Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

mszx23, clicksearchclick, and other spyware [RESOLVED]


  • This topic is locked This topic is locked

#1
Motor City's Finest

Motor City's Finest

    Member

  • Member
  • PipPip
  • 19 posts
if anybody can help, please, I beg you, help me. this computer is driving me crazy at the moment. advice, please, is welcome.


my hijackthis log...........





Logfile of HijackThis v1.99.1
Scan saved at 11:17:17 PM, on 6/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\mszx23.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {5BBF66EC-EB62-4AB5-8EC5-8465C11BF05F} - C:\WINDOWS\System32\deo.dll (file missing)
O2 - BHO: (no name) - {6C5616C5-C6FC-BC6F-0F3A-379A7FC10E34} - C:\WINDOWS\System32\R497p329.dll
O2 - BHO: (no name) - {D4C0826A-6CF0-3C09-F8FA-1013358966E4} - C:\WINDOWS\System32\jxowcnv.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\PROGRA~1\KAZAAL~1\My Shared Folder\CreditCrack v6.1.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [clyjycqomrwn] C:\WINDOWS\System32\haelhl.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ouArQW.exe] C:\documents and settings\adam\local settings\temp\ouArQW.exe
O4 - HKLM\..\Run: [0peuGbPL.exe] C:\documents and settings\adam\local settings\temp\0peuGbPL.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [epx] C:\WINDOWS\system32\epx.exe
O4 - HKLM\..\Run: [lm.exe] C:\documents and settings\adam\local settings\temp\lm.exe
O4 - HKLM\..\Run: [enfE.exe] C:\documents and settings\adam\local settings\temp\enfE.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [vs3R36Q] penrdsvr.exe
O4 - HKLM\..\Run: [Microsoft Outrunner H20] C:\WINDOWS\system32\Microsoft Outrunner\OUTRUNNER.exe /start
O4 - HKLM\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKLM\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKLM\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKLM\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKLM\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKLM\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKLM\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKLM\..\Run: [Jkvxkalt] c:\Program Files\Ddrz\Fkmnmwo.exe
O4 - HKLM\..\Run: [Exmmj] c:\Program Files\Izwafyz\Jdnyjto.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SECURITY.EXE
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [eBs5RWcth] uxtlogon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKCU\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKCU\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKCU\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKCU\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKCU\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKCU\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKCU\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKCU\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {163ACFA8-CD79-0E4A-FDF9-2E18581561F0} - http://69.50.182.94/1/gdnUS1096.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {C36E1199-D96E-4BA5-AF5F-CF661216F5C1} - C:\WINDOWS\System32\deo.dll
O18 - Filter: text/plain - {C36E1199-D96E-4BA5-AF5F-CF661216F5C1} - C:\WINDOWS\System32\deo.dll
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ntfs32 - C:\WINDOWS\SYSTEM32\ntfs32.dll
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Cnmfgnph.dll
O21 - SSODL: xwjAsiJh - {6C5616BF-C6FC-BC15-55B6-26AE7FC10E31} - C:\WINDOWS\System32\ahob.dll
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Provides three management service (FreeBSD) - Unknown owner - C:\WINDOWS\System32\dev32.exe (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Edited by Motor City's Finest, 18 June 2005 - 09:20 PM.

  • 0

Advertisements


#2
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
my fault, I posted the wrong script. please giv attention to my post, I beg you.
  • 0

#3
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
help needed.
  • 0

#4
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
anybody????
  • 0

#5
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
helllllllllllppppppppp.
  • 0

#6
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
if anybody can help, please, I beg you, help me. this computer is driving me crazy at the moment. advice, please, is welcome.


my hijackthis log...........





Logfile of HijackThis v1.99.1
Scan saved at 11:17:17 PM, on 6/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\mszx23.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {5BBF66EC-EB62-4AB5-8EC5-8465C11BF05F} - C:\WINDOWS\System32\deo.dll (file missing)
O2 - BHO: (no name) - {6C5616C5-C6FC-BC6F-0F3A-379A7FC10E34} - C:\WINDOWS\System32\R497p329.dll
O2 - BHO: (no name) - {D4C0826A-6CF0-3C09-F8FA-1013358966E4} - C:\WINDOWS\System32\jxowcnv.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\PROGRA~1\KAZAAL~1\My Shared Folder\CreditCrack v6.1.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [clyjycqomrwn] C:\WINDOWS\System32\haelhl.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ouArQW.exe] C:\documents and settings\adam\local settings\temp\ouArQW.exe
O4 - HKLM\..\Run: [0peuGbPL.exe] C:\documents and settings\adam\local settings\temp\0peuGbPL.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [epx] C:\WINDOWS\system32\epx.exe
O4 - HKLM\..\Run: [lm.exe] C:\documents and settings\adam\local settings\temp\lm.exe
O4 - HKLM\..\Run: [enfE.exe] C:\documents and settings\adam\local settings\temp\enfE.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [vs3R36Q] penrdsvr.exe
O4 - HKLM\..\Run: [Microsoft Outrunner H20] C:\WINDOWS\system32\Microsoft Outrunner\OUTRUNNER.exe /start
O4 - HKLM\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKLM\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKLM\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKLM\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKLM\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKLM\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKLM\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKLM\..\Run: [Jkvxkalt] c:\Program Files\Ddrz\Fkmnmwo.exe
O4 - HKLM\..\Run: [Exmmj] c:\Program Files\Izwafyz\Jdnyjto.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SECURITY.EXE
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [eBs5RWcth] uxtlogon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKCU\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKCU\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKCU\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKCU\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKCU\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKCU\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKCU\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKCU\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {163ACFA8-CD79-0E4A-FDF9-2E18581561F0} - http://69.50.182.94/1/gdnUS1096.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {C36E1199-D96E-4BA5-AF5F-CF661216F5C1} - C:\WINDOWS\System32\deo.dll
O18 - Filter: text/plain - {C36E1199-D96E-4BA5-AF5F-CF661216F5C1} - C:\WINDOWS\System32\deo.dll
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ntfs32 - C:\WINDOWS\SYSTEM32\ntfs32.dll
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Cnmfgnph.dll
O21 - SSODL: xwjAsiJh - {6C5616BF-C6FC-BC15-55B6-26AE7FC10E31} - C:\WINDOWS\System32\ahob.dll
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Provides three management service (FreeBSD) - Unknown owner - C:\WINDOWS\System32\dev32.exe (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#7
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
why cant I get help? I really need some attention.
  • 0

#8
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
my background has been hijack, an I dont kno if there are other problems, but I'm sure there might be. please help me get it all cleaned up.



my hijack log.



Logfile of HijackThis v1.99.1
Scan saved at 10:42:42 PM, on 6/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {50755E67-BC4E-4CDE-9A04-B3A5E18E69D0} - C:\WINDOWS\System32\bkdpp.dll
O2 - BHO: (no name) - {6C5616C5-C6FC-BC6F-0F3A-379A7FC10E34} - C:\WINDOWS\System32\R497p329.dll
O2 - BHO: (no name) - {D4C0826A-6CF0-3C09-F8FA-1013358966E4} - C:\WINDOWS\System32\jxowcnv.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\PROGRA~1\KAZAAL~1\My Shared Folder\CreditCrack v6.1.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [clyjycqomrwn] C:\WINDOWS\System32\haelhl.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ouArQW.exe] C:\documents and settings\adam\local settings\temp\ouArQW.exe
O4 - HKLM\..\Run: [0peuGbPL.exe] C:\documents and settings\adam\local settings\temp\0peuGbPL.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [epx] C:\WINDOWS\system32\epx.exe
O4 - HKLM\..\Run: [lm.exe] C:\documents and settings\adam\local settings\temp\lm.exe
O4 - HKLM\..\Run: [enfE.exe] C:\documents and settings\adam\local settings\temp\enfE.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [vs3R36Q] penrdsvr.exe
O4 - HKLM\..\Run: [Microsoft Outrunner H20] C:\WINDOWS\system32\Microsoft Outrunner\OUTRUNNER.exe /start
O4 - HKLM\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKLM\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKLM\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKLM\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKLM\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKLM\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKLM\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKLM\..\Run: [Jkvxkalt] c:\Program Files\Ddrz\Fkmnmwo.exe
O4 - HKLM\..\Run: [Exmmj] c:\Program Files\Izwafyz\Jdnyjto.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [eBs5RWcth] uxtlogon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKCU\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKCU\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKCU\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKCU\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKCU\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKCU\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKCU\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKCU\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {163ACFA8-CD79-0E4A-FDF9-2E18581561F0} - http://69.50.182.94/1/gdnUS1096.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {67954A0E-0FBF-4390-B3DA-83C971913E52} - C:\WINDOWS\System32\bkdpp.dll
O18 - Filter: text/plain - {67954A0E-0FBF-4390-B3DA-83C971913E52} - C:\WINDOWS\System32\bkdpp.dll
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ntfs32 - C:\WINDOWS\SYSTEM32\ntfs32.dll
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Cnmfgnph.dll
O21 - SSODL: xwjAsiJh - {6C5616BF-C6FC-BC15-55B6-26AE7FC10E31} - C:\WINDOWS\System32\ahob.dll
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Provides three management service (FreeBSD) - Unknown owner - C:\WINDOWS\System32\dev32.exe (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#9
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
why tha [bleep] can I neva get no help on here?
  • 0

#10
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I really need help, these malwares are driving me nuts.



my hijack you log:


Logfile of HijackThis v1.99.1
Scan saved at 3:35:41 AM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
C:\WINDOWS\System32\mszx23.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Adam\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {6C5616C5-C6FC-BC6F-0F3A-379A7FC10E34} - C:\WINDOWS\System32\R497p329.dll
O2 - BHO: (no name) - {D4C0826A-6CF0-3C09-F8FA-1013358966E4} - C:\WINDOWS\System32\jxowcnv.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [clyjycqomrwn] C:\WINDOWS\System32\haelhl.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ouArQW.exe] C:\documents and settings\adam\local settings\temp\ouArQW.exe
O4 - HKLM\..\Run: [0peuGbPL.exe] C:\documents and settings\adam\local settings\temp\0peuGbPL.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [epx] C:\WINDOWS\system32\epx.exe
O4 - HKLM\..\Run: [lm.exe] C:\documents and settings\adam\local settings\temp\lm.exe
O4 - HKLM\..\Run: [enfE.exe] C:\documents and settings\adam\local settings\temp\enfE.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [vs3R36Q] penrdsvr.exe
O4 - HKLM\..\Run: [Microsoft Outrunner H20] C:\WINDOWS\system32\Microsoft Outrunner\OUTRUNNER.exe /start
O4 - HKLM\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKLM\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKLM\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKLM\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKLM\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKLM\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKLM\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKLM\..\Run: [Jkvxkalt] c:\Program Files\Ddrz\Fkmnmwo.exe
O4 - HKLM\..\Run: [Exmmj] c:\Program Files\Izwafyz\Jdnyjto.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SECURITY.EXE
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [eBs5RWcth] uxtlogon.exe
O4 - HKCU\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKCU\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKCU\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKCU\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKCU\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKCU\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKCU\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKCU\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKCU\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {163ACFA8-CD79-0E4A-FDF9-2E18581561F0} - http://69.50.182.94/1/gdnUS1096.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ntfs32 - C:\WINDOWS\SYSTEM32\ntfs32.dll
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Cnmfgnph.dll
O21 - SSODL: xwjAsiJh - {6C5616BF-C6FC-BC15-55B6-26AE7FC10E31} - C:\WINDOWS\System32\ahob.dll
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Provides three management service (FreeBSD) - Unknown owner - C:\WINDOWS\System32\dev32.exe (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#11
Motor City's Finest

Motor City's Finest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Please help, I dont know what to do. These spywares are killing my machine.



my hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 10:36:25 PM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
C:\WINDOWS\System32\mszx23.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Roxio\Easy CD Creator 5\Easy CD Creator\Creatr50.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Adam\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=?
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {000AF6E8-9E87-41DC-BA77-78097C33EC75} - C:\WINDOWS\System32\hmfdgj.dll
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {6C5616C5-C6FC-BC6F-0F3A-379A7FC10E34} - C:\WINDOWS\System32\R497p329.dll
O2 - BHO: (no name) - {D4C0826A-6CF0-3C09-F8FA-1013358966E4} - C:\WINDOWS\System32\jxowcnv.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [clyjycqomrwn] C:\WINDOWS\System32\haelhl.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ouArQW.exe] C:\documents and settings\adam\local settings\temp\ouArQW.exe
O4 - HKLM\..\Run: [0peuGbPL.exe] C:\documents and settings\adam\local settings\temp\0peuGbPL.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [epx] C:\WINDOWS\system32\epx.exe
O4 - HKLM\..\Run: [lm.exe] C:\documents and settings\adam\local settings\temp\lm.exe
O4 - HKLM\..\Run: [enfE.exe] C:\documents and settings\adam\local settings\temp\enfE.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [vs3R36Q] penrdsvr.exe
O4 - HKLM\..\Run: [Microsoft Outrunner H20] C:\WINDOWS\system32\Microsoft Outrunner\OUTRUNNER.exe /start
O4 - HKLM\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKLM\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKLM\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKLM\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKLM\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKLM\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKLM\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKLM\..\Run: [Jkvxkalt] c:\Program Files\Ddrz\Fkmnmwo.exe
O4 - HKLM\..\Run: [Exmmj] c:\Program Files\Izwafyz\Jdnyjto.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SVCHOST.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{6C5DD71A-8034-4CF7-B497-138DC7DCAE60}\SECURITY.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Adam\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [eBs5RWcth] uxtlogon.exe
O4 - HKCU\..\Run: [Ihf] C:\WINDOWS\Lur.exe
O4 - HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [Vld] C:\WINDOWS\Iar.exe
O4 - HKCU\..\Run: [Jdg] C:\WINDOWS\Pnj.exe
O4 - HKCU\..\Run: [Gfj] C:\WINDOWS\System32\Knp.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\Jlq.exe
O4 - HKCU\..\Run: [Pbj] C:\WINDOWS\Sik.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\Alr.exe
O4 - HKCU\..\Run: [Coc] C:\WINDOWS\System32\Hpa.exe
O4 - HKCU\..\Run: [Qvr] C:\WINDOWS\Mkk.exe
O4 - HKCU\..\Run: [Knj] C:\WINDOWS\Mll.exe
O4 - HKCU\..\Run: [Vfd] C:\WINDOWS\System32\Nol.exe
O4 - HKCU\..\Run: [Cpq] C:\WINDOWS\System32\Ivc.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D021922-ACB6-45E2-B2E4-A63D1225AB68} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A2D60B08-196A-4D91-A225-55A9607AFF4C} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CA79D501-CD69-4F87-A0C0-56D51F799702} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8948EC2-1D89-41F9-87E3-E4466472928A} - (no file) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {163ACFA8-CD79-0E4A-FDF9-2E18581561F0} - http://69.50.182.94/1/gdnUS1096.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {A4086F62-F755-46DC-A4BE-250A762369B0} - C:\WINDOWS\System32\hmfdgj.dll
O18 - Filter: text/plain - {A4086F62-F755-46DC-A4BE-250A762369B0} - C:\WINDOWS\System32\hmfdgj.dll
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ntfs32 - C:\WINDOWS\SYSTEM32\ntfs32.dll
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Cnmfgnph.dll
O21 - SSODL: xwjAsiJh - {6C5616BF-C6FC-BC15-55B6-26AE7FC10E31} - C:\WINDOWS\System32\ahob.dll
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Provides three management service (FreeBSD) - Unknown owner - C:\WINDOWS\System32\dev32.exe (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP