Results 1 to 4 of 4

Thread: Smitfraud detected by SuperAntiSpyware, not by Panda or ESET?

  1. 2010-07-14, 20:31 #1
    tanders1
    tanders1 is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    2

    Question Smitfraud detected by SuperAntiSpyware, not by Panda or ESET?

    I have a Citrix server that SuperAntiSpyWare continually states is infected with Trojan.Smitfraud Variant / IE Anti-Spy-Ware. The other antivirus programs are not finding it. Here is a copy of the HiJackThis log. Can anyone help? Thanks!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:20:48, on 7/14/2010
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Panda Software\AVNT\PavSrvX86.exe
    C:\Program Files (x86)\Panda Software\AVNT\AVENGINE.EXE
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
    C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
    C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
    C:\Program Files (x86)\Symantec\Backup Exec\NT\dlomaintsvcu.exe
    C:\Program Files (x86)\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe
    C:\Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
    C:\Program Files (x86)\Java\jre6\bin\jqs.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files (x86)\Dell\SysMgt\sm\mr2kserv.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
    C:\Program Files (x86)\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
    C:\Program Files (x86)\Panda Software\AVNT\PsCtrlS.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
    C:\Program Files (x86)\Panda Software\AVNT\PsImSvc.exe
    C:\Program Files (x86)\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
    C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
    C:\WINDOWS\TIREMOTE\TIRemoteService.exe
    C:\WINDOWS\syswow64\snmp.exe
    C:\Program Files (x86)\X-Charge\XCSecurityService.exe
    C:\Program Files (x86)\Citrix\system32\cdmsvc.exe
    C:\Program Files (x86)\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files (x86)\Citrix\System32\wfshell.exe
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files (x86)\Citrix\system32\icabar.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
    C:\Program Files (x86)\Panda Software\AVNT\PSCtrlC.exe
    C:\WINDOWS\Temp\PRScan\PRScan.exe
    C:\Program Files (x86)\Panda Software\AVNT\psimreal.exe
    C:\Program Files (x86)\Panda Software\AVNT\PSIMMON.exe
    C:\Program Files (x86)\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
    C:\Documents and Settings\tandersen\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/softAdmin.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/softAdmin.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Citrix Single Sign-On Browser Helper Object - {C3793308-160C-4b29-B44E-A09EE159DC83} - C:\Program Files (x86)\Citrix\MetaFrame Password Manager\Helper\IE\bho.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [IcaBar] "C:\Program Files (x86)\Citrix\system32\icabar.exe" /adminonly
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files (x86)\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
    O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files (x86)\Panda Software\AVNT\PSCtrlC.exe"
    O4 - HKLM\..\Run: [PRClean] C:\WINDOWS\Temp\PRScan\PRClean.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3057299724-1252680614-2322330818-1005\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ctx_cpuuser')
    O4 - HKUS\S-1-5-21-3057299724-1252680614-2322330818-1006\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ctx_cpsvcuser')
    O4 - HKUS\S-1-5-21-3057299724-1252680614-2322330818-1007\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Ctx_StreamingSvc')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2159\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SHERRING')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2223\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JTERESI')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2642\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'lbunce')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2648\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LMAYO')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2648\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LMAYO')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2656\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'CHILLS1')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2656\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'CHILLS1')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2658\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'PINEACRES1')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2658\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'PINEACRES1')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2659\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'GATEWAY1')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-2659\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'GATEWAY1')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-3125\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'DCZARNECKI')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-3615\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'DROBERTSON')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-3615\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'DROBERTSON')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4138\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SKRAJESKI')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4160\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'GHAVEN2')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4160\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'GHAVEN2')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4230\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Kzlotek')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4230\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Kzlotek')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4268\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'DFELTES')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4373\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'MMCDERMOTT')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4461\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'smcquown')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4461\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'smcquown')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4465\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'DHOLIDAY')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-4471\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'CGONDOLI')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6107\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'MTOMASINO')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6140\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'BCREBS')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6140\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'BCREBS')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6190\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'dlsommerman')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6220\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JSANDERS')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6254\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'CMONTARO')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