Logfile of HijackThis v1.99.1
Scan saved at 20:06:54, on 29/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\11.tmp
C:\WINNT\system32\MSTask.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.exe
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\winservnt32.exe
C:\dfndrff_14.exe
C:\WINNT\v1201.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SpywareBot\SpywareBot.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\javanet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://corperp.sanmina.com:8001/pls/ERP ... ypage.home
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winservnt32.exe
O1 - Hosts: 148.164.90.2 P586EUSRV
O1 - Hosts: 148.164.90.4 p586exs00.sanmina-sci.com
O1 - Hosts: 148.164.90.5 p586nt502.sanmina-sci.com
O1 - Hosts: 148.164.90.6 P586NTP01
O1 - Hosts: 148.164.90.7 P586NTP02
O1 - Hosts: 148.164.90.8 P586NTP03
O1 - Hosts: 148.164.90.9 P586NTP04
O1 - Hosts: 148.164.90.10 p586nt401
O1 - Hosts: 148.164.90.11 P586NT306
O1 - Hosts: 148.164.90.21 p586nt301.sanmina-sci.com
O1 - Hosts: 148.164.90.22 p586nt302.sanmina-sci.com
O1 - Hosts: 148.164.90.23 p586nt303.sanmina-sci.com
O1 - Hosts: 148.164.90.24 p586nt304.sanmina-sci.com
O1 - Hosts: 148.164.90.25 p586nt305.sanmina-sci.com
O1 - Hosts: 148.164.90.55 p586nt017.sanmina-sci.com
O1 - Hosts: 148.164.90.56 P586NT007
O1 - Hosts: 148.164.90.57 P586NT017A
O1 - Hosts: 148.164.90.58 P586NT017B
O1 - Hosts: 148.164.90.59 P586NT010
O1 - Hosts: 148.164.90.61 P586NT308
O1 - Hosts: 148.164.90.62 P586NT307
O1 - Hosts: 148.164.90.210 P586lapbkup
O1 - Hosts: 148.164.90.222 p586ux600.sanmina-sci.com
O1 - Hosts: 148.164.90.231 P586NTS01
O1 - Hosts: 148.164.90.233 p586nts03.sanmina-sci.com
O1 - Hosts: 148.164.90.234 p584nts04.sanmina-sci.com
O1 - Hosts: 148.164.90.236 P499NT001
O1 - Hosts: 148.164.90.239 p54as5.sanmina-sci.com
O1 - Hosts: 148.164.90.240 p54as1.sanmina-sci.com
O1 - Hosts: 148.164.90.241 p54as2.sanmina-sci.com
O1 - Hosts: 148.164.90.242 p54as3.sanmina-sci.com
O1 - Hosts: 148.164.90.247 p54as4.sanmina-sci.com
O1 - Hosts: 148.164.90.250 P586CBDC
O1 - Hosts: 172.21.4.120 vcts01
O1 - Hosts: 172.21.4.121 x3l2s000
O1 - Hosts: 172.21.4.114 svl2s000
O1 - Hosts: 172.21.4.110 SERVAUDIT
O1 - Hosts: 148.164.26.247 w3.ibm.com
O1 - Hosts: 148.164.26.242 usiposya.boulder.ibm.com
O1 - Hosts: 148.164.26.243 d25dbw14.mkm.can.ibm.com
O1 - Hosts: 148.164.26.245 w3-1.ibm.com
O1 - Hosts: 148.164.26.246 w3host01.raleigh.ibm.com
O1 - Hosts: 148.164.26.248 w3-3.ibm.com
O1 - Hosts: 148.164.26.249 pmwww.pmrtp.raleigh.ibm.com
O1 - Hosts: 148.164.26.243 w3-9006.ibm.com
O1 - Hosts: 148.164.26.230 d01dbr02 #(LEADS US)
O1 - Hosts: 148.164.26.215 d06dbl69 #(LEADS EMEA)
O1 - Hosts: 148.164.26.235 d01db034.pok.ibm.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [Microsoft (R) Windows Vista/NT Runtime Compatibility Service] C:\WINNT\NT\nrcs.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Security Management Service] C:\WINNT\system32\11.tmp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RBot v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server] C:\WINNT\system32\glossary.exe
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [zesac804] RUNDLL32.EXE w00b4ded.dll,n 003ac8010000000a00b4ded
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [ntdll.dll] winservnt32.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] 20274_netapi.exe
O4 - HKLM\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - HKLM\..\RunServices: [Sun Java Console for Windows NT & XP] jconsole.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\Run: [ntdll.dll] ctfmon.exe
O4 - Global Startup: Access Manager Client.lnk = C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {020f6116-407b-11d3-a3bb-00c04fa32518} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{455BC115-D5C5-4954-8E0C-67317D56CA47}: Domain = sanmina-sci.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C816BD0C-BDE2-43EF-9BA3-C860E75D4F0E}: NameServer = 80.225.252.178 80.225.252.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{D844F16B-53CD-4415-8D0D-A7D0BA67DC15}: Domain = sanmina-sci.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA77E7B6-A089-4E1A-B55C-956D84EE479E}: Domain = sanmina-sci.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD068E0-7548-43D9-8A8C-3A6853814CE1}: Domain = sanmina-sci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sanmina-sci.com,sci.com,sanmina.com,eu.sanm.corp,am.sanm.corp,ap.sanm.corp,sanm.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = sanmina-sci.com,sci.com,sanmina.com,eu.sanm.corp,am.sanm.corp,ap.sanm.corp,sanm.corp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sanmina-sci.com,sci.com,sanmina.com,eu.sanm.corp,am.sanm.corp,ap.sanm.corp,sanm.corp
O20 - Winlogon Notify: BITS - C:\WINNT\system32\f0l02a3mgd.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\U2FubWluYS1TQ0k\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINNT\system32\11.tmp
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINNT\system32\wgareg.exe