1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: beagle 3 problem

Discussion in 'Windows XP' started by chartliner, Jul 20, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. chartliner

    chartliner Thread Starter

    Joined:
    Feb 14, 2005
    Messages:
    48
    Hello,
    My windows server 2003 machine has been producing beagle like problem that my internet service provider is complaining about. I installed Avast Antivirus and conducted a complete scan; no virus was found. But the provider insisted that the problem still exists.
    Can you help us find the problem?

    Thank you in advance,
    Russ

    --------------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 8:40:07 PM, on 7/14/2006
    Platform: Windows 2003 (WinNT 5.02.3790)
    MSIE: Internet Explorer v6.00 (6.00.3790.0000)

    Running processes:
    C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\aswServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\lserver.exe
    C:\WINDOWS\system32\Dfssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.link800.com/admin.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://webmail.phsa.ca
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [WebDriveTray] "C:\Program Files\WebDrive\webdrive.exe" /trayicon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Cobian Backup 7 Interface] "C:\Program Files\Cobian Backup 7\cobui.exe" -service
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PyroTrans] "C:\Program Files\PyroBatchFTP\pyrobatchftp.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
    O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswWebSv.exe" /service (file missing)
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Cobian Backup 7 service (CobBackup7) - Luis Cobian - C:\Program Files\Cobian Backup 7\cbs.exe
    O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Dfssvc.exe (file missing)
    O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\ntfrs.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)
    O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\RSoPProv.exe (file missing)
    O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\smlogsvc.exe (file missing)
    O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Terminal Server Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lserver.exe (file missing)
    O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Upload Manager (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ups.exe (file missing)
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vssvc.exe (file missing)
    O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
     
  2. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Hello, Russ. Welcome. I am reviewing your HijackThis log now and will be back in a while with advice on anything that I find.
     
  3. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Russ, I just noticed that that HijackThis log was created a week ago. Could you run a fresh HijackThis scan and post it please? Thank you.
     
  4. chartliner

    chartliner Thread Starter

    Joined:
    Feb 14, 2005
    Messages:
    48
    Hi KDD9,

    Someone changed the date on the computer but this log file from Hijackthis was done last night, so it is the current state of the HD.

    Russ


     
  5. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    OK. Got it. I have already begun with this one and should be able to finish it tonight after work.
     
  6. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Please open up HijackThis again, Do a system scan only, and, when it finishes, place a check before the following lines:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.link800.com/admin.htm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)

    Then make sure ALL windows are closed except HijackThis and hit the "Fix checked" button.

    Now open up the Control Panel, choose "Add/Remove Programs", find the entry for Java jre1.5.0_06, click to highlight the entry, then click Remove/change to uninstall it.
    Go here, download and install the latest version of Java.

    Next, from the "Start" menu find "Windows Updates", click on it and get all of the latest Critical Updates for your system.


    Reboot the computer, scan with HijackThis again. This time save a logfile and post it here please.


    I need to ask you: Are you having any trouble with your internet connection?
     
  7. chartliner

    chartliner Thread Starter

    Joined:
    Feb 14, 2005
    Messages:
    48
    Hi I have completed your instructions and the following is the new logfile.
    Internet Connection - we cannot detect any noticeable slowness on our internet connection but we only have 4 people here; The ISP kept sending us warning emails about spam-like activities coming from our network. This machine is the only suspect as the other pc's function like dummy terminals with no IE, No email and no apps; they use remote clients to access applications and emails on this machine.....Thanks!
    -------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 4:31:45 PM, on 7/23/2006
    Platform: Windows 2003 (WinNT 5.02.3790)
    MSIE: Internet Explorer v6.00 (6.00.3790.0000)

    Running processes:
    C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\lserver.exe
    C:\WINDOWS\system32\Dfssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\WebDrive\webdrive.exe
    C:\Program Files\Cobian Backup 7\cobui.exe
    C:\Program Files\PyroBatchFTP\pyrobatchftp.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://webmail.phsa.ca
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [WebDriveTray] "C:\Program Files\WebDrive\webdrive.exe" /trayicon
    O4 - HKLM\..\Run: [Cobian Backup 7 Interface] "C:\Program Files\Cobian Backup 7\cobui.exe" -service
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PyroTrans] "C:\Program Files\PyroBatchFTP\pyrobatchftp.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Cobian Backup 7 service (CobBackup7) - Luis Cobian - C:\Program Files\Cobian Backup 7\cbs.exe
    O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Dfssvc.exe (file missing)
    O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\ntfrs.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)
    O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\RSoPProv.exe (file missing)
    O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\smlogsvc.exe (file missing)
    O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Terminal Server Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lserver.exe (file missing)
    O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Upload Manager (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ups.exe (file missing)
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vssvc.exe (file missing)
    O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
     
  8. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Very well done chartliner. Clean log. That should solve the issue. How are things running now?

    I do believe that there is a service pack 1 for Server 2003. Did you run "Windows Update" and see if there were any updates for your system. Installing service packs when they are released is crucial to keeping your system from getting reinfected. Please visit this page for details and download instructions for Server 2003.

    For some further clean up, I would suggest clearing out the Temp files. Here's how:

    Boot the computer into Safe Mode. For instructions on how to boot into Safe Mode, click here.
    In Safe Mode, click " Start" > "Run" and type %temp% in the Run box.
    The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Next, go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    I also highly recommend installing a bidirectional firewall on your system. A reliable and free one can be found here.
    Note: After the 30 trial, it will revert back to the basic version, but will still work fine.

    Another excellent protection product is SpywareBlaster available here at no cost.
    And while you are there, you might also consider SpywareGuard for real-time protection.

    Make sure you keep all of your security programs up to date, especially the antivirus.

    Please let us know if you still experience any problems.

    If you feel that your issue has been resolved, you can mark the thread "Solved" by using the "Thread tools" button near the top of the page.
     
  9. chartliner

    chartliner Thread Starter

    Joined:
    Feb 14, 2005
    Messages:
    48
    Sorry in getting back to you so late, we have been quite busy.

    We did everything you said to the server and it seems fine, a full Avast scan shows no viruses.

    A full Avast scan of one of the networked pc's showed that it had 251 files infected with Beagle and or Trojano. This computer came from our programmer, so it may have been infected previously to it arriving on this network, not sure. Avast removed or placed in its Virus vault all the bad files, so it all seems good now.

    Cheers to yourself and all the techguy experts and Avast which worked very well on this and has worked on removing other viruses for us in the past.

    Thanks for all your help.

    Russ
     
  10. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Glad we could help.(y)
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485016

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice