Tech Support Guy banner
Cancel

lsass.exe shutdown problem. hijackthis log inside

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 6 of 6 Posts
S

· Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
Hi Guys, I have a computer that does the lsass.exe system shutdown after the 60 second count down This has happened to a few PC's last week and I found a microsoft patch that seemed to fix the problem but when I tried to run the patch on this particular machine it would not complete. I have read through previous posts about this problem/virus and have tried the sasser and blaster worm removal tools and both found nothing. The virus program we use here also finds nothing. So in a nutshell Im stumped. Here is the log generated by hijack this. Please advise and thanks in advace!

Logfile of HijackThis v1.99.0
Scan saved at 11:02:23 AM, on 1/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Binn\sqlservr.exe
C:\Program Files\Patchlink\Update Agent\GravitixService.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
C:\Program Files\GM SPO\SI\TransBase\TBMUX32.EXE
C:\WINDOWS\System32\WSFINALACLSERVICE.exe
C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\java.exe
C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indian-river.k12.fl.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.indian-river.k12.fl.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.120.51.4:80
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [aavctorun] C:\Program Files\VCASEL2000\vcsecure.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: ALLDATASC MSDE Server.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Auto Admin Utility.lnk = C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.indian-river.k12.fl.us
O17 - HKLM\Software\..\Telephony: DomainName = sdirc.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{785B9960-209A-45A8-8A1E-BB67CC915D44}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C01E6B-432E-43F8-93C3-CA2B69D41728}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sdirc.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{785B9960-209A-45A8-8A1E-BB67CC915D44}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sdirc.local
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\Patchlink\Update Agent\GravitixService.exe
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
O23 - Service: SI Apache Server - Unknown - C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
O23 - Service: SI TransBase - TransAction Software GmbH, D 81739 Munich - C:\Program Files\GM SPO\SI\TransBase\TBMUX32.EXE
O23 - Service: VC WS CHANGEACL Service - cpsi - C:\WINDOWS\System32\WSFINALACLSERVICE.exe
 
M

· Registered
Joined
·
3,181 Posts
#2 ·
Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

CWshredder from http://www.subratam.org/?page=removal
Spybot - Search & Destroy from http://security.kolla.de
Download Adaware SE http://www.lavasoftusa.com/support/download/

then
Run CWSHREDDER,

Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
and make sure you have all of Microsoft security updates

then reboot &

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &

Run ADAWARE

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.
then post a new hijackthis log
 
S

· Registered
Joined
·
8 Posts
Discussion Starter · #3 ·
thanks for the speedy reply mjack. I did all of the above and after the final restart I still get the lsass.exe application error and if I click ok to that error the system shutdown pops up and after 60 seconds it shuts down. here is the latest HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 1:50:20 PM, on 1/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Binn\sqlservr.exe
C:\Program Files\Patchlink\Update Agent\GravitixService.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
C:\Program Files\GM SPO\SI\TransBase\TBMUX32.EXE
C:\WINDOWS\System32\WSFINALACLSERVICE.exe
C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\java.exe
C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indian-river.k12.fl.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.indian-river.k12.fl.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.120.51.4:80
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [aavctorun] C:\Program Files\VCASEL2000\vcsecure.exe
O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: ALLDATASC MSDE Server.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Auto Admin Utility.lnk = C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.indian-river.k12.fl.us
O17 - HKLM\Software\..\Telephony: DomainName = sdirc.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{785B9960-209A-45A8-8A1E-BB67CC915D44}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C01E6B-432E-43F8-93C3-CA2B69D41728}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sdirc.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{785B9960-209A-45A8-8A1E-BB67CC915D44}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sdirc.local
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\Patchlink\Update Agent\GravitixService.exe
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
O23 - Service: SI Apache Server - Unknown - C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
O23 - Service: SI TransBase - TransAction Software GmbH, D 81739 Munich - C:\Program Files\GM SPO\SI\TransBase\TBMUX32.EXE
O23 - Service: VC WS CHANGEACL Service - cpsi - C:\WINDOWS\System32\WSFINALACLSERVICE.exe

Please advise and thanks in advance.
 
M

· Registered
Joined
·
3,181 Posts
#4 ·
Run an online antivirus check from at least one and preferably 2 of the following sites

http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www.anti-trojan.net/en/onlinecheck.aspx

Be sure and put a check in the box by "Auto Clean" before you do the
scan. If it finds anything that it cannot clean have it delete it or
make a note of the exact file name and file location so you can delete it yourself.
 
S

· Registered
Joined
·
8 Posts
Discussion Starter · #5 ·
thank you for the reply again mjack. I'm truly stumped now. I cant run any of the online virus scans or run windows updates. I get an "Failed to launch active-x controls due to permissions." I've even changed the security level in IE to low and I still cannot get any of the scans or updates to run. I cant even get to user accounts to check if I have administrator rights. Please advise.
 
S

· Registered
Joined
·
8 Posts
Discussion Starter · #6 ·
OK, I found a copy of NAV 2005 and installed it and updated the virus defs through intelligent updater. After that I ran a scan and it detected 10 objects that had already been found and quaranteened/deleted by Adaware. After that I restarted with it conected to the network and no shutdown messages soo far. Ill include a HJT log if anyone wants to take a look. Thanks for your help!

Logfile of HijackThis v1.99.0
Scan saved at 2:18:25 PM, on 1/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Patchlink\Update Agent\GravitixService.exe
C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
C:\Program Files\GM SPO\SI\TransBase\TBMUX32.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\java.exe
C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\WSFINALACLSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indian-river.k12.fl.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.indian-river.k12.fl.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.120.51.4:80
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [aavctorun] C:\Program Files\VCASEL2000\vcsecure.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: ALLDATASC MSDE Server.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Auto Admin Utility.lnk = C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.indian-river.k12.fl.us
O15 - Trusted Zone: http://Download.Windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{785B9960-209A-45A8-8A1E-BB67CC915D44}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C01E6B-432E-43F8-93C3-CA2B69D41728}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sdirc.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{785B9960-209A-45A8-8A1E-BB67CC915D44}: NameServer = 10.20.51.1,10.10.51.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sdirc.local
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\Patchlink\Update Agent\GravitixService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SI Apache Server - Unknown - C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe
O23 - Service: SI TransBase - TransAction Software GmbH, D 81739 Munich - C:\Program Files\GM SPO\SI\TransBase\TBMUX32.EXE
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VC WS CHANGEACL Service - cpsi - C:\WINDOWS\System32\WSFINALACLSERVICE.exe
 
1 - 6 of 6 Posts
Status
Not open for further replies.
About this Discussion
5 Replies
2 Participants
Last post:
SkewlTech
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top