Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

D

DeadLights140

2 Posts

700

May 16th, 2004 14:00

hijackthis file

​this is the log i got from hijackthis​

​Logfile of HijackThis v1.97.7​
​Scan saved at 12:46:47 AM, on 5/16/2004​
​Platform: Windows XP SP1 (WinNT 5.01.2600)​
​MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)​

​Running processes:​
​C:\WINDOWS\System32\smss.exe​
​C:\WINDOWS\system32\winlogon.exe​
​C:\WINDOWS\system32\services.exe​
​C:\WINDOWS\system32\lsass.exe​
​C:\WINDOWS\system32\svchost.exe​
​C:\WINDOWS\System32\svchost.exe​
​C:\WINDOWS\system32\spoolsv.exe​
​C:\Program Files\Norton AntiVirus\navapsvc.exe​
​C:\WINDOWS\System32\nvsvc32.exe​
​C:\WINDOWS\system32\pctspk.exe​
​C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe​
​C:\WINDOWS\System32\svchost.exe​
​C:\Program Files\HHVcdV5Sys\VC5SecS.exe​
​C:\WINDOWS\Explorer.EXE​
​C:\WINDOWS\htpatch.exe​
​C:\WINDOWS\System32\sistray.EXE​
​C:\Program Files\QuickTime\qttask.exe​
​C:\Program Files\Microsoft IntelliPoint\point32.exe​
​C:\Program Files\Logitech\iTouch\iTouch.exe​
​C:\Program Files\Common Files\Real\Update_OB\realsched.exe​
​C:\Program Files\HHVcdV5Sys\VC5Play.exe​
​C:\Program Files\Common files\updater\wupdater.exe​
​C:\Program Files\Analog Devices\SoundMAX\SMTray.exe​
​C:\WINDOWS\System32\SahAgent.exe​
​C:\Program Files\Common Files\CMEII\CMESys.exe​
​C:\WINDOWS\System32\RUNDLL32.EXE​
​C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe​
​C:\Program Files\WinZip\WZQKPICK.EXE​
​C:\Program Files\Logitech\MouseWare\system\em_exec.exe​
​C:\Program Files\Virtual CD v5\System\VC5Tray.exe​
​C:\Program Files\Common Files\GMT\GMT.exe​
​C:\WINDOWS\System32\taskmgr.exe​
​C:\Program Files\Winamp\winamp.exe​
​C:\Program Files\Bargain Buddy\bin\bargains.exe​
​C:\Program Files\Internet Optimizer\optimize.exe​
​C:\Program Files\Internet Optimizer\actalert.exe​
​C:\Program Files\Internet Optimizer\install.exe​
​C:\HJT\HijackThis.exe​

​R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = ​​http://www.the-exit.com/search​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = ​​http://www.the-exit.com/search​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ​​http://www.the-exit.com​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ​​http://www.the-exit.com/search​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = ​​http://www.the-exit.com/search​
​R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ​​http://www.the-exit.com​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ​​http://www.the-exit.com​
​R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = ​​http://www.the-exit.com/search​
​R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = ​​http://www.the-exit.com​
​R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = ​​http://www.the-exit.com​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ​​http://www.the-exit.com/search​
​R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL​
​R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)​
​O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com​
​O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll​
​O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll​
​O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll​
​O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL​
​O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll​
​O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll​
​O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll​
​O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll​
​O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll​
​O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem216.dll​
​O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx​
​O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll​
​O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll​
​O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll​
​O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"​
​O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe​
​O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe​
​O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE​
​O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe​
​O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup​
​O4 - HKLM\..\Run: [nwiz] nwiz.exe /install​
​O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime​
​O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"​
​O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe​
​O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot​
​O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load​
​O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"​
​O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch​
​O4 - HKLM\..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe​
​O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe​
​O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe​
​O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe​
​O4 - HKLM\..\Run: [pex] C:\WINDOWS\pex.exe​
​O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART​
​O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe​
​O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe​
​O4 - HKLM\..\Run: [LimeShop] javaw -cp "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"​
​O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY​
​O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"​
​O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s ​
​O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe​
​O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"​
​O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit​
​O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet​
​O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide​
​O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent​
​O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe​
​O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe​
​O4 - Global Startup: LimeWire 3.8.6.lnk = C:\Program Files\LimeWire\3.8.6\LimeWire.exe​
​O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe​
​O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE​
​O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html​
​O8 - Extra context menu item: >>> HENTAI MOVIES <<< - javascript:{document.location='http://www.archivehentai.com/ah/14/getpassword.html';}​
​O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html​
​O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html​
​O8 - Extra context menu item: LimeShop Preferences - ​​file://C:\Program​​ Files\LimeShop\System\Temp\limeshop_script0.htm​
​O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html​
​O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html​
​O9 - Extra button: AIM (HKLM)​
​O9 - Extra button: Related (HKLM)​
​O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)​
​O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - ​​http://www.netpaloffers.net/NetpalOffers/DMO1/aess11.cab​
​O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - ​​http://www.apple.com/qtactivex/qtplugin.cab​
​O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - ​​http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab​
​O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - ​​http://download.yahoo.com/dl/installs/yinst0309.cab​
​O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - ​​http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB​
​O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - ​​http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab​
​O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - ​​http://207.188.7.150/117a2f29f43b44fe2d00/netzip/RdxIE601.cab​
​O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - ​​http://launch.gamespyarcade.com/software/launch/alaunch.cab​
​O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - ​​http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab​
​O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - ​​http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab​

​will anyone tell me what needs to be "fixed"?​

​P.S. (sorry for kinda hijacking that other guys thread, this is my first time on your forums)​

ChrisRLG

3.9K Posts

May 16th, 2004 21:00

Download then unzip and run CWShredder to clean up clicking FIX to have it remove all it finds.

cwshredder from here
or from here
or download page from here

Please run in safe mode (F8 at boot time)
How to start the computer in Safe mode
Rebooit
===============
Spybot S&D and Ad-aware using the settings and links provided
Here

please post a new hijackthis log after a reboot.

View More

View All

No Events found!

Top