I just started this new job and the network here has a lot of viruses. They are currently using Trend Micro as there antivirus but unfortunately it has yet to detect this infection. You see we use this server to do a transfer from one server in LA to our Server here in NY but lately the transmissions have been getting intrupted. I tried doing a continuous ping on the server here and discovered that it losses packets and I get back a request timed out (see example)
* Note - I replaced the last 2 octets with XX.XXX
Reply from 74.125.XX.XXX: bytes=10 time=28ms TTL=244
Reply from 74.125.XX.XXX: bytes=10 time=27ms TTL=244
Reply from 74.125.XX.XXX: bytes=10 time=27ms TTL=244
Reply from 74.125.XX.XXX: bytes=10 time=27ms TTL=244
Reply from 74.125.XX.XXX: bytes=10 time=26ms TTL=244
Reply from 74.125.XX.XXX: bytes=10 time=27ms TTL=244
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 74.125.XX.XX:
Packets: Sent = 50, Received = 47, Lost = 3 (6% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 104ms, Average = 28ms
* Note - I replaced the last 2 octets with XX.XXX
Can you please take a look at my HiJackThis Log and tell me if you see anything that might cause this kind of trouble. Thank you very much in advanced.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:03 PM, on 3/13/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2plxx.exe
D:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
d:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlservr.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
d:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlagent.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Microsoft Retail Management System\Headquarters\HQServer.exe
C:\Program Files\Microsoft Retail Management System\Headquarters Client\HQClient.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
D:\logmein\x86\LogMeInSystray.exe
D:\logmein\x86\LMIGuardian.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
D:\logmein\x86\LogMeInSystray.exe
D:\logmein\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Microsoft Retail Management System\Headquarters\HQServer.exe
C:\Program Files\Microsoft Retail Management System\Headquarters\HQMANAGER.exe
C:\Program Files\Microsoft Retail Management System\Headquarters\HQServer.exe
C:\WINNT\system32\logon.scr
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\logmein\x86\LogMeInSystray.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: bgstart.bat
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6209309271
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6209297286
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://gpsupport.webex.com/client/T23L ... eatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.turnbullandasser.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA446D94-6356-4308-9847-9164856E4D35}: NameServer = 10.41.7.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.turnbullandasser.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.turnbullandasser.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2plxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
--
End of file - 6739 bytes
