Jump to content

TheCallmeKrum

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Nebraska
  1. TheCallmeKrum
    i have a hijackthislog what all should i check and fix (get rid of) heres the log Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\windows\system\hpsysdrv[Caution: ExecutableFile] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon[Caution: ExecutableFile] C:\HP\KBD\KBD[Caution: ExecutableFile] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] C:\Program Files\WildTangent\DDC\DDCManager\DDCMan[Caution: ExecutableFile] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] C:\Program Files\Date Manager\DateManager[Caution: ExecutableFile] C:\Program Files\hp center\137903\Shadow\ShadowBar[Caution: ExecutableFile] C:\Program Files\hp center\137903\Program\BackWeb-137903[Caution: ExecutableFile] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON[Caution: ExecutableFile] C:\Program Files\PrecisionTime\PrecisionTime[Caution: ExecutableFile] C:\Program Files\America Online 9.0c\waol[Caution: ExecutableFile] c:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\WINDOWS\system32\fxssvc[Caution: ExecutableFile] C:\Program Files\Common Files\AOL\ACS\AOLacsd[Caution: ExecutableFile] C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile] C:\Program Files\America Online 9.0c\shellmon[Caution: ExecutableFile] C:\WINDOWS\System32\cmd[Caution: ExecutableFile] C:\WINDOWS\system32\java[Caution: ExecutableFile] C:\WINDOWS\System32\cmd[Caution: ExecutableFile] C:\Documents and Settings\Owner.YOUR-US67PI6LUV.024\My Documents\D.A.R. - BETA\runprio[Caution: ExecutableFile] C:\WINDOWS\System32\java[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Documents and Settings\Guest.YOUR-US67PI6LUV.002\My Documents\HijackThis1991[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv[Caution: ExecutableFile] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon[Caution: ExecutableFile] O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD[Caution: ExecutableFile] O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray[Caution: ExecutableFile]" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan[Caution: ExecutableFile]" -Background O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu[Caution: ExecutableFile]" -boot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2[Caution: ExecutableFile] O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz[Caution: ExecutableFile] /R O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile] O4 - HKLM\..\Run: [AutoPlay] C:\HP\BIN\AUTOPLAY[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL[Caution: ExecutableFile]" -b O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager[Caution: ExecutableFile] O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar[Caution: ExecutableFile] O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903[Caution: ExecutableFile] O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON[Caution: ExecutableFile] O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]
  2. TheCallmeKrum
    i was just able to get him the hijackthis program he ran it here's his log please tell all he should get rid of.....thanks alot you guys have helped me out tremendously.<<<<< Logfile of HijackThis v1.99.1 Scan saved at 12:11:55 PM, on 5/1/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N[Caution: ExecutableFile] C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr[Caution: ExecutableFile] C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_05\bin\jusched[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_05\bin\jucheck[Caution: ExecutableFile] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1[Caution: ExecutableFile] C:\PROGRA~1\LEADTE~1\LEADTO~1.0\bin\EPRINT3[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] C:\Program Files\Grisoft\AVG Free\avgcc[Caution: ExecutableFile] C:\Program Files\Grisoft\AVG Free\avgwb.dat C:\Program Files\Grisoft\AVG Free\avginet[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\DOCUME~1\JOHNKI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paomaha.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\vgadb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz[Caution: ExecutableFile]" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1[Caution: ExecutableFile] /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84" O4 - HKLM\..\Run: [ePrint 3.0 Service] C:\PROGRA~1\LEADTE~1\LEADTO~1.0\bin\EPRINT3[Caution: ExecutableFile] O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://campaignlogic.truelogic.com.au/d ... fxIEAx.cab O20 - Winlogon Notify: vgadb - C:\WINDOWS\vgadb.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: EPrint III Service - Unknown owner - C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N[Caution: ExecutableFile] O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI[Caution: ExecutableFile] O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]
  3. TheCallmeKrum
    it was like merlin or merjin or somethin . org can someone clarify?
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept