vonnie
2007-01-03, 14:52
Hi guys,
I've exhausted all search topics on various forums for a clue to solving this issue, we have a Win 2003 server running in London (we are in another town connecting via KVMoIP) that had a bad case of the Parite A&B virus strains, a co-worker was able to remove the virus, but (as I have read) by nature Parite tampers with your .dll files and makes them appear larger than they are in file size, or corrupts simply corrupts them.
Enter the current problem;
On reboot of the server, we get the following message.
"The Logon User Interface DLL winlogon.dll failed to load."
Plus the additional message...
"At least one service driver failed during system startup. Use Event Manager to examine the event log.
Heres a screenshot of exactly what we see...
http://img90.imageshack.us/img90/1299/screenshoterrorie0.gif
As winlogon.dll will not load, we cannot then login to the server.
However I have bypassed this using safe mode and created the folling HJT log - which I display below: (I'm a little concerned that some of the files are missing, however I'll assume that this is because of being in safe mode[eek ?])
Logfile of HijackThis v1.99.1
Scan saved at 12:46:35, on 03/01/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\healthvillage\pariteremover\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C9534A-0997-4FEB-BFFA-0EE1FE5A83F0}: NameServer = 213.228.193.145,213.228.193.162
O23 - Service: A1Monitor4731132034 - A1Tech Software www.a1tech.com - C:\Program Files\A1Monitor\VMonitor.exe
O23 - Service: Application Experience Lookup Service (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: MailEnable List Connector (MELCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\Program Files\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: FTP Publishing Service (MSFtpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Persits Software EmailAgent - Unknown owner - C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe" /run (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\cnfig\svchost.exe" /service (file missing)
O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Upload Manager (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WebLog Expert Schedule Service (WLESched) - Alentum Software, Inc. - C:\Program Files\WebLog Expert\WLESched.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
-------------------
what I suppose I am trying to do here is avoid a complete reinstall of windows server 2003, as I mentioned the server is in London and this would mean travelling to our server host at a particularly busy time for me.
Should anyone have ever encounted a similar problem or know of any resolve to this issue then do let me know, I'm not a very technical person but very keen to learn so any advice would be very much appreciated.
Thanks for reading, and keep up the good work.
(I've been a S&D user on my home network now for years, and my gaming clan recommends you to all newcomers as a first port of call when fixing parasites/trojans etc.)
I've exhausted all search topics on various forums for a clue to solving this issue, we have a Win 2003 server running in London (we are in another town connecting via KVMoIP) that had a bad case of the Parite A&B virus strains, a co-worker was able to remove the virus, but (as I have read) by nature Parite tampers with your .dll files and makes them appear larger than they are in file size, or corrupts simply corrupts them.
Enter the current problem;
On reboot of the server, we get the following message.
"The Logon User Interface DLL winlogon.dll failed to load."
Plus the additional message...
"At least one service driver failed during system startup. Use Event Manager to examine the event log.
Heres a screenshot of exactly what we see...
http://img90.imageshack.us/img90/1299/screenshoterrorie0.gif
As winlogon.dll will not load, we cannot then login to the server.
However I have bypassed this using safe mode and created the folling HJT log - which I display below: (I'm a little concerned that some of the files are missing, however I'll assume that this is because of being in safe mode[eek ?])
Logfile of HijackThis v1.99.1
Scan saved at 12:46:35, on 03/01/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\healthvillage\pariteremover\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C9534A-0997-4FEB-BFFA-0EE1FE5A83F0}: NameServer = 213.228.193.145,213.228.193.162
O23 - Service: A1Monitor4731132034 - A1Tech Software www.a1tech.com - C:\Program Files\A1Monitor\VMonitor.exe
O23 - Service: Application Experience Lookup Service (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: MailEnable List Connector (MELCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\Program Files\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: FTP Publishing Service (MSFtpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Persits Software EmailAgent - Unknown owner - C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe" /run (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\cnfig\svchost.exe" /service (file missing)
O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Upload Manager (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WebLog Expert Schedule Service (WLESched) - Alentum Software, Inc. - C:\Program Files\WebLog Expert\WLESched.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
-------------------
what I suppose I am trying to do here is avoid a complete reinstall of windows server 2003, as I mentioned the server is in London and this would mean travelling to our server host at a particularly busy time for me.
Should anyone have ever encounted a similar problem or know of any resolve to this issue then do let me know, I'm not a very technical person but very keen to learn so any advice would be very much appreciated.
Thanks for reading, and keep up the good work.
(I've been a S&D user on my home network now for years, and my gaming clan recommends you to all newcomers as a first port of call when fixing parasites/trojans etc.)