6260\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'esoltau')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6637\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'GSCHILLING')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-6637\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'GSCHILLING')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7120\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'HDAVIS')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7130\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'KOLSON')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7164\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'BRMILLER')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7167\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JOCONNOR')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7167\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'JOCONNOR')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7253\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'TLAFORCE')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7253\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'TLAFORCE')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7258\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'BNOWAK')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7291\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'DSMITH')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7291\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'DSMITH')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7303\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'MDOUGHERTY')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7303\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'MDOUGHERTY')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7313\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LMELVILLE')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7313\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LMELVILLE')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7371\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JRUSSELL')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7371\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'JRUSSELL')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7381\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SJOHNSON')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7381\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SJOHNSON')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7425\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'CVANVLIET')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7425\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'CVANVLIET')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7450\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ARUTH')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7450\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ARUTH')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7466\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JGONZALEZ')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7531\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'TPASSARO')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7543\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'DNICOLINI')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7566\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SMORA')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7566\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SMORA')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7687\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LDUPLECHIN')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7687\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LDUPLECHIN')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7706\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'KFAVAZZA')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7706\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'KFAVAZZA')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7709\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'igomez')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7709\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'igomez')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7874\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JBAKER')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7874\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'JBAKER')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7893\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'DSAWYER')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-7893\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'DSAWYER')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8116\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'PGOODWIN')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8116\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'PGOODWIN')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8159\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'yjackson')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8159\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'yjackson')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8174\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'BANDERSON')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8174\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'BANDERSON')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8207\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ATOLLKUEHN')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8207\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ATOLLKUEHN')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8257\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'new')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8257\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'new')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8301\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'CCOLLINS')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8301\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'CCOLLINS')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8318\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'AKAUFMANN')
    O4 - HKUS\S-1-5-21-823518204-1390067357-1801674531-8318\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'AKAUFMANN')
    O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - S-1-5-21-823518204-1390067357-1801674531-7543 Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'DNICOLINI')
    O4 - S-1-5-21-823518204-1390067357-1801674531-7543 User Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'DNICOLINI')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Broken Internet access because of LSP provider 'j:\windows\system32\mswsock.dll' missing
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1196968226265
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1259590119309
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MORGAN.morgan-llc.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{367E9EE9-FB3A-4F05-9463-02BCBC796420}: NameServer = 10.211.4.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4BEB345-38A0-4FBC-8C27-B3138F6F1CCB}: NameServer = 10.211.4.10
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MORGAN.morgan-llc.com
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - J:\WINDOWS\SysWOW64\browseui.dll (file missing)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - J:\WINDOWS\SysWOW64\browseui.dll (file missing)
    O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Security S.L. - C:\Program Files (x86)\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
    O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
    O23 - Service: Citrix Diagnostic Facility COM Server (CdfSvc) - Citrix Systems, Inc. - C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe
    O23 - Service: Citrix Client Network (CdmService) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\system32\cdmsvc.exe
    O23 - Service: Citrix 64-bit Virtual Memory Optimization - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\Server Resource Management\Memory Optimization Management\Program\ctxsfosvc64.exe
    O23 - Service: Citrix Encryption Service - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\system32\encsvc.exe
    O23 - Service: Citrix End User Experiencing Monitoring (Citrix EUEM) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\Euem\Service\SemsService.exe
    O23 - Service: Citrix SMA Service - Citrix Systems Inc. - C:\Program Files (x86)\Citrix\Sma\SmaService.exe
    O23 - Service: Citrix User Profile Manager - Citrix Systems, Inc. - C:\Program Files\Citrix\User Profile Manager\UserProfileManager.exe
    O23 - Service: Citrix Virtual Memory Optimization - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
    O23 - Service: Citrix Health Monitoring and Recovery (CitrixHealthMon) - Citrix Systems, Inc - C:\Program Files (x86)\Citrix\HealthMon\HCAService.exe
    O23 - Service: Citrix Licensing (CitrixLicensing) - Acresso Software Inc. - C:\Program Files (x86)\Citrix\Licensing\LS\lmgrd.exe
    O23 - Service: Citrix WMI Service (CitrixWMIService) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\system32\citrix\WMI\ctxwmisvc.exe
    O23 - Service: Citrix XTE Server (CitrixXTEServer) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\XTE\bin\XTE.exe
    O23 - Service: Citrix Licensing WMI (Citrix_GTLicensingProv) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
    O23 - Service: Citrix Single Sign-On Sagent (Citrix_Password_Manager_Sagent) - Citrix Systems, Inc. - C:\Program Files\Citrix\MetaFrame Password Manager\Sagent.exe
    O23 - Service: Citrix Print Manager Service (cpsvc) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\system32\CpSvc.exe
    O23 - Service: Citrix ActiveSync Service (CtxActiveSync) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\System32\CtxActiveSync.exe
    O23 - Service: Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpubal.exe
    O23 - Service: Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpusched.exe
    O23 - Service: Citrix XML Service (CtxHttp) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\System32\ctxxmlss.exe
    O23 - Service: Citrix License Management Console (CTXLMC) - Apache Software Foundation - C:\Program Files (x86)\Citrix\Licensing\LMC\Tomcat\bin\tomcat6.exe
    O23 - Service: Citrix LS Port Updater Service (CtxLSPortSvc) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe
    O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
    O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
    O23 - Service: Backup Exec DLO Maintenance Service (DLOMaintenanceSvc) - Symantec Corporation - C:\Program Files (x86)\Symantec\Backup Exec\NT\dlomaintsvcu.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Firebird Server - CSMInstance (FirebirdServerCSMInstance) - FirebirdSQL Project - C:\Program Files (x86)\Citrix\System Monitoring\Agent\Core\Firebird\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: IIS Admin Service (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
    O23 - Service: Citrix Services Manager (IMAAdvanceSrv) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
    O23 - Service: Citrix Independent Management Architecture (IMAService) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\System32\Citrix\Ima\ImaSrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
    O23 - Service: Citrix MFCOM Service (MFCom) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\System32\mfcom.exe
    O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files (x86)\Dell\SysMgt\sm\mr2kserv.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: DSM SA Shared Services (omsad) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
    O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Security S.L. - C:\Program Files (x86)\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
    O23 - Service: Panda Software Controller - Panda Security - C:\Program Files (x86)\Panda Software\AVNT\PsCtrlS.exe
    O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Security, S.L. - C:\Program Files (x86)\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
    O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files (x86)\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
    O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Security, S.L. - C:\Program Files (x86)\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
    O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Software\AVNT\PavSrvX86.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Panda IManager Service (PsImSvc) - Panda Security - C:\Program Files (x86)\Panda Software\AVNT\PsImSvc.exe
    O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\PSSDNSVC.EXE
    O23 - Service: Citrix Streaming Service (RadeSvc) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: Citrix Resource Manager Mail (ResourceManagerMail) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\System32\Citrix\IMA\MailService.exe
    O23 - Service: Citrix System Monitoring Agent (RSCorSvc) - Citrix Systems, Inc - C:\Program Files (x86)\Citrix\System Monitoring\Agent\Core\rscorsvc.exe
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
    O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
    O23 - Service: X-Charge Security (XCSecurity) - Unknown owner - C:\Program Files (x86)\X-Charge\XCSecurityService.exe
    O23 - Service: X-Charge Server (XCService) - Unknown owner - C:\Program Files (x86)\X-Charge\XCService.exe

    --
    End of file - 28608 bytes
  2. 2010-07-14, 20:41 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello tanders1,

    Our volunteers help members with personal computers, please give more information about this Citrix server.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  3. 2010-07-14, 21:43 #3
    tanders1
    tanders1 is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    2

    Default

    This is a server I am working on at my company. It is Server 2003 64bit. Is there a different forum I should post this at?
  4. 2010-07-14, 22:02 #4
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello tanders1,
    Quote Originally Posted by tanders1 View Post
    This is a server I am working on at my company. It is Server 2003 64bit. Is there a different forum I should post this at?
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Post #5.
    It's not that we don't want to help, but there are too many issues that could arise from a networked company machine that malware forum volunteers are not experienced in dealing with.
    We're sorry but this malware removal forum is set up to help those in need of assistance with their personal computers.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules