Long story short - Citrix MetaFrame Server (XP - ICA) running on Windows Server 2003, CPU Utilization is pegged. Memory usage is within normal realm, something hidden is draining everything it's got. Even when I disable TS and log ons it continues to get pegged. I need to know what is going on, I found some fishy stuff on some start up folders of some of the profiles and removed it. But problem still persists - Please help me ASAP. Here is the hijack this log.
Logfile of HijackThis v1.99.1
Scan saved at 10:57:32 AM, on 4/17/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cdmsvc.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINDOWS\System32\ctxxmlss.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\system32\encsvc.exe
C:\WINDOWS\system32\mfcom.exe
C:\WINDOWS\system32\sysdown.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqteam.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe
c:\program files\internet explorer\iexplore.exe
E:\Tech\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://citrix.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a5a3a6e8-db04-4d33-9c23-d3d421002e8b} - C:\WINDOWS\system32\dsscfg.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\jkhiig.dll",realset
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.ewwylie\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://www.bestcarriers.com
O15 - Trusted IP range: http://69.20.64.137
O15 - Trusted IP range: http://199.165.217.136
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.0.9:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...86/client/wuweb_site.cab?1120141976546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup...86/client/muweb_site.cab?1134058844502
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EWWYLIE.local
O17 - HKLM\Software\..\Telephony: DomainName = EWWYLIE.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{84D235EC-8B87-4422-A493-D3D3A920B5FC}: NameServer = 192.168.0.9
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EWWYLIE.local
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - AppInit_DLLs: mfaphook.dll
O20 - Winlogon Notify: dimsntfy - dimsntfy.dll (file missing)
O20 - Winlogon Notify: dsscfg - dsscfg.dll (file missing)
O20 - Winlogon Notify: MetaFrame - ctxnotif.dll (file missing)
O23 - Service: Application Experience Lookup Service (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Client Network (CdmService) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\cdmsvc.exe (file missing)
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe (file missing)
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CpqRcmc.exe (file missing)
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe (file missing)
O23 - Service: HP Insight Server Agents (CqMgServ) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe (file missing)
O23 - Service: HP Insight Storage Agents (CqMgStor) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Citrix XML Service (CtxHttp) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\ctxxmlss.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Encryption Service - Citrix Systems, Inc. - C:\WINDOWS\system32\encsvc.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\services.exe (file missing)
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Independent Management Architecture (IMAService) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: MetaFrame COM Server (MFCom) - Citrix Systems, Inc. - C:\WINDOWS\system32\mfcom.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\sysdown.exe (file missing)
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Upload Manager (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 10:57:32 AM, on 4/17/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cdmsvc.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINDOWS\System32\ctxxmlss.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\system32\encsvc.exe
C:\WINDOWS\system32\mfcom.exe
C:\WINDOWS\system32\sysdown.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqteam.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe
c:\program files\internet explorer\iexplore.exe
E:\Tech\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://citrix.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a5a3a6e8-db04-4d33-9c23-d3d421002e8b} - C:\WINDOWS\system32\dsscfg.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\jkhiig.dll",realset
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.ewwylie\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://www.bestcarriers.com
O15 - Trusted IP range: http://69.20.64.137
O15 - Trusted IP range: http://199.165.217.136
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.0.9:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...86/client/wuweb_site.cab?1120141976546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup...86/client/muweb_site.cab?1134058844502
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EWWYLIE.local
O17 - HKLM\Software\..\Telephony: DomainName = EWWYLIE.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{84D235EC-8B87-4422-A493-D3D3A920B5FC}: NameServer = 192.168.0.9
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EWWYLIE.local
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - AppInit_DLLs: mfaphook.dll
O20 - Winlogon Notify: dimsntfy - dimsntfy.dll (file missing)
O20 - Winlogon Notify: dsscfg - dsscfg.dll (file missing)
O20 - Winlogon Notify: MetaFrame - ctxnotif.dll (file missing)
O23 - Service: Application Experience Lookup Service (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Client Network (CdmService) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\cdmsvc.exe (file missing)
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe (file missing)
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CpqRcmc.exe (file missing)
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe (file missing)
O23 - Service: HP Insight Server Agents (CqMgServ) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe (file missing)
O23 - Service: HP Insight Storage Agents (CqMgStor) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Citrix XML Service (CtxHttp) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\ctxxmlss.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Encryption Service - Citrix Systems, Inc. - C:\WINDOWS\system32\encsvc.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\services.exe (file missing)
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Independent Management Architecture (IMAService) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: MetaFrame COM Server (MFCom) - Citrix Systems, Inc. - C:\WINDOWS\system32\mfcom.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\sysdown.exe (file missing)
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Upload Manager (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\Documents and Settings\Administrator.EWWYLIE\WINDOWS\System32\svchost.exe (file missing)
Facebook
Twitter