Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Hijack?

Started by marlol , Jul 21 2005 06:56 AM

  • Please log in to reply

#1
marlol
Posted 21 July 2005 - 06:56 AM

marlol

    New Member

  • Member
  • Pip
  • 1 posts
I am running a Windows NT Server that is running very slow and is attempting to connect to an unknown host's printer

I have run adaware, spybot S&D, Norton Antivirus and can't find anything,

Any help is much appreciated
***************************************************

Logfile of HijackThis v1.99.1
Scan saved at 8:46:36 AM, on 7/21/05
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
c:\apps\arcserve\ntagent\ntagent.exe
C:\WINNT\System32\nddeagnt.exe
C:\Program Files\SYMsm\arraymon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\forbmon.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\sfmsvc.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\Program Files\VERITAS\NetBackup\bin\bpinetd.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\System32\HPJETDSC.EXE
C:\PROGRA~1\Navnt\npssvc.exe
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\nsr\bin\nsrexecd.exe
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\RpcSs.exe
C:\Program Files\SSH Communications Security\SSH Secure Shell Server\ssh2master.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\EXECUT~1\DISKEE~1\DkService.exe
C:\WINNT\System32\NMSSvc.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\SSH Communications Security\SSH Secure Shell Server\ssh2server.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\System32\CMD.exe
C:\cygwin\bin\bash.exe
C:\WINNT\System32\taskmgr.exe
C:\WINNT\system32\EVENTVWR.EXE
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\hijack this\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 134.174.168.105 iccb_ntone.med.harvard.edu #this server
O1 - Hosts: 134.174.168.121 bak.med.harvard.edu #Legato Backup server
O1 - Hosts: 134.174.168.136 scope-server.med.harvard.edu #Legaoto Backup server #2
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - Global Startup: diskmonitor.cmd
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.LNK = C:\Program Files\Navnt\navapw32.exe
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = med.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = med.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = med.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 134.174.141.2 128.103.209.240 128.103.100.201
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = med.harvard.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = med.harvard.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 134.174.141.2 128.103.209.240 128.103.100.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = med.harvard.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 134.174.141.2 128.103.209.240 128.103.100.201
O23 - Service: Cheyenne Discovery Service (ASDiscoverySvc) - Unknown owner - C:\WINNT\System32\ASDscSvc.exe
O23 - Service: Client Agent for ARCserve - Cheyenne Software division of Computer Associates - c:\apps\arcserve\ntagent\ntagent.exe
O23 - Service: Disk Array Monitor - Unknown owner - C:\Program Files\SYMsm\arraymon.exe
O23 - Service: Diskeeper - Executive Software International - C:\PROGRA~1\EXECUT~1\DISKEE~1\DkService.exe
O23 - Service: Adaptec Failover Backup Monitor (forbmon) - Unknown owner - C:\WINNT\System32\forbmon.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: NetBackup Client Service (NetBackup INET Daemon) - VERITAS Software Corporation - C:\Program Files\VERITAS\NetBackup\bin\bpinetd.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: NetWorker Remote Exec Service (nsrexecd) - Legato Systems, Inc. - C:\Program Files\nsr\bin\nsrexecd.exe
O23 - Service: SSH Secure Shell 2 (SSHSecureShell2Server) - SSH Communications Security Corp - C:\Program Files\SSH Communications Security\SSH Secure Shell Server\ssh2master.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -log "*:EventLog:0" -log Connections:EventLog:100 -service (file missing)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP