Can anyone.....

  • Thread starter Thread starter worried
  • Start date Start date
W

worried

tell me what is good and bad here,what needs to go !!unning processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\System32\hphmon03.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\HPHipm09.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Hanni\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32
\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\System32\hphmon03.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [] (Value not set)
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk =
C:\Program Files\Kodak\KODAK Software Updater\7288971
\Program\backWeb-7288971.exe
O4 - Global Startup: Registry Tuner.lnk = C:\Program
Files\RegTuner\regtune.exe
O4 - Global Startup: Registry Tuner Help.lnk = C:\Program
Files\RegTuner\HELP\regtune.htm
O4 - Global Startup: KsL Software Web Site.lnk =
C:\Program Files\RegTuner\KsL Software Web Site.url
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30A7497-956E-
49D0-90B5-48677515A227}: NameServer = 205.171.3.65
205.171.2.65
<<<<<<
THANK YOU
 
Hi

Posting the exact details of any problems you are having would help.

--

Will Denny
MS-MVP Windows - Shell/User


| tell me what is good and bad here,what needs to go !!
| >>>>>
| unning processes:
| C:\WINNT\System32\smss.exe
| C:\WINNT\system32\winlogon.exe
| C:\WINNT\system32\services.exe
| C:\WINNT\system32\lsass.exe
| C:\WINNT\system32\svchost.exe
| C:\WINNT\System32\svchost.exe
| C:\WINNT\system32\spoolsv.exe
| C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
| C:\WINNT\Explorer.EXE
| C:\Program Files\Norton AntiVirus\navapsvc.exe
| C:\Program Files\Common Files\Symantec Shared\ccApp.exe
| C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
| C:\WINNT\System32\hphmon03.exe
| C:\Program Files\Norton AntiVirus\SAVScan.exe
| C:\WINNT\System32\ScsiAccess.EXE
| C:\WINNT\System32\svchost.exe
| C:\Program Files\Common Files\Symantec Shared\CCPD-
| LC\symlcsvc.exe
| C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
| C:\WINNT\System32\HPHipm09.exe
| C:\WINNT\System32\devldr32.exe
| C:\Program Files\MSN\MSNCoreFiles\msn.exe
| C:\Program Files\MSN\MSNIA\msniasvc.exe
| C:\Program Files\MSN Messenger\msnmsgr.exe
| C:\Program Files\Messenger\msmsgs.exe
| C:\Documents and Settings\Hanni\Desktop\HijackThis.exe
|
| R1 - HKLM\Software\Microsoft\Internet
| Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
| O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
| FADC6B084872} - C:\Program Files\Norton
| AntiVirus\NavShExt.dll
| O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
| 7859DF00B1D6} - C:\Program Files\Norton
| AntiVirus\NavShExt.dll
| O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
| 00A0C9082467} - C:\WINNT\System32\msdxm.ocx
| O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
| Files\Microsoft Works\WksSb.exe /AllUsers
| O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft
| Works\wkfud.exe
| O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
| Files\Symantec Shared\ccApp.exe"
| O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32
| \spool\drivers\w32x86\3\hpztsb04.exe
| O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\System32\hphmon03.exe
| O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
| C:\WINNT\System32\NvCpl.dll,NvStartup
| O4 - HKLM\..\Run: [] (Value not set)
| O4 - Global Startup: Kodak EasyShare software.lnk =
| C:\Program Files\Kodak\Kodak EasyShare
| software\bin\EasyShare.exe
| O4 - Global Startup: Kodak software updater.lnk =
| C:\Program Files\Kodak\KODAK Software Updater\7288971
| \Program\backWeb-7288971.exe
| O4 - Global Startup: Registry Tuner.lnk = C:\Program
| Files\RegTuner\regtune.exe
| O4 - Global Startup: Registry Tuner Help.lnk = C:\Program
| Files\RegTuner\HELP\regtune.htm
| O4 - Global Startup: KsL Software Web Site.lnk =
| C:\Program Files\RegTuner\KsL Software Web Site.url
| O17 - HKLM\System\CCS\Services\Tcpip\..\{F30A7497-956E-
| 49D0-90B5-48677515A227}: NameServer = 205.171.3.65
| 205.171.2.65
| <<<<<<
| THANK YOU
 
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
Click to expand...

are all normal, required system supporting processes,
although svchost may or may not be in a state that is
as intended by MS when system installed. svchost
might be hosting things you do not need or want.
C:\WINNT\system32\spoolsv.exe
Click to expand...
is normal if you want to print

Everything else is elective, depending on what you
want installed and running


--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
worried said:
tell me what is good and bad here,what needs to go !!unning processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\System32\hphmon03.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\HPHipm09.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Hanni\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32
\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\System32\hphmon03.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [] (Value not set)
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk =
C:\Program Files\Kodak\KODAK Software Updater\7288971
\Program\backWeb-7288971.exe
O4 - Global Startup: Registry Tuner.lnk = C:\Program
Files\RegTuner\regtune.exe
O4 - Global Startup: Registry Tuner Help.lnk = C:\Program
Files\RegTuner\HELP\regtune.htm
O4 - Global Startup: KsL Software Web Site.lnk =
C:\Program Files\RegTuner\KsL Software Web Site.url
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30A7497-956E-
49D0-90B5-48677515A227}: NameServer = 205.171.3.65
205.171.2.65
<<<<<<
THANK YOU
Click to expand...
 
Thanks Roger...and Will, I did post my problem
already,it's the Spyware NUker Installer that Norton
found,and I can't get rid of.Went through the hole
registry,so now I'm doing a file by file search.
THANK YOU ALL...


-----Original Message-----
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
Click to expand...

are all normal, required system supporting processes,
although svchost may or may not be in a state that is
as intended by MS when system installed. svchost
might be hosting things you do not need or want.
C:\WINNT\system32\spoolsv.exe
Click to expand...
is normal if you want to print

Everything else is elective, depending on what you
want installed and running


--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
tell me what is good and bad here,what needs to go !!unning processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\System32\hphmon03.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\HPHipm09.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Hanni\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238- 8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32
\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\System32 \hphmon03.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [] (Value not set)
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk =
C:\Program Files\Kodak\KODAK Software Updater\7288971
\Program\backWeb-7288971.exe
O4 - Global Startup: Registry Tuner.lnk = C:\Program
Files\RegTuner\regtune.exe
O4 - Global Startup: Registry Tuner Help.lnk = C:\Program
Files\RegTuner\HELP\regtune.htm
O4 - Global Startup: KsL Software Web Site.lnk =
C:\Program Files\RegTuner\KsL Software Web Site.url
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30A7497-956E-
49D0-90B5-48677515A227}: NameServer = 205.171.3.65
205.171.2.65
<<<<<<
THANK YOU
Click to expand...


.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

computer sending emails 17
Can't reboot-Plz analyze HJT Log 1
Howzit!!! :) 2
Windows XP Windows XP Malware, Please Help. 2
Anyone see a problem witrh this? 4
IE problems 2
FIRE! FIRE! HELP!!!!!!!!!!!! 4
Windows 7 "Windows cannot find svchost.exe?" 1

Back
Top