1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible Trojan: 2 Panda services not starting. Hijack log included

Discussion in 'Virus & Other Malware Removal' started by reveille_83, Feb 14, 2007.

Thread Status:
Not open for further replies.
  1. reveille_83

    reveille_83 Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    1
    Gurus,

    I am at my end. I have a server running Server 2003 SBS. We are running Panda Antivirus and seem to be having some problems with it. We have 2 services that refuse to start. The services are: Panda PavKRE and Panda PavProt.

    According to what I've read on the internet these services are important and should be running under normal conditions. I have included my Hijackthis log in attempt to help you guys further assist me.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:57:35 AM, on 2/14/2007
    Platform: Windows 2003 SP1 (WinNT 5.02.3790)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\AVNT\PavFnSvr.exe
    C:\Program Files\Panda Software\AVNT\WebProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    D:\Program Files\AdminServer\AdminServer.exe
    C:\Program Files\Panda Software\AVNT\CPntSrv.exe
    C:\WINDOWS\system32\Dfssvc.exe
    D:\Executive Software\Diskeeper\DkService.exe
    D:\Executive Software\Diskeeper Administrator\Controller\AdminServer.exe
    C:\WINDOWS\System32\dns.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
    C:\WINDOWS\system32\ntfrs.exe
    D:\Program Files\Distribution Server\PadFSvr.exe
    C:\Program Files\Panda Software\AVNT\PSCTRLS.EXE
    C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
    C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
    C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
    C:\WINDOWS\System32\Pavcvpfw\Pavcvpfw.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\AVNT\PavSrv51.exe
    C:\Program Files\Panda Software\AVNT\PnmSrv.exe
    C:\Program Files\Panda Software\AVNT\PsImSvc.exe
    C:\Program Files\Panda Software\AVNT\AVENGINE.EXE
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlagent.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
    C:\Program Files\Microsoft Windows Small Business Server\monitoring\WbLogSvc.exe
    C:\WINDOWS\System32\wins.exe
    C:\Program Files\Exchsrvr\bin\exmgmt.exe
    C:\Program Files\Exchsrvr\bin\mad.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Exchsrvr\bin\store.exe
    C:\WINDOWS\System32\PavEx\PavExA\PavEx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
    C:\WINDOWS\Explorer.EXE
    D:\Acronis\TrueImageServer\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    D:\Acronis\TrueImageServer\TimounterMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\logon.scr
    c:\windows\system32\inetsrv\w3wp.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Executive Software\Diskeeper\DfrgNTFS.exe
    c:\windows\system32\inetsrv\w3wp.exe
    c:\windows\system32\inetsrv\w3wp.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\rdpclip.exe
    C:\WINDOWS\Explorer.EXE
    D:\Acronis\TrueImageServer\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    D:\Acronis\TrueImageServer\TimounterMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Seldon Laboratories
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - D:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Acronis\TrueImageServer\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Acronis\TrueImageServer\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Server Management.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://companyweb
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124298059390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130883478531
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Seldon.local
    O17 - HKLM\Software\..\Telephony: DomainName = Seldon.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15A43A21-0DE5-43D1-838F-E1D81DC3A8DE}: NameServer = 192.168.80.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3191056-AE3D-4DBF-B1AA-03F9E00445C4}: NameServer = 192.168.80.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Seldon.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15A43A21-0DE5-43D1-838F-E1D81DC3A8DE}: NameServer = 192.168.80.1
    O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
    O20 - Winlogon Notify: TPLogon - TPLogon.dll (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - D:\Program Files\AdminServer\AdminServer.exe
    O23 - Service: Panda NetworkSecure Service (CPntSrv) - Panda Software - C:\Program Files\Panda Software\AVNT\CPntSrv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Diskeeper Administrator Service - Executive Software International, Inc. - D:\Executive Software\Diskeeper Administrator\Controller\AdminServer.exe
    O23 - Service: MSSQL$SBSMONITORING - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe" -sSBSMONITORING (file missing)
    O23 - Service: MSSQL$SHAREPOINT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe" -sSHAREPOINT (file missing)
    O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - D:\Program Files\Distribution Server\PadFSvr.exe
    O23 - Service: Panda Software Controller - Panda Software - C:\Program Files\Panda Software\AVNT\PSCTRLS.EXE
    O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
    O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
    O23 - Service: Panda CVPSecure (Pavcvpfw) - Panda SoftWare - C:\WINDOWS\System32\Pavcvpfw\Pavcvpfw.exe
    O23 - Service: Panda ExchangeSecure (PAvDCExc) - Panda Software - C:\WINDOWS\System32\PavEx\PAvDCExc.exe
    O23 - Service: Panda Function Service (PavFnSvr) - Panda Software - C:\Program Files\Panda Software\AVNT\PavFnSvr.exe
    O23 - Service: Panda PavKRE (PavKRE) - Panda Software - C:\Program Files\Panda Software\AVNT\PavKRE.exe
    O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\AVNT\PavProt.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
    O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software - C:\Program Files\Panda Software\AVNT\PavSrv51.exe
    O23 - Service: Panda Firewall Service (PnmSrv) - Panda Software - C:\Program Files\Panda Software\AVNT\PnmSrv.exe
    O23 - Service: Panda IManager Service (PsImSvc) - Panda Software Internacional - C:\Program Files\Panda Software\AVNT\PsImSvc.exe
    O23 - Service: SQLAgent$SBSMONITORING - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE" -i SBSMONITORING (file missing)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544043

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice