GLYNNEPOWELL
asked on
Unhandled win32 exception 9640
We have a piece of software running on the server which generates labels
for emailing. (Just a VB6 program which has been running fine up until now.
No updates have been made to this software).
When we run the software now though we receive a debugger message:
New instance of Visual Studio 2005. After cancelling out of that
we receive the following message: An unhandled win32 exception (9640).
Machine has also intermittently been running slow.
We have run an antivirus scan on the server which removed 126 items of spyware.
We have run hijack this and found the following. Points will be awarded to anyone offering
genuine fixes to any of the items below...
Logfile of HijackThis v1.99.1
Scan saved at 13:28:20, on 03/10/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Running processes:
C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\dllhos t.exe
C:\Program Files\Common Files\Acronis\Schedule2\sc hedul2.exe
C:\PROGRA~1\APC\POWERC~1\a gent\pbeag ent.exe
C:\PROGRA~1\APC\POWERC~1\s erver\PBES ER~1.EXE
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Dfssvc .exe
C:\WINDOWS\System32\dns.ex e
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\inetsr v\inetinfo .exe
C:\WINDOWS\System32\ismser v.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\ sqlservr.e xe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\ntfrs. exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ ReportingS ervicesSer vice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\lserve r.exe
C:\Program Files\RealVNC\VNC4\WinVNC4 .exe
C:\Program Files\RAID Web Console 2\Framework\VivaldiFramewo rk.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\cmd.ex e
C:\Program Files\RAID Web Console 2\JRE\bin\javaw.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\dllhos t.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEch oServer\Tr ueImageMon itor.exe
C:\Program Files\Acronis\TrueImageEch oServer\Ti mounterMon itor.exe
C:\Program Files\Common Files\Acronis\Schedule2\sc hedhlp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra y.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\tsadmi n.exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\logon. scr
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\rdpcli p.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEch oServer\Tr ueImageMon itor.exe
C:\Program Files\Acronis\TrueImageEch oServer\Ti mounterMon itor.exe
C:\Program Files\Common Files\Acronis\Schedule2\sc hedhlp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\mmc.ex e
C:\WINDOWS\system32\NOTEPA D.EXE
C:\utils\hijackthis\Hijack This.exe
C:\WINDOWS\system32\NOTEPA D.EXE
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\userin it.exe
C:\WINDOWS\system32\rdpcli p.exe
C:\WINDOWS\system32\userin it.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEch oServer\Tr ueImageMon itor.exe
C:\Program Files\Acronis\TrueImageEch oServer\Ti mounterMon itor.exe
C:\Program Files\Common Files\Acronis\Schedule2\sc hedhlp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon .exe
C:\utils\hijackthis\Hijack This.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = res://shdoclc.dll/softAdmi n.htm
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = res://shdoclc.dll/softAdmi n.htm
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\WINDOWS\system32\blank. htm
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=7202
F2 - REG:system.ini: UserInit=C:\WINDOWS\system 32\userini t.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0 445EE16191 0} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEch oServer\Tr ueImageMon itor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEch oServer\Ti mounterMon itor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\sc hedhlp.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra y.exe
O4 - HKLM\..\Run: [Seagull Drivers] ssdal_nc.exe startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IECaptureS elLinks.ht ml
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppendSe lLinks.htm l
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\Offic e12\REFIEB AR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\win dows\syste m32\mswsoc k.dll' missing
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-1 38F869633F 3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6 EA94599907 2} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-4 88CA3F370E 2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-4 88CA3F370E 2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-4 88CA3F370E 2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0 0C04F8EC29 4} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-0 0B0D022E94 5} - C:\PROGRA~1\COMMON~1\MICRO S~1\OFFICE 12\MSOXMLM F.DLL
O20 - Winlogon Notify: dimsntfy - dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLog on.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\sc hedul2.exe
O23 - Service: Application Experience Lookup Service (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\alg.ex e (file missing)
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\a gent\pbeag ent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\s erver\PBES ER~1.EXE
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Micro soft.NET\F ramework\v 2.0.50727\ aspnet_sta te.exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\cisvc. exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\Dfssvc .exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\dmadmi n.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: DNS Server (DNS) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\dns.ex e (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\servic es.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\fxssvc .exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ ice.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: Intersite Messaging (IsmServ) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\ismser v.exe (file missing)
O23 - Service: Kerberos Key Distribution Center (kdc) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\lsass. exe (file missing)
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU P~1\LUCOMS ~1.EXE
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\RAID Web Console 2\MegaMonitor\mrmonitor.ex e
O23 - Service: Messenger - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: RWCFramework (MSMFramework) - Unknown owner - C:\Program Files\RAID Web Console 2\Framework\VivaldiFramewo rk.exe
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\ sqlservr.e xe" -sMSSQLSERVER (file missing)
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\lsass. exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: File Replication Service (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\ntfrs. exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\lsass. exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\servic es.exe (file missing)
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\lsass. exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\lsass. exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\locato r.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\RSoPPr ov.exe (file missing)
O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\lsass. exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\SCardS vr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\spools v.exe (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\ SQLAGENT90 .EXE" -i MSSQLSERVER (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\smlogs vc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Terminal Server Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\lserve r.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\vds.ex e (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\vssvc. exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4 .exe" -service (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\syste m32\svchos t.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\Documents and Settings\Administrator\WIN DOWS\Syste m32\svchos t.exe (file missing)
for emailing. (Just a VB6 program which has been running fine up until now.
No updates have been made to this software).
When we run the software now though we receive a debugger message:
New instance of Visual Studio 2005. After cancelling out of that
we receive the following message: An unhandled win32 exception (9640).
Machine has also intermittently been running slow.
We have run an antivirus scan on the server which removed 126 items of spyware.
We have run hijack this and found the following. Points will be awarded to anyone offering
genuine fixes to any of the items below...
Logfile of HijackThis v1.99.1
Scan saved at 13:28:20, on 03/10/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Running processes:
C:\Documents and Settings\Administrator\WIN
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\dllhos
C:\Program Files\Common Files\Acronis\Schedule2\sc
C:\PROGRA~1\APC\POWERC~1\a
C:\PROGRA~1\APC\POWERC~1\s
C:\WINDOWS\system32\cisvc.
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Dfssvc
C:\WINDOWS\System32\dns.ex
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\inetsr
C:\WINDOWS\System32\ismser
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\ntfrs.
C:\WINDOWS\System32\svchos
C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\lserve
C:\Program Files\RealVNC\VNC4\WinVNC4
C:\Program Files\RAID Web Console 2\Framework\VivaldiFramewo
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\cmd.ex
C:\Program Files\RAID Web Console 2\JRE\bin\javaw.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\dllhos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEch
C:\Program Files\Acronis\TrueImageEch
C:\Program Files\Common Files\Acronis\Schedule2\sc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\tsadmi
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\logon.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\rdpcli
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEch
C:\Program Files\Acronis\TrueImageEch
C:\Program Files\Common Files\Acronis\Schedule2\sc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\mmc.ex
C:\WINDOWS\system32\NOTEPA
C:\utils\hijackthis\Hijack
C:\WINDOWS\system32\NOTEPA
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\userin
C:\WINDOWS\system32\rdpcli
C:\WINDOWS\system32\userin
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEch
C:\Program Files\Acronis\TrueImageEch
C:\Program Files\Common Files\Acronis\Schedule2\sc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon
C:\utils\hijackthis\Hijack
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEch
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEch
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\sc
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [Seagull Drivers] ssdal_nc.exe startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\win
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-1
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-4
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-4
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-4
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-0
O20 - Winlogon Notify: dimsntfy - dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLog
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\sc
O23 - Service: Application Experience Lookup Service (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\a
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\s
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: DNS Server (DNS) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Fax - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Intersite Messaging (IsmServ) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Kerberos Key Distribution Center (kdc) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\RAID Web Console 2\MegaMonitor\mrmonitor.ex
O23 - Service: Messenger - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: RWCFramework (MSMFramework) - Unknown owner - C:\Program Files\RAID Web Console 2\Framework\VivaldiFramewo
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: File Replication Service (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Terminal Server Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WIN
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\Documents and Settings\Administrator\WIN
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello swaller - thanks for your post.
May I ask - Does a repair install exist for a server - I've only previously done that in one form or another with workstations. Is the process of a repair install similar to that of XP - ie during installation the setup detects an existing OS (the server), beyond recovery console and gives a repair option?
May I ask - Does a repair install exist for a server - I've only previously done that in one form or another with workstations. Is the process of a repair install similar to that of XP - ie during installation the setup detects an existing OS (the server), beyond recovery console and gives a repair option?
ASKER
Early days yet but we've updated various drivers.
The problem happened intermittently- but hasn't happened for a couple of days now. I have asked people to let me know if it happens again - not sure if it's solved - certainly there are deeper problems anyway - which may or may not be affecting people.
I have passed all the above info onto my boss.
I'd prefer to keep this call open to ensure there are no further problems - the intermittent ones are the worst ones to track down.
The problem happened intermittently- but hasn't happened for a couple of days now. I have asked people to let me know if it happens again - not sure if it's solved - certainly there are deeper problems anyway - which may or may not be affecting people.
I have passed all the above info onto my boss.
I'd prefer to keep this call open to ensure there are no further problems - the intermittent ones are the worst ones to track down.
ASKER
(Still ok so far)
ASKER
Thanks for your help. The problem has not re-occurred since I upgraded a selection of drivers. Interestingly there are no other surface problems on the server. I'll carry out the suggestions if further problems occur relating to missing links, etc.
good to know ;)
ASKER
Btw - anyone reading this - be sure to have the correct CD for running sfc. For example in Windows XP upgraded to SP2 online - if you need to use sfc and it asks for a cd - using your original none-sp2 cd can really mess up your system. I was fortunate to get a system warning when doing something similar - but some people didn't.