Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IUSER_Admin Incessantly appearing on my user list.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IUSER_Admin Incessantly appearing on my user list.

Unread postby EddieMJ89 » September 6th, 2008, 1:54 pm

I let my brother use the computer for a day while I was at school, and the next day I find this strange account - IUSER_Admin sitting on the startup menu. I quickly deleted it. It came back, so I disabled it. Yet it came back again. Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:54 PM, on 9/6/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
E:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
E:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
E:\Program Files (x86)\Bonjour\mDNSResponder.exe
E:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
E:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
E:\Program Files (x86)\AIM6\aim6.exe
E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files (x86)\Hamachi\hamachi.exe
E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
E:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
E:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
E:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files (x86)\Winamp\winampa.exe
E:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
E:\Program Files (x86)\AIM6\aolsoftware.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: _URLHandler - {E3C3876B-8F58-4961-A42E-9639E1162EEB} - E:\PROGRA~2\AUDIOM~1\AUDIOM~1.DLL
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Ai Nap] "E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] E:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUS Energy Saving] "E:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Aim6] "E:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] E:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Fraps] E:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: hamachi.lnk = E:\Program Files (x86)\Hamachi\hamachi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: afinding Service (afinding) - Unknown owner - E:\WINDOWS\AFinding.exe (file missing)
O23 - Service: afisicx Portable Media Serial Service (afisicx) - Unknown owner - E:\WINDOWS\afisicx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - E:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - E:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - E:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - E:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - E:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - E:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - E:\WINDOWS\mabidwe.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - E:\WINDOWS\macidwe.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - E:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nobicyt Service (nobicyt) - Unknown owner - E:\WINDOWS\Nobicyt.exe (file missing)
O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - E:\WINDOWS\noxtcyr.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - E:\WINDOWS\noytcyr.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - E:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: perfs Service (perfs) - Unknown owner - E:\WINDOWS\SysWOW64\perfs.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\SysWOW64\IoctlSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - E:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: routing Service (routing) - Unknown owner - E:\WINDOWS\routing.exe (file missing)
O23 - Service: roxtctm Event propagation service (roxtctm) - Unknown owner - E:\WINDOWS\roxtctm.exe (file missing)
O23 - Service: roytctm Service (roytctm) - Unknown owner - E:\WINDOWS\roytctm.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: sobicyt Service (sobicyt) - Unknown owner - E:\WINDOWS\sobicyt.exe (file missing)
O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - E:\WINDOWS\sotpeca.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - E:\WINDOWS\soxpeca.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - E:\WINDOWS\tdxdowkc.exe (file missing)
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - E:\WINDOWS\tdydowkc.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - E:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - E:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - E:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: wserving Service (wserving) - Unknown owner - E:\WINDOWS\WServing.exe
O23 - Service: wsldoekd Event propagation service (wsldoekd) - Unknown owner - E:\WINDOWS\wsldoekd.exe

End of file - 9970 bytes
Active Member
Posts: 1
Joined: September 6th, 2008, 1:50 pm
Register to Remove

Re: IUSER_Admin Incessantly appearing on my user list.

Unread postby NonSuch » September 14th, 2008, 9:50 pm

We are sorry to inform you that we do not work with Server operating systems here at the Malware Removal Forums. As your operating system is Windows Server 2003, we are unable to assist you.

As this operating system is outside the scope of those dealt with at MWR, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Posts: 27780
Joined: February 23rd, 2005, 7:08 am
Location: California

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 99 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware