moocow1337 Posted April 23, 2005 Share Posted April 23, 2005 Logfile of HijackThis v1.99.1 Scan saved at 3:18:40 PM, on 4/23/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\System32\CTHELPER[Caution: ExecutableFile] C:\WINDOWS\GWMDMMSG[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] C:\WINDOWS\nhgul[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_02\bin\jucheck[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile] C:\WINDOWS\System32\nddiui[Caution: ExecutableFile] C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile] C:\Program Files\AIM\aim[Caution: ExecutableFile] C:\WINDOWS\System32\nbtvpa[Caution: ExecutableFile] C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: ExecutableFile] C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile] C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program Files\Azureus\Azureus[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_02\bin\javaw[Caution: ExecutableFile] C:\Documents and Settings\Main\Desktop\etmin[Caution: ExecutableFile] C:\Program Files\Winamp\Winamp[Caution: ExecutableFile] C:\Program Files\Spybot - Search & Destroy\SpybotSD[Caution: ExecutableFile] C:\WINDOWS\explorer[Caution: ExecutableFile] C:\Program Files\ISTsvc\istsvc[Caution: ExecutableFile] C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\QW683371\hijackthis[1]\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER[Caution: ExecutableFile] O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] O4 - HKLM\..\Run: [QiDPuu] C:\WINDOWS\nhgul[Caution: ExecutableFile] O4 - HKLM\..\Run: [3bhi35ad] C:\WINDOWS\System32\3bhi35ad[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile] O4 - HKLM\..\Run: [sF3P3tW] nddiui[Caution: ExecutableFile] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc[Caution: ExecutableFile] O4 - HKLM\..\RunOnce: [56w0p5[Caution: ExecutableFile]] C:\WINDOWS\System32\56w0p5[Caution: ExecutableFile] /k O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware[Caution: ExecutableFile]" "+b1" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager[Caution: ExecutableFile] -quiet O4 - HKCU\..\Run: [dosFRjaEX] nbtvpa[Caution: ExecutableFile] O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: ExecutableFile] O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile] O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62479 ... dge-c9.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02bce991b7e ... xIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3680760921 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile] O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS Link to comment Share on other sites More sharing options...
kigoe2 Posted April 23, 2005 Share Posted April 23, 2005 you've got a ton of stuff running on that tthing, all programs that seem to connect to the internet. I recomend getting rid of any that you know you dont need/want... for example, you could get rid of C:\Program Files\iTunes\iTunesHelper.e3e (CAUTION - executable file) if you dont need the iTunes help. However, I wouldnt, because I doubt it creates any problem. You can check some of them out at http://www.processlibrary. Also, check out PC Pit Stop's forums, as they have a great HJT forum. good luck -kigoe Link to comment Share on other sites More sharing options...
just1vet Posted April 23, 2005 Share Posted April 23, 2005 I see that you have Spybot installed. Did you update and run it? May also want to download and run Adaware too, while your at it. Let them rip out everything they find. And they are going to find quite a bit. Also you don't have a virus scanner installed. Go to housecall.trendmicro.com and run a full scan. Repost back a log when your done Link to comment Share on other sites More sharing options...
moocow1337 Posted April 24, 2005 Author Share Posted April 24, 2005 alright im scanning now... my internet died just after i started this thread ;-; it only just now came back up... can anyone tell me why no sound plays when i play music? Link to comment Share on other sites More sharing options...
moocow1337 Posted April 24, 2005 Author Share Posted April 24, 2005 okay... i cant edit my post.. anyways i did a scan from that trend micro site and it said it found 6 infected files. should i type out what it found? or is there a way to copy it =p Link to comment Share on other sites More sharing options...
Vape Posted April 24, 2005 Share Posted April 24, 2005 To the trendmicro scan, then Ad-Aware, then Spybot S&D. Then post another hijackthis log. Not having any sound is probably related to your sound card drivers. My computer -> properties -> hardware -> device manager. Get the name of your sound card manufacturer and then go to their website. Download the latest driver and install it. Where the bloody hell are you? Link to comment Share on other sites More sharing options...
moocow1337 Posted April 24, 2005 Author Share Posted April 24, 2005 heres the hijack this log... Logfile of HijackThis v1.99.1 Scan saved at 1:08:56 AM, on 4/24/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\System32\CTHELPER[Caution: ExecutableFile] C:\WINDOWS\GWMDMMSG[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_02\bin\jucheck[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile] C:\WINDOWS\System32\nddiui[Caution: ExecutableFile] C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile] C:\Program Files\AIM\aim[Caution: ExecutableFile] C:\Program Files\Yahoo!\Messenger\ypager[Caution: ExecutableFile] C:\WINDOWS\System32\nbtvpa[Caution: ExecutableFile] C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: ExecutableFile] C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile] C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile] C:\Documents and Settings\Main\Desktop\etmin[Caution: ExecutableFile] C:\WINDOWS\system32\rundll32[Caution: ExecutableFile] C:\WINDOWS\System32\mmc[Caution: ExecutableFile] C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] C:\Documents and Settings\Main\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis[Caution: ExecutableFile] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER[Caution: ExecutableFile] O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] O4 - HKLM\..\Run: [QiDPuu] C:\WINDOWS\nhgul[Caution: ExecutableFile] O4 - HKLM\..\Run: [3bhi35ad] C:\WINDOWS\System32\3bhi35ad[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile] O4 - HKLM\..\Run: [sF3P3tW] nddiui[Caution: ExecutableFile] O4 - HKLM\..\RunOnce: [56w0p5[Caution: ExecutableFile]] C:\WINDOWS\System32\56w0p5[Caution: ExecutableFile] /k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager[Caution: ExecutableFile] -quiet O4 - HKCU\..\Run: [dosFRjaEX] nbtvpa[Caution: ExecutableFile] O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1[Caution: ExecutableFile] O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile] O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62479 ... dge-c9.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02bce991b7e ... xIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3680760921 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile] O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now