| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 39816 | 2003-11-18 10:50:00 | registry and hard drive files do any of these indicate virus or adware type | petemit (1134) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 192958 | 2003-11-18 10:50:00 | hi ive used a program called hijack which has listed these registry entries or hard drive entries does anyone know wether these can safely be deleted ? some i know relate to norton antivirus ,zone alarm and to nvidia but there are a heap there i dont know about any help would be appreciated C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\KMaestro\KMaestro.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe c:\x___x\tb.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Peter Mitchell\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.co.nz/ R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file) O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\ali\Application Data\winlink\winlink.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - www.pcpitstop.com O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - download.microsoft.com O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - a1540.g.akamai.net O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - 207.188.7.150 O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - office.microsoft.com O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - www.paltalk.com thanks peter |
petemit (1134) | ||
| 192959 | 2003-11-18 18:35:00 | I've mixed a few around so there's just general listings instead of having everything over the place, so yeah. > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\ System32\svchost.exe > C:\WINDOWS\Explorer.EXE > C:\WINDOWS\System32\RUNDLL32.EXE > C:\WINDOWS\system32\spoolsv.exe > C:\WINDOWS\System32\nvsvc32.exe > C:\WINDOWS\system3 2\slserv.exe These are system services (svchost) or other required files needed by Windows - Especially Explorer! If it's even possible to delete that in Windows then you'll end up having to restore it from the Installation disk (generally find it, copy it back to C:\Windows and your machine will work) > C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe > C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE > C:\PROGRA~1\NORTON~1\NORTON~1 \navapw32.exe Norton Antivirus Protection Server, Norton Protect and Norton Antivirus AutoProtection Wizard (IIRC). All are required by Norton to run > C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe > C:\WINDOWS\system32\Z oneLabs\vsmon.exe ZoneAlarm Firewall and other services required by it. > C:\Program Files\Internet Explorer\iexplore.exe - Internet Explorer, if you want to remove this (if it is possible), remove it from the Add/Remove Programs in the Control Panel > C:\PROGRA~1\WINZIP\winzip32.exe - Winzip, safe to remove (as said remove from the Add/Remove Programs in the Control Panel) Moving onto the Registry Keys. Generally speaking don't touch the registry if you don't know what you're doing or you don't have an available backup of it as you can end up causing more damage than good. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.co.nz/ - That's the homepage for Internet Explorer from Memory > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll Norton Antivirus Registy Keys. > O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm > O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm > O9 - Extra button: FlashGet (HKLM) > O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) > O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll These are all parts of the download manager FlashGet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup - Uh, yeah, Don't touch this O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe - Makes ZoneAlarm run on Startup > O9 - Extra button: Messenger (HKLM) > O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) Windows Messenger > O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - www.pcpitstop.com > O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - download.microsoft.com -9F5F-94901338C922/wmv9VCM.CAB > O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - a1540.g.akamai.net le.com/samantha/us/win/QuickTimeInstaller.exe > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - 207.188.7.150 > O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - office.microsoft.com > O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com ?37875.0736574074 Links for WindowsUpdates and OfficeUpdates |
cyberchuck (173) | ||
| 192960 | 2003-11-18 18:36:00 | > Norton Antivirus Protection Server Got other things on my mind, that should be Norton Antivirus Protection Service |
cyberchuck (173) | ||
| 192961 | 2003-11-18 20:08:00 | >c:\x___x\tb.exe check what this is. >R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file) >HO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\ali\Application Data\winlink\winlink.dll possible hijack. see here (www.trendmicro.com) >O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - 207.188.7.150 not to sure but fairly safe to get rid of. |
tweak'e (174) | ||
| 1 | |||||