Hijack this log... would appreciate someone checking it out

moocow1337 · April 23, 2005

Logfile of HijackThis v1.99.1

Scan saved at 3:18:40 PM, on 4/23/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\WINDOWS\System32\CTHELPER[Caution: ExecutableFile]

C:\WINDOWS\GWMDMMSG[Caution: ExecutableFile]

C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]

C:\WINDOWS\nhgul[Caution: ExecutableFile]

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

C:\Program Files\Java\jre1.5.0_02\bin\jucheck[Caution: ExecutableFile]

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

C:\Program Files\Winamp\winampa[Caution: ExecutableFile]

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile]

C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile]

C:\WINDOWS\System32\nddiui[Caution: ExecutableFile]

C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]

C:\Program Files\AIM\aim[Caution: ExecutableFile]

C:\WINDOWS\System32\nbtvpa[Caution: ExecutableFile]

C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: ExecutableFile]

C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile]

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

C:\Program Files\Azureus\Azureus[Caution: ExecutableFile]

C:\Program Files\Java\jre1.5.0_02\bin\javaw[Caution: ExecutableFile]

C:\Documents and Settings\Main\Desktop\etmin[Caution: ExecutableFile]

C:\Program Files\Winamp\Winamp[Caution: ExecutableFile]

C:\Program Files\Spybot - Search & Destroy\SpybotSD[Caution: ExecutableFile]

C:\WINDOWS\explorer[Caution: ExecutableFile]

C:\Program Files\ISTsvc\istsvc[Caution: ExecutableFile]

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\QW683371\hijackthis[1]\HijackThis[Caution: ExecutableFile]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTHelper] CTHELPER[Caution: ExecutableFile]

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG[Caution: ExecutableFile]

O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi[Caution: ExecutableFile]

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]

O4 - HKLM\..\Run: [QiDPuu] C:\WINDOWS\nhgul[Caution: ExecutableFile]

O4 - HKLM\..\Run: [3bhi35ad] C:\WINDOWS\System32\3bhi35ad[Caution: ExecutableFile]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa[Caution: ExecutableFile]

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile]

O4 - HKLM\..\Run: [sF3P3tW] nddiui[Caution: ExecutableFile]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc[Caution: ExecutableFile]

O4 - HKLM\..\RunOnce: [56w0p5[Caution: ExecutableFile]] C:\WINDOWS\System32\56w0p5[Caution: ExecutableFile] /k

O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware[Caution: ExecutableFile]" "+b1"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager[Caution: ExecutableFile] -quiet

O4 - HKCU\..\Run: [dosFRjaEX] nbtvpa[Caution: ExecutableFile]

O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: ExecutableFile]

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile]

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62479 ... dge-c9.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02bce991b7e ... xIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3680760921

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile]

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

kigoe2 · April 23, 2005

you've got a ton of stuff running on that tthing, all programs that seem to connect to the internet. I recomend getting rid of any that you know you dont need/want... for example, you could get rid of

C:\Program Files\iTunes\iTunesHelper.e3e (CAUTION - executable file)

if you dont need the iTunes help. However, I wouldnt, because I doubt it creates any problem.

You can check some of them out at http://www.processlibrary. Also, check out PC Pit Stop's forums, as they have a great HJT forum.

good luck

-kigoe

just1vet · April 23, 2005

I see that you have Spybot installed. Did you update and run it? May also want to download and run Adaware too, while your at it. Let them rip out everything they find. And they are going to find quite a bit.

Also you don't have a virus scanner installed. Go to

housecall.trendmicro.com

and run a full scan.

Repost back a log when your done

moocow1337 · April 24, 2005

alright im scanning now... my internet died just after i started this thread ;-; it only just now came back up... can anyone tell me why no sound plays when i play music?

moocow1337 · April 24, 2005

okay... i cant edit my post.. anyways i did a scan from that trend micro site and it said it found 6 infected files. should i type out what it found? or is there a way to copy it =p

Vape · April 24, 2005

To the trendmicro scan, then Ad-Aware, then Spybot S&D. Then post another hijackthis log.

Not having any sound is probably related to your sound card drivers. My computer -> properties -> hardware -> device manager. Get the name of your sound card manufacturer and then go to their website. Download the latest driver and install it.

moocow1337 · April 24, 2005

heres the hijack this log...