #
O1 - Hosts: # 102.54.94.97 rhino.acme.com # source server
O1 - Hosts: # 38.25.63.10 x.acme.com # x client host
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files (x86)\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [Tarantula] "C:\Program Files (x86)\Razer\Tarantula\razerhid.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winrnr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pnrpnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pnrpnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O13 - Gopher Prefix:
O15 - ESC Trusted Zone:
http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/su2/CTL_V02002/ ... /CTPID.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~2\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Microsoft Corporation - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X64 (clr_optimization_v2.0.50727_64) - Microsoft Corporation - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
O23 - Service: @comres.dll,-947 (COMSysApp) - Microsoft Corporation - C:\Windows\system32\dllhost.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Microsoft Corporation - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Microsoft Corporation - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Microsoft Corporation - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193 (idsvc) - Microsoft Corporation - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Microsoft Corporation - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: Office Source Engine (ose) - Microsoft Corporation - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Microsoft Corporation - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Microsoft Corporation - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Microsoft Corporation - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Microsoft Corporation - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Microsoft Corporation - C:\Windows\system32\svchost.exe
--
End of file - 25746 bytes
GMER 1.0.13.12551 -
http://www.gmer.net
Rootkit scan 2007-08-15 12:31:19
Windows 6.0.6000
---- Kernel code sections - GMER 1.0.13 ----
? system32\ntoskrnl.exe The system cannot find the file specified.
? system32\hal.dll The system cannot find the file specified.
? system32\kdcom.dll The system cannot find the file specified.
? system32\PSHED.dll The system cannot find the file specified.
? system32\CLFS.SYS The system cannot find the file specified.
? system32\CI.dll The system cannot find the file specified.
? system32\drivers\Wdf01000.sys The system cannot find the file specified.
? system32\drivers\WDFLDR.SYS The system cannot find the file specified.
? system32\drivers\acpi.sys The system cannot find the file specified.
? system32\drivers\WMILIB.SYS The system cannot find the file specified.
? system32\drivers\msisadrv.sys The system cannot find the file specified.
? system32\drivers\pci.sys The system cannot find the file specified.
? system32\drivers\volmgr.sys The system cannot find the file specified.
? system32\DRIVERS\compbatt.sys The system cannot find the file specified.
? system32\DRIVERS\BATTC.SYS The system cannot find the file specified.
? System32\drivers\mountmgr.sys The system cannot find the file specified.
? system32\drivers\nvraid.sys The system cannot find the file specified.
? system32\drivers\CLASSPNP.SYS The system cannot find the file specified.
? system32\drivers\pciide.sys The system cannot find the file specified.
? system32\drivers\PCIIDEX.SYS The system cannot find the file specified.
? system32\DRIVERS\nvrd64.sys The system cannot find the file specified.
? System32\drivers\volmgrx.sys The system cannot find the file specified.
? system32\drivers\atapi.sys The system cannot find the file specified.
? system32\drivers\ataport.SYS The system cannot find the file specified.
? system32\drivers\nvstor.sys The system cannot find the file specified.
? system32\drivers\storport.sys The system cannot find the file specified.
? system32\DRIVERS\nvstor64.sys The system cannot find the file specified.
? system32\drivers\fltmgr.sys The system cannot find the file specified.
? system32\drivers\fileinfo.sys The system cannot find the file specified.
? system32\drivers\ndis.sys The system cannot find the file specified.
? system32\drivers\msrpc.sys The system cannot find the file specified.
? system32\drivers\NETIO.SYS The system cannot find the file specified.
? System32\Drivers\Ntfs.sys The system cannot find the file specified.
? System32\Drivers\ksecdd.sys The system cannot find the file specified.
? system32\drivers\volsnap.sys The system cannot find the file specified.
? System32\Drivers\spldr.sys The system cannot find the file specified.
? System32\drivers\partmgr.sys The system cannot find the file specified.
? System32\Drivers\mup.sys The system cannot find the file specified.
? System32\drivers\ecache.sys The system cannot find the file specified.
? system32\drivers\disk.sys The system cannot find the file specified.
? system32\drivers\crcdisk.sys The system cannot find the file specified.
