Cpqartqgnrsw service

This service appeared about 2 weeks ago, shortly after my install of SP2. I could never find any info til today when I ran PsService from sysinternals and although it shows it installed as a service, there isn't much other information there.

Here's the portion that pertains to this Cpqartqgnrsw service:

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Cpqartqgnrsw
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME :
LOAD_ORDER_GROUP : Network
TAG : 1
DISPLAY_NAME : Cpqartqgnrsw
DEPENDENCIES :
SERVICE_START_NAME:

Are there any other avenues I can explore to find out what this is and if it's safe to uninstall this service?

I've just ran both SB S&D and Ad-AwareSE and found nothing that looked like it may be related to this.

I also just ran a startup list and a regular scan with HJT but will wait to see if it's needed before posting it.

I will surely appreciate any help I can get with this.
Thanks all...Sworda

 

Hi Sworda, and welcome to Wilders.

I am not finding anything on this 'service' name. I do not have SP2 installed yet myself, but I am doubtful this is part of SP2.

Since some viruses, and spyware, do install themselves as services, I would suggest you have your hijackthis log analysed before uninstalling or removing anything.

We no longer do HijackThis log analysis here at Wilders (see our Posting Policy in this Announcement.) However, you will find a link in the Announcement Post to several other sites that still do provide HijackThis log analysis service.

Whichever site you decide to go to, please be sure and follow their posting policy before you post your hijackthis log.

Please let us know how it turns out.

Regards,

snap

 

Hi, you could try the free trial of TDS3, if it is a Trojan or related infection this will help.

Available here http://tds.diamondcs.com.au/index.php?page=download

 

Sworda - Welcome!!

Not sure if this is what you are seeing? This is #5 on the SANS/FBI's top 20 list of Windows vulnerabilities - if this is your problem, you can get help here:

CIRT @ CIS @ Brown
[ http://www.brown.edu/Facilities/CIS/CIRT/help/netbiosnull.html ]


Marja


Just very interesting, either way,no?

 

Thanks for the info folks. I've posted my HJT log to BleepingComputer and await analysis.

Marja, it looks like you may be on to something and I've quickly perused the link you submitted and am now on information overload

I installed IIS shortly after updating to SP2 and had a feeling that something wasn't quite right. I should have listened to those feelings at the time!
My unease grew more as the days passed and I just uninstalled it a few days ago. I just couldn't seem to lock that program down tight enough Learning a new firewall (Kaspersky) and IIS at the same time just had me befuddled beyond recognition...lol

Well, I'm off to disable NULL sessions and remove that service and when I succeed, this may let me snag the 'family geek' trophy back from my brother
Best regards...SwordaLost