Wulfee Posted November 5, 2005 Share Posted November 5, 2005 Logfile of HijackThis v1.99.1 Scan saved at 4:57:22 PM, on 11/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] C:\WINDOWS\system32\fxssvc[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP[Caution: ExecutableFile] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: ExecutableFile] C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] C:\Program Files\Dell AIO Printer A920\dlbkbmgr[Caution: ExecutableFile] C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\Dell AIO Printer A920\dlbkbmon[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile] C:\WINDOWS\system32\lexpps[Caution: ExecutableFile] C:\Program Files\AIM\aim[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\DOCUME~1\JOSH\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP[Caution: ExecutableFile] O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: ExecutableFile] O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile]" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr[Caution: ExecutableFile]" O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32[Caution: ExecutableFile] "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\JOSH\Local Settings\Temp\{6D80A3E8-C482-41FF-A96E-DC24F66517D0}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG[Caution: ExecutableFile] O4 - Startup: Registration Pacific Fighters.LNK = D:\registration_us\RegistrationReminder[Caution: ExecutableFile] O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 5, 2005 Share Posted November 5, 2005 Ok using my canned speech for another forum might sound wrong but its quicker than me typing it all out: Hi and Welcome to Geeks to Go. My name is Coltm4carbine and I will be helping you. Please can you extract all your HiJack this files to a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Open Microsoft AntiSpyware. [*:3jqyx3t9]Click on Tools, Settings. [*:3jqyx3t9]In the left pane, click on Real-time Protection. [*:3jqyx3t9]Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended). [*:3jqyx3t9]Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended). [*:3jqyx3t9]After you uncheck these, click on the Save button and close Microsoft AntiSpyware. [*:3jqyx3t9]Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware. [*:3jqyx3t9]We will re-enable it once we're done. Then after that go to: Start > Control Panel > Add or Remove Programs and remove the following: MyWebSearch MyWay Need2Find WildTangent PartyPoker (anything that says MyWay,Need2find,WildTangent and PartyPoker) [/b]Please note any other programs that you dont recognize in that list in your next response Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.e3e (CAUTION - executable file) "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\JOSH\Local Settings\Temp\{6D80A3E8-C482-41FF-A96E-DC24F66517D0}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.e3e (CAUTION - executable file) O4 - Startup: Registration Pacific Fighters.LNK = D:\registration_us\RegistrationReminder.e3e (CAUTION - executable file) [recommended unless you trust it] O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.e3e (CAUTION - executable file) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.e3e (CAUTION - executable file) O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Enable the 'Show Hidden Folders' option, like this: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Remove the following folders in bold (if found): C:\Program Files\MyWaySA C:\Program Files\Need2Find C:\Program Files\MyWaySA C:\PROGRA~1\INSTAF~1 If you would please reboot your computer into normal windows, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 wat about te game like jointops i play that game will that effect it Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 also how do i extracta file thank you very much for helping me Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 6, 2005 Share Posted November 6, 2005 wat about te game like jointops i play that game will that effect it ok don't fix that then. Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 wat about the wild tangernt i think i need that to run games atleat thats wat it says i belive u in all but i also use internet explorer will that lose my internet explorer? Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 6, 2005 Share Posted November 6, 2005 ok this is the problem: wat about the wild tangernt i think i need that to run games atleat thats wat it says i belive u in all but i also use internet explorer will that lose my internet explorer? wild tangent and game spy arcade is an advertising spyware. It's your call, have a few spywares or have a cleaner pc. Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 i know this is a dumb question i should know but how do u extract files? Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 i will get rid of if i don t need it to play swat 4 or jointops Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 6, 2005 Share Posted November 6, 2005 delete the HJT you got right now. re-download it but this time save it to somewhere like C:\Prgram Files\HJT. open it and windows should ask you if you want to extract it. select yes. btw the link is here well it is 100% your choice. so if you want to delete it then delete it, if you want to keep it then keep it. Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 windows did not ask me to extract and i saved in c drive i also save in C: my docs won t let me extract though or is that where i should save it has its own file Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 6, 2005 Share Posted November 6, 2005 ok can u post me a fresh log so i can see how it's going? Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 k sorry if im makin this too hard on ya Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 Logfile of HijackThis v1.99.1 Scan saved at 4:08:22 PM, on 11/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\LEXPPS[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] C:\WINDOWS\system32\fxssvc[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP[Caution: ExecutableFile] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: ExecutableFile] C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] C:\Program Files\Dell AIO Printer A920\dlbkbmgr[Caution: ExecutableFile] C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] C:\Program Files\Dell AIO Printer A920\dlbkbmon[Caution: ExecutableFile] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile] C:\Program Files\AIM\aim[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\DOCUME~1\JOSH\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP[Caution: ExecutableFile] O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: ExecutableFile] O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile]" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr[Caution: ExecutableFile]" O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32[Caution: ExecutableFile] "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\JOSH\Local Settings\Temp\{6D80A3E8-C482-41FF-A96E-DC24F66517D0}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG[Caution: ExecutableFile] O4 - Startup: Registration Pacific Fighters.LNK = D:\registration_us\RegistrationReminder[Caution: ExecutableFile] O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 all i need to know is if it is saved in the right spot and i understand from there i g2g go right now and ill be back on in a n hour or 2 Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 6, 2005 Share Posted November 6, 2005 ok one more time :) Delete HJT from your temp folder (Start-> my computer->C:\-> temp) After that can you re-download HiJack This and save it to your desktop. It should be in a compressed folder. now right click on the folder and select extract all. keep on pressing next until you have finished. after that post a new HJT log. the reason why i have to do this is, if during or after the fix something goes wrong you will still have a back-up instead of a huge paper-weight. IMHO it is better to be infected than have a huge paper weight. got to sleep in a sec got french first period tomorrow :( I look at the replies tomorrow. Link to comment Share on other sites More sharing options...
Wulfee Posted November 6, 2005 Author Share Posted November 6, 2005 can u tell me if this is a righht place to save any of then? hijackthis My Documenys is wat it is saved in and hijackthis C:/ is saved in also are these right? Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 7, 2005 Share Posted November 7, 2005 ok delete the one you got in my documents but KEEP the one in the C:/. hopefully you will get it right and we can actually start fixing something. :) Link to comment Share on other sites More sharing options...
Wulfee Posted November 8, 2005 Author Share Posted November 8, 2005 ok i get all that but im at a different house untill wednsday and if thats all i to do with the saveing part then i will be able to get done right away Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 10, 2005 Share Posted November 10, 2005 at last i have found the canned speech for the autoinstaller. Download and run the following HijackThis autoinstall program from ]here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now