Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win2k Server Woes


  • Please log in to reply
1 reply to this topic

#1 G-man

G-man

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 12 August 2005 - 01:18 PM

I'm pretty sure I have a virus of some kind that is causing my troubles. Problem is, I can't find it!

When I attempt to open Task Manager, it flashes up and then immediately closes itself. Also, when I attempt to run windows update, it does the same thing. The Internet is super slow and I am totally frustrated. PLEASE HELP!

Here is the log from HJT, I hope it helps.

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\ati2plxx.exe
C:\Program Files\Dell\OpenManage\OLDiags\bin\OLDserv.exe
C:\WINNT\system32\Dfssvc.exe
C:\PROGRA~1\DIRECPC\bin\dpcproxy.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\Program Files\Dell\OpenManage\OLDiags\bin\Apache.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Dell\OpenManage\OLDiags\bin\Apache.exe
C:\WINACS\ACSTRAY.EXE
C:\WINNT\System32\winaup.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\DirecPC\BIN\dpcstart.exe
C:\WINNT\scanfile.exe
C:\PROGRA~1\DirecPC\bin\dpcnav.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Visual Day Planner] "C:\Program Files\inKline
Global\Visual Day Planner\2day.exe"
O4 - HKLM\..\Run: [ACSTray] C:\WINACS\ACSTRAY.EXE
O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\System32\explorer.exe
O4 - HKLM\..\Run: [DrefIW] C:\WINNT\System32\SysDrefIWv2.exe
O4 - HKLM\..\Run: [WINDOWS SYSTEM] winaup.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\RunServices: [MS Time] timezone.exe
O4 - HKLM\..\RunServices: [JVNL0] C:\WINNT\TEMP\JVNL0.EXE
O4 - HKLM\..\RunServices: [JPTE1] C:\WINNT\TEMP\JPTE1.EXE
O4 - HKLM\..\RunServices: [LTBS2] C:\WINNT\TEMP\LTBS2.EXE
O4 - HKLM\..\RunServices: [MMJS3] C:\WINNT\TEMP\MMJS3.EXE
O4 - HKLM\..\RunServices: [PDFB4] C:\WINNT\TEMP\PDFB4.EXE
O4 - HKLM\..\RunServices: [WINDOWS SYSTEM] winaup.exe
O4 - HKLM\..\RunServices: [LMGM0] C:\WINNT\TEMP\LMGM0.EXE
O4 - HKLM\..\RunServices: [VJII1] C:\WINNT\TEMP\VJII1.EXE
O4 - HKLM\..\RunServices: [IMXO2] C:\WINNT\TEMP\IMXO2.EXE
O4 - HKLM\..\RunServices: [SSMA3] C:\WINNT\TEMP\SSMA3.EXE
O4 - HKLM\..\RunServices: [CJFM4] C:\WINNT\TEMP\CJFM4.EXE
O4 - HKLM\..\RunServices: [PVVN0] C:\WINNT\TEMP\PVVN0.EXE
O4 - HKLM\..\RunServices: [HEIK1] C:\WINNT\TEMP\HEIK1.EXE
O4 - Global Startup: dpcstart.lnk = C:\Program
Files\DirecPC\BIN\dpcstart.exe
O4 - Global Startup: Scanner File Utility.lnk = C:\Program
Files\Kyocera Mita\FileUtility\fileexec.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/...b?1123786029093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
tabernacle.local
O17 -
HKLM\System\CCS\Services\Tcpip\..\{3A3E90EA-7E67-4EA4-B265-63ECFB1B2941}: NameServer = 127.0.0.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6BA93B7D-6A67-4378-BD07-ED7B09DABF1C}: Domain = direcway.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6BA93B7D-6A67-4378-BD07-ED7B09DABF1C}: NameServer = 66.82.4.8
O17 -
HKLM\System\CCS\Services\Tcpip\..\{82FDE051-962C-481F-8D9B-EDBCADB720E1}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
tabernacle.local
O17 -
HKLM\System\CS1\Services\Tcpip\..\{3A3E90EA-7E67-4EA4-B265-63ECFB1B2941}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
tabernacle.local
O17 -
HKLM\System\CS2\Services\Tcpip\..\{3A3E90EA-7E67-4EA4-B265-63ECFB1B2941}: NameServer = 127.0.0.1
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
tabernacle.local
O17 -
HKLM\System\CS3\Services\Tcpip\..\{3A3E90EA-7E67-4EA4-B265-63ECFB1B2941}: NameServer = 127.0.0.1
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINNT\System32\ati2plxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec
Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: dellw3c - Unknown owner - C:\Program
Files\Dell\OpenManage\OLDiags\bin\Apache.exe
O23 - Service: dellw3j - Unknown owner - C:\Program
Files\Dell\OpenManage\OLDiags\bin\OLDserv.exe
O23 - Service: DIRECWAY Webcast (DPC_SRV_WEBCAST) - Hughes Network
Systems - C:\PROGRA~1\DIRECPC\bin\dpcproxy.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program
Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: MS Time (MSTime) - Unknown owner -
C:\WINNT\System32\timezone.exe" -service (file missing)
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp.
- C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe

Edited by G-man, 12 August 2005 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:02 AM

Posted 14 August 2005 - 10:56 PM

Hello G-man and welcome to the BC HijackThis forum. It appears that there is some information missing from this log. We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer. If you do not have a copy of HijackThis or do not have the latest version (1.99.1) then download it from here: HijackThis_sfx.exe
Double-click on the file you just downloaded and click on the UnZip button to install the program. It will be installed to the C:\Program Files\HijackThis\ folder by default.

Boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

I will review your log when it comes in.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users