Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Answered] Virus Infected Windows 2000 Server

[Fixed] Hijackthis! Logs - [Answered] Virus Infected Windows 2000 Server posted in the Security & Safety forums; Hi there, I am running a Windows 2000 Server with Citrix for the offsite users to access the system.Note: The file system: NTFS The network is in a workgroup. (Active ...

JOIN US NOW to remove these Ads

PC Help Forum, the number one FREE computer support website in the search engines
Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-14-2005
anteaus's Avatar
Bronze Member
  
Join Date: Jun 2005
Posts: 3
anteaus - See this Members User comments on their Profile page
Default [Answered] Virus Infected Windows 2000 Server
Hi there,

I am running a Windows 2000 Server with Citrix for the offsite users to
access the system.Note: The file system: NTFS
The network is in a workgroup. (Active directory is not running)

Last Thursday, we discovered a worm in the server. Note: the file NPFMONTR.exe
was located in the startup. According to Symantec, it was a w32.spybot worm.
The worm was causing the server to send out packets and as a result the
internet access was slowed down tremendously

The virus was removed by Symantec and I manually stopped the npfmontr.exe
from running (running msconfig and stopped the program from starting)

The Internet access is back to normal!
Problems that I am still facing:-
1) I have installed Windows 2000 SP4 but when I run live update,
thesecurity updates cannot be installed.

2) After leaving the server idle for say 1/2 hour, you cannot login to the
server even with the administrator logon.
The error message says
'The system can not log you on due to the following error
The network request is not supported.Please try again or consult your system
administrator.

3) When I try to update the Symantec Corp Edition Ver 9, it says it has the latest update ( it's only dated 6th June)
When I try to scan for virus, it stops and says that there is not enough hard disk space. I have gigs of space.

I have tried online virus scanning via Trend and Panda but something in the
background seems to be stopping them from running

Just about an hour ago, I scanned using Sophos via Multi_av.exe, a virus W32/rbot-fam was detected and removed
the file win-logon.exe was deleted.

However, I am still unable to run the Windows update. The files are downloaded but the system refuses to allow the
system update

Any advise is very much appreciated.
  #2  
Old 06-14-2005
Zimbo's Avatar
Friend of PCHF
  
Join Date: Sep 2004
Location: Right here !
Posts: 2,150
Zimbo - See this Members User comments on their Profile page
Default Re: Virus Infected Windows 2000 Server
Welcome anteaus


Lets run a few tools :

Tell us if these programs detect anything.

Have you looked in your Task Manager to make sure there aren't any weird processes running, also check your registry under the RUN section.

If you are unsure about using the registry then run a HiJackThis log and post it on the site for us to take a look at.

This virus disables your antivirus software by the looks of it, checkout the information here and in the Recovery section you can download an emergency boot disk.
http://www.sophos.com/virusinfo/anal...32rbotfam.html
  #3  
Old 06-15-2005
anteaus's Avatar
Bronze Member
  
Join Date: Jun 2005
Posts: 3
anteaus - See this Members User comments on their Profile page
Default Re: Virus Infected Windows 2000 Server
Hi Zimbo,

