Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:54 PM, on 9/6/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
E:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
E:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
E:\WINDOWS\afisicx.exe
E:\Program Files (x86)\Bonjour\mDNSResponder.exe
E:\WINDOWS\mabidwe.exe
E:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\noxtcyr.exe
E:\WINDOWS\noytcyr.exe
E:\WINDOWS\SysWOW64\perfs.exe
E:\WINDOWS\SysWOW64\IoctlSvc.exe
E:\WINDOWS\SysWOW64\PnkBstrA.exe
E:\WINDOWS\roytctm.exe
E:\WINDOWS\sotpeca.exe
E:\WINDOWS\soxpeca.exe
E:\WINDOWS\tdydowkc.exe
E:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\WServing.exe
E:\WINDOWS\wsldoekd.exe
E:\Program Files (x86)\AIM6\aim6.exe
E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
E:\WINDOWS\SysWOW64\ctfmon.exe
E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\FRAPS\FRAPS.EXE
E:\Program Files (x86)\Hamachi\hamachi.exe
E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
E:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
E:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
E:\WINDOWS\system32\CTXFIHLP.EXE
E:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
E:\WINDOWS\SysWOW64\CTXFISPI.EXE
E:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files (x86)\Winamp\winampa.exe
E:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
E:\Program Files (x86)\AIM6\aolsoftware.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: _URLHandler - {E3C3876B-8F58-4961-A42E-9639E1162EEB} - E:\PROGRA~2\AUDIOM~1\AUDIOM~1.DLL
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Ai Nap] "E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] E:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUS Energy Saving] "E:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Aim6] "E:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] E:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Fraps] E:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: hamachi.lnk = E:\Program Files (x86)\Hamachi\hamachi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: afinding Service (afinding) - Unknown owner - E:\WINDOWS\AFinding.exe (file missing)
O23 - Service: afisicx Portable Media Serial Service (afisicx) - Unknown owner - E:\WINDOWS\afisicx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - E:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - E:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - E:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - E:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - E:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - E:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - E:\WINDOWS\mabidwe.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - E:\WINDOWS\macidwe.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - E:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nobicyt Service (nobicyt) - Unknown owner - E:\WINDOWS\Nobicyt.exe (file missing)
O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - E:\WINDOWS\noxtcyr.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - E:\WINDOWS\noytcyr.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - E:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: perfs Service (perfs) - Unknown owner - E:\WINDOWS\SysWOW64\perfs.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\SysWOW64\IoctlSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - E:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: routing Service (routing) - Unknown owner - E:\WINDOWS\routing.exe (file missing)
O23 - Service: roxtctm Event propagation service (roxtctm) - Unknown owner - E:\WINDOWS\roxtctm.exe (file missing)
O23 - Service: roytctm Service (roytctm) - Unknown owner - E:\WINDOWS\roytctm.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: sobicyt Service (sobicyt) - Unknown owner - E:\WINDOWS\sobicyt.exe (file missing)
O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - E:\WINDOWS\sotpeca.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - E:\WINDOWS\soxpeca.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - E:\WINDOWS\tdxdowkc.exe (file missing)
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - E:\WINDOWS\tdydowkc.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - E:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - E:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - E:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: wserving Service (wserving) - Unknown owner - E:\WINDOWS\WServing.exe
O23 - Service: wsldoekd Event propagation service (wsldoekd) - Unknown owner - E:\WINDOWS\wsldoekd.exe
--
End of file - 9970 bytes