Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

KFSmyth515

5 Posts

388

August 25th, 2005 13:00

HJT log - Help!

Logfile of HijackThis v1.99.1
Scan saved at 10:16:45 AM, on 8/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe
C:\WINNT\system32\nvsvc.exe
C:\WINNT\system32\sd.exe
C:\Winnt\System32\asapi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\sfmprint.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINNT\system32\sd.exe
C:\Winnt\System32\mplayerc.exe
C:\WINNT\system32\regsvc.exe
D:\PROGRAM FILES\RIGHTFAX\DOCTRANSPORT\DOCTRANSPORT.EXE
D:\PROGRAM FILES\RIGHTFAX\BIN\PAGESRV.EXE
D:\PROGRAM FILES\RIGHTFAX\BIN\PORTHAND.EXE
D:\Program Files\RightFax\Bin\RightFax.Api.Remoting.Service.exe
D:\PROGRAM FILES\RIGHTFAX\BIN\FAXRPC.EXE
D:\PROGRAM FILES\RIGHTFAX\BIN\FAXSERV.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\system32\nwssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\Dfssvc.exe
D:\PROGRAM FILES\RIGHTFAX\RFBOARD\BOARDSRV.EXE
D:\PROGRAM FILES\RIGHTFAX\BIN\FAXDB.EXE
C:\WINNT\Explorer.EXE
D:\PROGRAM FILES\RIGHTFAX\PRODUCTION\BIN\MIMESEND.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\RightFax\Client\efm.exe
C:\WINNT\System32\svchost.exe
c:\winnt\system32\explorer.exe
c:\winnt\help\WinMedia.exe
C:\WINNT\system32\cmd.exe
c:\winnt\system32\Serv-U32.exe
C:\Documents and Settings\Administrator.TP\Desktop\Hijack This\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123270825468
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://mydesktop.nccomm.com/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tp.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{F42251B1-5679-4F67-ACE8-DD1355F27DB3}: NameServer = 172.16.1.25,4.2.2.1,4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tp.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tp.local
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AdaptecStorageManagerAgent - Adaptec Incorporated - C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe
O23 - Service: Localhost Service (Anti-V) - Cat Soft - C:\WINNT\system32\nvsvc.exe
O23 - Service: ASAPIDriver (asapi) - Unknown owner - C:\WINNT\system32\sd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: D.N.S. DNS Server (D.N.S.) - Unknown owner - C:\WINNT\inf\dns.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network Manager (netwrk) - Unknown owner - c:\winnt\system32\com\system\com\server\network.exe (file missing)
O23 - Service: NvidiaDriver (Nvidianc) - Unknown owner - C:\WINNT\system32\sd.exe
O23 - Service: RightFax BoardServer Module (RFBOARD) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\RFBOARD\BOARDSRV.EXE
O23 - Service: RightFax Database Module (RFDB) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\BIN\FAXDB.EXE
O23 - Service: RightFax DocTransport Module (RFDOCTRANS) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\DOCTRANSPORT\DOCTRANSPORT.EXE
O23 - Service: RightFax eTransport Module (RFMIME) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\PRODUCTION\BIN\MIMESEND.EXE
O23 - Service: RightFax Paging Server Module (RFPAGE) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\BIN\PAGESRV.EXE
O23 - Service: RightFax Queue Handler (RFQUEUE) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\BIN\PORTHAND.EXE
O23 - Service: RightFax Remoting (RFREMOTE) - Captaris, Inc. - D:\Program Files\RightFax\Bin\RightFax.Api.Remoting.Service.exe
O23 - Service: RightFax RPC Server Module (RFRPC) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\BIN\FAXRPC.EXE
O23 - Service: RightFax Server Module (RFSERVER) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\BIN\FAXSERV.EXE
O23 - Service: RightFax WorkServer1 Module (RFWORK1) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\WORKSRV\WORKSRV.EXE
O23 - Service: RightFax WorkServer2 Module (RFWORK2) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\WORKSRV\WORKSRV.EXE
O23 - Service: RightFax WorkServer3 Module (RFWORK3) - Captaris, Inc. - D:\PROGRAM FILES\RIGHTFAX\WORKSRV\WORKSRV.EXE
O23 - Service: Windows Scheduler (RunDll) - Unknown owner - c:\winnt\system32\explorer.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Task Manager (TskMan) - Unknown owner - c:\winnt\system32\tskman.exe (file missing)
O23 - Service: Win-Media Service (wmedia) - Unknown owner - c:\winnt\help\WinMedia.exe

RKinner

2 Intern

 • 

5.9K Posts

August 25th, 2005 19:00

May have been a bit hasty.  I think I'd also stop these services too and check/Fix Checked them.
 
O23 - Service: Localhost Service (Anti-V) - Cat Soft - C:\WINNT\system32\nvsvc.exe
O23 - Service: ASAPIDriver (asapi) - Unknown owner - C:\WINNT\system32\sd.exe
O23 - Service: D.N.S. DNS Server (D.N.S.) - Unknown owner - C:\WINNT\inf\dns.exe (file missing)
O23 - Service: Network Manager (netwrk) - Unknown owner - c:\winnt\system32\com\system\com\server\network.exe (file missing)
O23 - Service: NvidiaDriver (Nvidianc) - Unknown owner - C:\WINNT\system32\sd.exe
 
Ron

RKinner

2 Intern

 • 

5.9K Posts

August 25th, 2005 19:00

Back Again so sooon?  I trust this is a different PC.  Appears to be some sort of server.


Start then Right click on My Computer and select Manage then Services and Applications then Services.  In the right pane scroll down until you see Win-Media Service (wmedia).
Double click on it and then change the Startup type to disabled.  Apply.  Then STOP the Service.

Run HijackTHis and check these two then Fix Checked:

O23 - Service: Task Manager (TskMan) - Unknown owner - c:\winnt\system32\tskman.exe (file missing)
O23 - Service: Win-Media Service (wmedia) - Unknown owner - c:\winnt\help\WinMedia.exe

 

Ron

Was this post helpful?

View All

No Events found!

Top