my hijackthis log...........
Logfile of HijackThis v1.99.1
Scan saved at 11:17:17 PM, on 6/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\mszx23.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {5BBF66EC-EB62-4AB5-8EC5-8465C11BF05F} - C:\WINDOWS\System32\deo.dll (file missing)
O2 - BHO: (no name) - {6C5616C5-C6FC-BC6F-0F3A-379A7FC10E34} - C:\WINDOWS\System32\R497p329.dll
O2 - BHO: (no name) - {D4C0826A-6CF0-3C09-F8FA-1013358966E4} - C:\WINDOWS\System32\jxowcnv.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\PROGRA~1\KAZAAL~1\My Shared Folder\CreditCrack v6.1.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [clyjycqomrwn] C:\WINDOWS\System32\haelhl.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ouArQW.exe] C:\documents and settings\adam\local settings\temp\ouArQW.exe
O4 - HKLM\..\Run: [0peuGbPL.exe] C:\documents and settings\adam\local settings\temp\0peuGbPL.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [epx] C:\WINDOWS\system32\epx.exe
O4 - HKLM\..\Run: [lm.exe] C:\documents and settings\adam\local settings\temp\lm.exe
O4 - HKLM\..\Run: [enfE.exe] C:\documents and settings\adam\local settings\temp\enfE.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [vs3R36Q] penrdsvr.exe
O4 - HKLM\..\Run: [Microsoft Outrunner H20] C:\WINDOWS\system32\Microsoft Outrunner\OUTRUNNER.exe /start
O4 - HKLM\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKLM\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKLM\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKLM\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKLM\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKLM\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKLM\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKLM\..\Run: [Jkvxkalt] c:\Program Files\Ddrz\Fkmnmwo.exe
O4 - HKLM\..\Run: [Exmmj] c:\Program Files\Izwafyz\Jdnyjto.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SECURITY.EXE
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [eBs5RWcth] uxtlogon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKCU\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKCU\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKCU\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKCU\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKCU\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKCU\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKCU\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKCU\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {163ACFA8-CD79-0E4A-FDF9-2E18581561F0} - http://69.50.182.94/1/gdnUS1096.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {C36E1199-D96E-4BA5-AF5F-CF661216F5C1} - C:\WINDOWS\System32\deo.dll
O18 - Filter: text/plain - {C36E1199-D96E-4BA5-AF5F-CF661216F5C1} - C:\WINDOWS\System32\deo.dll
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ntfs32 - C:\WINDOWS\SYSTEM32\ntfs32.dll
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Cnmfgnph.dll
O21 - SSODL: xwjAsiJh - {6C5616BF-C6FC-BC15-55B6-26AE7FC10E31} - C:\WINDOWS\System32\ahob.dll
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Provides three management service (FreeBSD) - Unknown owner - C:\WINDOWS\System32\dev32.exe (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Edited by Motor City's Finest, 18 June 2005 - 09:20 PM.