jimi
Thread Starter
- Joined
- Jun 14, 2000
- Messages
- 3,965
ok this is a messed up machine that this log came from, and cy if you are reading this that last machine just got formated, that always cures em
heres the log of my current headache
Logfile of HijackThis v1.99.1
Scan saved at 3:15:10 PM, on 7/5/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\ddmhup.exe
C:\WINNT\System32\RUNDLL32.exe
C:\WINNT\System32\vidctrl\vidctrl.exe
C:\WINNT\system\pefixluiqe.exe
C:\WINNT\System32\datbene.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINNT\System32\nsvsvc\nsvsvc.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINNT\hqpxk.exe
C:\Program Files\180searchassistant\salm.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINNT\System32\msxct.exe
C:\WINNT\System32\4fbegp1g.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\program files\internet explorer\iexplore.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O1 - Hosts: 199.5.83.204 S10C909B
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINNT\System32\richedtr.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [hcbom] C:\WINNT\System32\hcbom.exe
O4 - HKLM\..\Run: [lavhj] C:\WINNT\System32\lavhj.exe
O4 - HKLM\..\Run: [PSof1] C:\WINNT\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\System32\wintask.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [richup] C:\WINNT\System32\richup.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\mamhrn.exe reg_run
O4 - HKLM\..\Run: [77oh3qR] ddmhup.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [scain] C:\WINNT\TEMP\s030109.Stub.exe
O4 - HKLM\..\Run: [Nsv] C:\WINNT\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [pD2geF] C:\WINNT\hqpxk.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [fsbizwj] C:\WINNT\fsbizwj.exe
O4 - HKLM\..\Run: [4fbegp1g] C:\WINNT\System32\4fbegp1g.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Mw7nRkdpU] datbene.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: tatr.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.4.32/omaha/omaha-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.4.23/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.4.23/poppit2/poppit2-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.2.51/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxy.mht!http://elitegate.de/script/lc.chm::/Bridge-c139.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nosuxxx.mht!http://elitegate.de/script/ysb.chm::/ysb_regular.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{556957AC-004B-407A-AE1F-B45693B4343D}: NameServer = 199.5.83.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{556957AC-004B-407A-AE1F-B45693B4343D}: NameServer = 199.5.83.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{556957AC-004B-407A-AE1F-B45693B4343D}: NameServer = 199.5.83.254
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Welcome - C:\WINNT\system32\dsusic.dll
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
heres the log of my current headache
Logfile of HijackThis v1.99.1
Scan saved at 3:15:10 PM, on 7/5/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\ddmhup.exe
C:\WINNT\System32\RUNDLL32.exe
C:\WINNT\System32\vidctrl\vidctrl.exe
C:\WINNT\system\pefixluiqe.exe
C:\WINNT\System32\datbene.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINNT\System32\nsvsvc\nsvsvc.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINNT\hqpxk.exe
C:\Program Files\180searchassistant\salm.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINNT\System32\msxct.exe
C:\WINNT\System32\4fbegp1g.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\program files\internet explorer\iexplore.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O1 - Hosts: 199.5.83.204 S10C909B
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINNT\System32\richedtr.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [hcbom] C:\WINNT\System32\hcbom.exe
O4 - HKLM\..\Run: [lavhj] C:\WINNT\System32\lavhj.exe
O4 - HKLM\..\Run: [PSof1] C:\WINNT\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\System32\wintask.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [richup] C:\WINNT\System32\richup.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\mamhrn.exe reg_run
O4 - HKLM\..\Run: [77oh3qR] ddmhup.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [scain] C:\WINNT\TEMP\s030109.Stub.exe
O4 - HKLM\..\Run: [Nsv] C:\WINNT\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [pD2geF] C:\WINNT\hqpxk.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [fsbizwj] C:\WINNT\fsbizwj.exe
O4 - HKLM\..\Run: [4fbegp1g] C:\WINNT\System32\4fbegp1g.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Mw7nRkdpU] datbene.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: tatr.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.4.32/omaha/omaha-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.4.23/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.4.23/poppit2/poppit2-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.2.51/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxy.mht!http://elitegate.de/script/lc.chm::/Bridge-c139.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nosuxxx.mht!http://elitegate.de/script/ysb.chm::/ysb_regular.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{556957AC-004B-407A-AE1F-B45693B4343D}: NameServer = 199.5.83.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{556957AC-004B-407A-AE1F-B45693B4343D}: NameServer = 199.5.83.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{556957AC-004B-407A-AE1F-B45693B4343D}: NameServer = 199.5.83.254
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Welcome - C:\WINNT\system32\dsusic.dll
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe