Hijack-----
Logfile of HijackThis v1.99.1
Scan saved at 10:15:07 AM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\PROGRA~1\GROKSTER\GROKSTER.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\agcowrwa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\svchost.exe
C:\WINDOWS\system32\freecell.exe
c:\windows\system32\biuedsg.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carstats.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\svhost.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsq4E0.dll (file missing)
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\system32\sm.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [4eJiWo] C:\WINDOWS\agcowrwa.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [aagoxyx] c:\windows\system32\biuedsg.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\system32\sm.exe
O4 - HKCU\..\Run: [h0p7RTe5i] fonlgs.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\Owner\LOCALS~1\Temp\sais.exe"
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2[bleep]ed.biz
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F5491CF-38B0-4039-BF81-9F5BE68D7B02}: NameServer = 198.6.100.6 198.6.1.6
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
Enwido thingy----
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:13:54 AM, 5/9/2005
+ Report-Checksum: 92D2F313
+ Date of database: 5/7/2005
+ Version of scan engine: v3.0
+ Duration: 39 min
+ Scanned Files: 90498
+ Speed: 38.19 Files/Second
+ Infected files: 61
+ Removed files: 61
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
D:\
+ Scan result:
C:\WINDOWS\system32\nsq4E0.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\optimize.exe -> TrojanDownloader.Dyfuca.dx -> Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EEAMCFR0\127062[1].exe -> Not-A-Virus.PornWare.Downloader.Tibsystems -> Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EEAMCFR0\optimize[1].exe -> TrojanDownloader.Dyfuca.dx -> Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8L0FYHI5\istsvc[1].exe -> TrojanDownloader.IstBar -> Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SHA74XM7\nem220[1].dll -> TrojanDownloader.Dyfuca -> Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SHA74XM7\sfbho13[1].dll -> Spyware.SideFind -> Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IYWAOYV4\istrecover[1].exe -> TrojanDownloader.IstBar.ij -> Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IYWAOYV4\bb[1].exe -> TrojanDownloader.Adload.a -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@spylog[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@list[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@dcsa237jn11e5hqth6qbnmpgy_1g3i[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Program Files\Common Files\System\Mapi\1033\tool.exe -> Spyware.HotSearchBar.e -> Cleaned without backup
C:\Program Files\Common Files\System\Mapi\1033\efvefefe.exe -> TrojanDownloader.IstBar.it -> Cleaned without backup
C:\Program Files\Common Files\System\Mapi\1033\sefer.exe -> Spyware.Agent.bn -> Cleaned without backup
C:\Program Files\Common Files\System\Mapi\1033\efefe.exe -> Spyware.ISearch.d -> Cleaned without backup
C:\Program Files\Common Files\System\Mapi\1033\video2.exe -> TrojanDownloader.Small.my -> Cleaned without backup
C:\Program Files\SideFind\sfbho.dll -> Spyware.SideFind -> Cleaned without backup
C:\Program Files\SideFind\sidefind.dll -> Spyware.SideFind -> Cleaned without backup
C:\Program Files\Grokster\TopSearch.dll -> Spyware.Altnet.c -> Cleaned without backup
C:\Program Files\Grokster\abcdefghi.dll -> Spyware.Altnet.c -> Cleaned without backup
C:\Program Files\ISTsvc\istsvc.exe -> TrojanDownloader.IstBar -> Cleaned without backup
C:\Program Files\WebSiteViewer\127062.dlr -> Dialer.Generic -> Cleaned without backup
C:\Program Files\WebSiteViewer\127062.exe -> Not-A-Virus.PornWare.Downloader.Tibsystems -> Cleaned without backup
C:\Program Files\Internet Optimizer\optimize.exe -> TrojanDownloader.Dyfuca.dx -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126847.sys -> Trojan.Delprot.a -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126848.dll -> Spyware.ISearch.d -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126849.dll -> TrojanDownloader.Ieser.a -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126850.exe -> Trojan.Isearch -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126851.REG -> Trojan.LowZones.a -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126852.exe -> Spyware.HotSearchBar.e -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126853.exe -> TrojanDownloader.IstBar.it -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126854.exe -> Spyware.Agent.bn -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126855.exe -> Spyware.ISearch.d -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126856.exe -> TrojanDownloader.Small.my -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126857.exe -> Spyware.Gator -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126858.exe -> Spyware.Gator -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126859.exe -> Spyware.HotSearchBar.e -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126860.exe -> TrojanDownloader.IstBar.it -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126861.exe -> Spyware.Agent.bn -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126862.exe -> Spyware.ISearch.d -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126863.exe -> TrojanDownloader.Small.my -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126864.dll -> Spyware.SideFind -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126865.dll -> Spyware.Apropos -> Cleaned without backup
C:\System Volume Information\_restore{B1DAA04E-5976-4D21-AC28-AA8C1BA70FCB}\RP522\A0126866.dll -> Spyware.eUniverse -> Cleaned without backup
::Report End
I have things like sex.lnk that keeps showing up on my desktop and aurora pop ups etc... there is somthing on my start menu under connect to icon which says connect to tibs147 or somthing under my internet connections and when i log off it turns on and connects me back to the internet.. i have to pull out my phone cord to sign off now :-( thanks