OS: Windows Server 2003
Below is the HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:34 PM, on 3/15/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSESvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$UDDI\Binn\sqlservr.exe
C:\Program Files\Symantec\Ghost\ngserver.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Sunbelt Software\CSE\EnterpriseService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Ghost\bin\dbserv.exe
C:\Program Files\Symantec\Ghost\bin\rteng7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
O4 - HKLM\..\Run: [Acronis Schedule] C:\Program Files\Common Files\Acronis\Schedule\schedule.exe
O4 - HKLM\..\Run: [StartCounterSpyIconApp] C:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2614697982-1039963551-1218827646-1218\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ntp')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - ESC Trusted Zone: http://dlsvr02.asus.com
O15 - ESC Trusted Zone: http://dlsvr03.asus.com
O15 - ESC Trusted Zone: ftp.dlsvr03.asus.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236749565328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = moku.local
O17 - HKLM\Software\..\Telephony: DomainName = moku.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{070AF732-57D2-4A8A-AC5E-9F21EEAEFCDB}: NameServer = 192.168.0.131
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = moku.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{070AF732-57D2-4A8A-AC5E-9F21EEAEFCDB}: NameServer = 192.168.0.131
O23 - Service: CounterSpyAgent - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSESvc.exe
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Program Files\NTP\bin\ntpd.exe
O23 - Service: Sunbelt Software Enterprise Service - Sunbelt Software - C:\Program Files\Sunbelt Software\CSE\EnterpriseService.exe
--
End of file - 5064 bytes