? system32\DRIVERS\tunnel.sys The system cannot find the file specified.
? system32\DRIVERS\tunmp.sys The system cannot find the file specified.
? system32\DRIVERS\amdk8.sys The system cannot find the file specified.
? system32\DRIVERS\nvlddmkm.sys The system cannot find the file specified.
? System32\drivers\dxgkrnl.sys The system cannot find the file specified.
? System32\drivers\watchdog.sys The system cannot find the file specified.
? system32\DRIVERS\fdc.sys The system cannot find the file specified.
? system32\DRIVERS\serial.sys The system cannot find the file specified.
? system32\DRIVERS\serenum.sys The system cannot find the file specified.
? system32\DRIVERS\parport.sys The system cannot find the file specified.
? system32\DRIVERS\i8042prt.sys The system cannot find the file specified.
? system32\DRIVERS\kbdclass.sys The system cannot find the file specified.
? system32\DRIVERS\usbohci.sys The system cannot find the file specified.
? system32\DRIVERS\USBPORT.SYS The system cannot find the file specified.
? system32\DRIVERS\usbehci.sys The system cannot find the file specified.
? system32\DRIVERS\cdrom.sys The system cannot find the file specified.
? system32\drivers\ctaud2k.sys The system cannot find the file specified.
? system32\drivers\portcls.sys The system cannot find the file specified.
? system32\drivers\drmk.sys The system cannot find the file specified.
? system32\drivers\ks.sys The system cannot find the file specified.
? system32\drivers\ctoss2k.sys The system cannot find the file specified.
? system32\drivers\ctprxy2k.sys The system cannot find the file specified.
? system32\drivers\ksthunk.sys The system cannot find the file specified.
? system32\DRIVERS\e1e6032e.sys The system cannot find the file specified.
? system32\DRIVERS\ASACPI.sys The system cannot find the file specified.
? system32\DRIVERS\msiscsi.sys The system cannot find the file specified.
? system32\DRIVERS\TDI.SYS The system cannot find the file specified.
? system32\DRIVERS\rasl2tp.sys The system cannot find the file specified.
? system32\DRIVERS\ndistapi.sys The system cannot find the file specified.
? system32\DRIVERS\ndiswan.sys The system cannot find the file specified.
? system32\DRIVERS\raspppoe.sys The system cannot find the file specified.
? system32\DRIVERS\raspptp.sys The system cannot find the file specified.
? system32\DRIVERS\termdd.sys The system cannot find the file specified.
? system32\DRIVERS\mouclass.sys The system cannot find the file specified.
? system32\DRIVERS\swenum.sys The system cannot find the file specified.
? system32\DRIVERS\mssmbios.sys The system cannot find the file specified.
? system32\DRIVERS\umbus.sys The system cannot find the file specified.
? system32\DRIVERS\flpydisk.sys The system cannot find the file specified.
? system32\DRIVERS\usbhub.sys The system cannot find the file specified.
? system32\drivers\ha20x2k.sys The system cannot find the file specified.
? system32\drivers\emupia2k.sys The system cannot find the file specified.
? System32\Drivers\NDProxy.SYS The system cannot find the file specified.
? system32\drivers\ctsfm2k.sys The system cannot find the file specified.
? system32\CT20XUT.DLL The system cannot find the file specified.
? system32\CTEXFIFX.DLL The system cannot find the file specified.
? system32\DRIVERS\klif.sys The system cannot find the file specified.
? System32\Drivers\Fs_Rec.SYS The system cannot find the file specified.
? System32\Drivers\Null.SYS The system cannot find the file specified.
? system32\DRIVERS\HIDPARSE.SYS The system cannot find the file specified.
? System32\drivers\vga.sys The system cannot find the file specified.
? System32\drivers\VIDEOPRT.SYS The system cannot find the file specified.
? System32\DRIVERS\RDPCDD.sys The system cannot find the file specified.
? system32\drivers\rdpencdd.sys The system cannot find the file specified.
? System32\Drivers\Msfs.SYS The system cannot find the file specified.
? System32\Drivers\Npfs.SYS The system cannot find the file specified.
? System32\DRIVERS\rasacd.sys The system cannot find the file specified.
? System32\drivers\tcpip.sys The system cannot find the file specified.
? System32\drivers\fwpkclnt.sys The system cannot find the file specified.
? system32\DRIVERS\tdx.sys The system cannot find the file specified.
? system32\DRIVERS\kl1.sys The system cannot find the file specified.
? system32\DRIVERS\usbccgp.sys The system cannot find the file specified.
? system32\DRIVERS\USBD.SYS The system cannot find the file specified.
? system32\drivers\copperhd.sys The system cannot find the file specified.
? system32\DRIVERS\hidusb.sys The system cannot find the file specified.
? system32\DRIVERS\HIDCLASS.SYS The system cannot find the file specified.
? system32\DRIVERS\smb.sys The system cannot find the file specified.
? system32\drivers\afd.sys The system cannot find the file specified.
? system32\DRIVERS\mouhid.sys The system cannot find the file specified.
? System32\DRIVERS\netbt.sys The system cannot find the file specified.
? system32\DRIVERS\pacer.sys The system cannot find the file specified.
? system32\DRIVERS\kbdhid.sys The system cannot find the file specified.
? system32\DRIVERS\klim6.sys The system cannot find the file specified.
? system32\DRIVERS\netbios.sys The system cannot find the file specified.
? system32\DRIVERS\wanarp.sys The system cannot find the file specified.
? system32\DRIVERS\rdbss.sys The system cannot find the file specified.
? system32\drivers\nsiproxy.sys The system cannot find the file specified.
? System32\Drivers\dfsc.sys The system cannot find the file specified.
? system32\DRIVERS\HidBatt.sys The system cannot find the file specified.
? system32\DRIVERS\USBSTOR.SYS The system cannot find the file specified.
? system32\drivers\UsbFltr.sys The system cannot find the file specified.
? system32\DRIVERS\cdfs.sys The system cannot find the file specified.
? system32\DRIVERS\udfs.sys The system cannot find the file specified.
? System32\Drivers\crashdmp.sys The system cannot find the file specified.
? System32\win32k.sys The system cannot find the file specified.
? System32\drivers\Dxapi.sys The system cannot find the file specified.
? system32\DRIVERS\monitor.sys The system cannot find the file specified.
? System32\cdd.dll The system cannot find the file specified.
? system32\drivers\luafv.sys The system cannot find the file specified.
? system32\drivers\spsys.sys The system cannot find the file specified.
? system32\DRIVERS\lltdio.sys The system cannot find the file specified.
? system32\DRIVERS\nwifi.sys The system cannot find the file specified.
? system32\DRIVERS\ndisuio.sys The system cannot find the file specified.
? system32\DRIVERS\rspndr.sys The system cannot find the file specified.
? system32\drivers\HTTP.sys The system cannot find the file specified.
? System32\DRIVERS\srvnet.sys The system cannot find the file specified.
? system32\DRIVERS\bowser.sys The system cannot find the file specified.
? System32\drivers\mpsdrv.sys The system cannot find the file specified.
? system32\drivers\mrxdav.sys The system cannot find the file specified.
? system32\DRIVERS\mrxsmb.sys The system cannot find the file specified.
? system32\DRIVERS\mrxsmb10.sys The system cannot find the file specified.
? system32\DRIVERS\mrxsmb20.sys The system cannot find the file specified.
? System32\DRIVERS\srv2.sys The system cannot find the file specified.
? System32\Drivers\fastfat.SYS The system cannot find the file specified.
? System32\DRIVERS\srv.sys The system cannot find the file specified.
? system32\drivers\peauth.sys The system cannot find the file specified.
? System32\Drivers\secdrv.SYS The system cannot find the file specified.
? System32\drivers\tcpipreg.sys The system cannot find the file specified.
? system32\DRIVERS\WUDFRd.sys The system cannot find the file specified.
? system32\DRIVERS\WUDFPf.sys The system cannot find the file specified.
? system32\CTEDSPSY.DLL The system cannot find the file specified.
---- Processes - GMER 1.0.13 ----
Process hidden process (*** hidden *** ) 244798
Process hidden process (*** hidden *** ) 897024
Process hidden process (*** hidden *** ) 13041808
---- EOF - GMER 1.0.13 ----