Thanks very much for your advise.
As per your advice, pls find attached the log file from Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 3:23:00 PM, on 15-Jun-05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
D:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
D:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\WINNT\System32\msdtc.exe
D:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINNT\System32\CpqRcmc.exe
C:\Compaq\vcagent\vcagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\ESM2\SAgentNT.exe
C:\ESM2\EBRR.EXE
C:\compaq\survey\Surveyor.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\lserver.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
D:\Navision\server services\SERVER.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cdmsvc.exe
C:\WINNT\System32\CPQNiMgt\CPQNIMGT.EXE
C:\WINNT\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
C:\WINNT\system32\cpqmgmt\cqmgstor\cqmgstor.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\encsvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
C:\WINNT\System32\mfcom.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
C:\WINNT\System32\CPQMGMT\CPQWMGMT.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
C:\Program Files\Citrix\system32\icabar.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\ESM2\Stms.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\ztvD\Hijack This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TPF_AAIMR] D:\Program Files\Tiny Firewall Pro\aaimr.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\system32\msconfig.exe /auto
O4 - HKLM\..\RunServices: [NPF Value] NPFMONTR.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update Logon] win-logon.exe
O4 - HKCU\..\Run: [AMonitor] D:\Program Files\Tiny Firewall Pro\amon.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\web\relat ed.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\web\relat ed.htm (file missing)
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.winserver\windows\system32\ rnr20.dll' missing
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = luxchem1.com.my
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AB4CF65-A538-4D07-B554-4DC1425266E4}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = luxchem1.com.my
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AB4CF65-A538-4D07-B554-4DC1425266E4}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = luxchem1.com.my
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AB4CF65-A538-4D07-B554-4DC1425266E4}: NameServer = 202.188.0.133,202.188.1.5
O20 - AppInit_DLLs: mfaphook.dll UmxSbxExw.dll
O20 - Winlogon Notify: MetaFrame - ctxnotif.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: PFW - UmxWnp.Dll (file missing)
O23 - Service: Alerter - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\Microsoft .NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Network (CdmService) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ cdmsvc.exe (file missing)
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ clipsrv.exe (file missing)
O23 - Service: Compaq NIC Agents (CPQNicMgmt) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ CPQNiMgt\CPQNIMGT.EXE (file missing)
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ CpqRcmc.exe (file missing)
O23 - Service: Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: Compaq Web Agent (CpqWebMgmt) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ CPQMGMT\CPQWMGMT.EXE (file missing)
O23 - Service: Compaq Foundation Agents (CqMgHost) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ cpqmgmt\CqMgHost\CQMGHOST.EXE (file missing)
O23 - Service: Compaq Server Agents (CqMgServ) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ cpqmgmt\CqMgServ\CqMgServ.EXE (file missing)
O23 - Service: Compaq Storage Agents (CqMgStor) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ cpqmgmt\cqmgstor\cqmgstor.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: DNS Server (DNS) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ dns.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Encryption Service - Citrix Systems, Inc. - C:\WINNT\System32\encsvc.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: Fax Service (Fax) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ faxsvc.exe (file missing)
O23 - Service: Independent Management Architecture (IMAService) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: License Logging Service (LicenseService) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ llssrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: MetaFrame COM Server (MFCom) - Citrix Systems, Inc. - C:\WINNT\System32\mfcom.exe
O23 - Service: Network DDE (NetDDE) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ netdde.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: File Replication Service (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: IPSEC Policy Agent (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Remote Registry Service (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ regsvc.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ rsvp.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ lsass.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ SCardSvr.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ MSTask.exe (file missing)
O23 - Service: RunAs Service (seclogon) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ spoolsv.exe (file missing)
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe
O23 - Service: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ sysdown.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ termsrv.exe (file missing)
O23 - Service: Terminal Services Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ lserver.exe (file missing)
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ tlntsvr.exe (file missing)
O23 - Service: Distributed Link Tracking Server (TrkSvr) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: FW Event Manager (UmxAgent) - Tiny Software, Inc. - D:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Tiny Software, Inc. - D:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Tiny Software Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ ups.exe (file missing)
O23 - Service: Utility Manager (UtilMan) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ UtilMan.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Windows Management Instrumentation (WinMgmt) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ WBEM\WinMgmt.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ Services.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)


What are your comments?

Thks


Anteaus
  #4  
Old 06-15-2005
anteaus's Avatar
Bronze Member
  
Join Date: Jun 2005
Posts: 3
anteaus - See this Members User comments on their Profile page
Default Re: Virus Infected Windows 2000 Server
Zimbo,

By the way,
I have scanned using both the recommended software (Stinger and the one from Microsoft) but nothing was detected.



Thks
  #5  
Old 06-15-2005
Zimbo's Avatar
Friend of PCHF
  
Join Date: Sep 2004
Location: Right here !
Posts: 2,150
Zimbo - See this Members User comments on their Profile page
Default Re: Virus Infected Windows 2000 Server
Alright delete these entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\web\relat ed.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\web\relat ed.htm (file missing)
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.winserver\windows\system32\ rnr20.dll' missing
O20 - Winlogon Notify: MetaFrame - ctxnotif.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: PFW - UmxWnp.Dll (file missing)
O23 - Service: Alerter - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\Microsoft .NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Client Network (CdmService) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ cdmsvc.exe (file missing)
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ clipsrv.exe (file missing)
O23 - Service: Compaq NIC Agents (CPQNicMgmt) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ CPQNiMgt\CPQNIMGT.EXE (file missing)
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ CpqRcmc.exe (file missing)
O23 - Service: Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: Compaq Web Agent (CpqWebMgmt) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ CPQMGMT\CPQWMGMT.EXE (file missing)
O23 - Service: Compaq Foundation Agents (CqMgHost) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ cpqmgmt\CqMgHost\CQMGHOST.EXE (file missing)
O23 - Service: Compaq Server Agents (CqMgServ) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ cpqmgmt\CqMgServ\CqMgServ.EXE (file missing)
O23 - Service: Compaq Storage Agents (CqMgStor) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ cpqmgmt\cqmgstor\cqmgstor.exe (file missing)
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: DNS Server (DNS) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ dns.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Encryption Service - Citrix Systems, Inc. - C:\WINNT\System32\encsvc.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: Fax Service (Fax) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ faxsvc.exe (file missing)
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: License Logging Service (LicenseService) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ llssrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Network DDE (NetDDE) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ netdde.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: File Replication Service (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: IPSEC Policy Agent (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Remote Registry Service (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ regsvc.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ rsvp.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ lsass.exe (file missing)
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ SCardSvr.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ MSTask.exe (file missing)
O23 - Service: RunAs Service (seclogon) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ spoolsv.exe (file missing)
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ sysdown.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ termsrv.exe (file missing)
O23 - Service: Terminal Services Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ lserver.exe (file missing)
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ tlntsvr.exe (file missing)
O23 - Service: Distributed Link Tracking Server (TrkSvr) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ services.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ ups.exe (file missing)
O23 - Service: Utility Manager (UtilMan) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ UtilMan.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ services.exe (file missing)
O23 - Service: Windows Management Instrumentation (WinMgmt) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ WBEM\WinMgmt.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ Services.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\system32\ svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator.WINSERVER\WINDOWS\System32\ svchost.exe (file missing)

Also run a Regcleaner program, below is a basic program which is free.
Regclean 4.1a

Run this more advanced one as well if you want, you won't be able to fix anything unless you register it but it gives you an idea of what could be wrong.
http://www.registryfix.com/
  #6  
Old 08-09-2005
bkonn's Avatar
Bronze Member
  
Join Date: Aug 2005
Posts: 1
bkonn - See this Members User comments on their Profile page
Default Re: Virus Infected Windows 2000 Server
I'm having the same issue with our 2000 server. We are unable to run any executables, anti virus was disabled by virus and all my networking components fail to open up.

I was able to do a scan from Trends house call web site, found 1 virus called Troj_small.ac It looks like things are being re-directed to a I:\windows system32\smss.ex
Please help!!!!!

Brian




Logfile of HijackThis v1.99.0
Scan saved at 12:29:33 PM, on 8/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe
C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe
C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\Compaq\vcagent\vcagent.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\NCDClientServices\ThinPATHPlus\S essionQuery.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.EXE
C:\WINNT\System32\lserver.exe
C:\Program Files\NCD\ThinSTAR Management\TMS.exe
C:\Program Files\NCD\ThinSTAR Management\TMSFileServer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\WINNT\System32\MsgSys.EXE
C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
C:\WINNT\Explorer.EXE
C:\Program Files\SSC\NSCTOP.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
T:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,NCDClientS ervices\ThinPATHPlus\PerUser.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O10 - Broken Internet access because of LSP provider 'i:\windows\system32\rnr20.dll' missing
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {BD324C84-E46E-11D3-83D0-00C04F4EB66B} (HTMLParser Class) - https://eportal.exact.nl/cab/ebcasp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ame.internal
O17 - HKLM\System\CCS\Services\Tcpip\..\{3723F1D8-BF91-4C7E-A5C8-7CD6CFCB0EA0}: NameServer = 64.249.69.213
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ame.internal
O17 - HKLM\System\CS1\Services\Tcpip\..\{3723F1D8-BF91-4C7E-A5C8-7CD6CFCB0EA0}: NameServer = 64.249.69.213
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ame.internal
O17 - HKLM\System\CS2\Services\Tcpip\..\{3723F1D8-BF91-4C7E-A5C8-7CD6CFCB0EA0}: NameServer = 64.249.69.213
O23 - Service: Alerter - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: APC PBE Agent - APC - C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe
O23 - Service: APC PBE Server - APC - C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe
O23 - Service: Application Management - Unknown - I:\WINDOWS\system32\services.exe (file missing)
O23 - Service: ASP.NET State Service - Unknown - I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe (file missing)
O23 - Service: Backup Exec Remote Agent for Windows Servers - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Background Intelligent Transfer Service - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Computer Browser - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: ClipBook - Unknown - I:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: HP Insight NIC Agent - Unknown - I:\WINDOWS\System32\CPQNiMgt\cpqnimgt.exe (file missing)
O23 - Service: Compaq Remote Monitor Service - Unknown - I:\WINDOWS\System32\CpqRcmc.exe (file missing)
O23 - Service: Version Control Agent - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent - Unknown - I:\WINDOWS\System32\CPQMgmt\cpqwmgmt.exe (file missing)
O23 - Service: HP Insight Foundation Agent - Unknown - I:\WINDOWS\System32\CPQMgmt\CqMgHost\cqmghost.exe (file missing)
O23 - Service: HP Insight Server Agents - Unknown - I:\WINDOWS\System32\CPQMgmt\CqMgServ\cqmgserv.exe (file missing)
O23 - Service: HP Insight Storage Agents - Unknown - I:\WINDOWS\System32\CPQMgmt\CqMgStor\cqmgstor.exe (file missing)
O23 - Service: Distributed File System - Unknown - I:\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - Unknown - I:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: DNS Server - Unknown - I:\WINDOWS\System32\dns.exe (file missing)
O23 - Service: DNS Client - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: ExecView Communication Module (ECM) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe
O23 - Service: Event Log - Unknown - I:\WINDOWS\system32\services.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Fax Service - Unknown - I:\WINDOWS\system32\faxsvc.exe (file missing)
O23 - Service: Intersite Messaging - Unknown - I:\WINDOWS\System32\ismserv.exe (file missing)
O23 - Service: Kerberos Key Distribution Center - Unknown - I:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Server - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: Workstation - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: License Logging Service - Unknown - I:\WINDOWS\System32\llssrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper Service - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: Messenger - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: NCD Session Query Service - Unknown - C:\WINNT\system32\NCDClientServices\ThinPATHPlus\S essionQuery.exe
O23 - Service: Network DDE - Unknown - I:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Network DDE DSDM - Unknown - I:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Net Logon - Unknown - I:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Network Connections - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: File Replication Service - Unknown - I:\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider - Unknown - I:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Removable Storage - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Plug and Play - Unknown - I:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Policy Agent - Unknown - I:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Protected Storage - Unknown - I:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Registry Service - Unknown - I:\WINDOWS\system32\regsvc.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator - Unknown - I:\WINDOWS\System32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) - Unknown - I:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: QoS RSVP - Unknown - I:\WINDOWS\System32\rsvp.exe (file missing)
O23 - Service: Security Accounts Manager - Unknown - I:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card Helper - Unknown - I:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Smart Card - Unknown - I:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler - Unknown - I:\WINDOWS\system32\MSTask.exe (file missing)
O23 - Service: RunAs Service - Unknown - I:\WINDOWS\system32\services.exe (file missing)
O23 - Service: System Event Notification - Unknown - I:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: SNMP Service - Unknown - I:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service - Unknown - I:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler - Unknown - I:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - Service: HP ProLiant System Shutdown Service - Unknown - I:\WINDOWS\System32\sysdown.exe (file missing)
O23 - Service: Performance Logs and Alerts - Unknown - I:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services - Unknown - I:\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: Terminal Services Licensing - Unknown - I:\WINDOWS\System32\lserver.exe (file missing)
O23 - Service: ThinSTAR Management Service - Network Computing Devices, Inc. - C:\Program Files\NCD\ThinSTAR Management\TMS.exe
O23 - Service: Telnet - Unknown - I:\WINDOWS\system32\tlntsvr.exe (file missing)
O23 - Service: TMS File Server - Network Computing Devices, Inc. - C:\Program Files\NCD\ThinSTAR Management\TMSFileServer.exe
O23 - Service: Distributed Link Tracking Server - Unknown - I:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Distributed Link Tracking Client - Unknown - I:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Utility Manager - Unknown - I:\WINDOWS\System32\UtilMan.exe (file missing)
O23 - Service: Windows Time - Unknown - I:\WINDOWS\System32\services.exe (file missing)
O23 - Service: Windows Management Instrumentation - Unknown - I:\WINDOWS\System32\WBEM\WinMgmt.exe (file missing)
O23 - Service: Windows Internet Name Service (WINS) - Unknown - I:\WINDOWS\System32\wins.exe (file missing)
O23 - Service: Portable Media Serial Number Service - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions - Unknown - I:\WINDOWS\system32\Services.exe (file missing)
O23 - Service: Automatic Updates - Unknown - I:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration - Unknown - I:\WINDOWS\System32\svchost.exe (file missing)

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 2 1 2 >

Bookmarks

« [FIXED] HiJackThis log | [Fixed] files identified by adaware I can't get rid of »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 08:36 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top