Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did Hjt Because Of


  • Please log in to reply
5 replies to this topic

#1 Lily Livered

Lily Livered

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 29 October 2005 - 03:40 PM


Dell laptop (one month old) Inspiron 6000
730 Intel Pentium MProcessor (1.60Ghz/2MB Cache/533Mhz FSB)
512 MB
60GB hard drive
Intel Pro/Wireless 2200 Internal Wireless
Netgear Router
Windows XP Home SP2



You may not need all this Startup stuff, but it is the reason for this HJT log so I'll post it first with the HJT following. I absolutely DO need help on the Startup stuff too though as you'll see. I'm sure you'll let me know if I need to post the Startup stuff elsewhere to get help with it...

I've been intending to lookup all the startup stuff and finally finally did it last night. Took me 6 hours to look up the 50 processes listed in Task Manager, using the ctrl-alt-del method, and to type them all out along with my concerns and questions. It looks VERY scary to me---like maybe my surfing binge a few days ago has gotten me lots and lots of Trojans and Worms?!! BUT......

Ran CWShredder and nothing was found.

Ran ScanDisk and took care of that.

I have run all my anti-malware programs and they weren't bad at all:

Ran CCleaner and took care of those.

Ran AdAware 3 times. The first time, it removed 6 items, the second time it removed 3, and the last time it showed 0.

Ran Spybot twice and both times, it found 0.

Ran AVG twice with no virus or trojans found.

Here's my Startup stuff that caused me to think I needed to run an HJT:

____________________________________________________________

Processes in Startup using ctrl-alt-delete method
and checking them at Sysinfo.org:

October 29, 2005. Note: All I have open is Sysinfo.org, the Task Manager, and Wordpad Document (to type this).

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Y=Normally leave to run at startup
N=not required--can be started manually
U=user's choice
X=definitely not required--typically viruses, spyware, adware and "resource hogs"
?=Unknown
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Image name/User Name (typed exactly as on Task Manager--ctrl-alt-del)


dlbtbmon.exe/Kristina-----not listed ***help please!

avgcc.exe/Kristina-----Y (AVG)

dlbtbmgr.exe/Kristina-----not listed *** help please!

issch.exe/Kristina----N (InstallShield Update Service Scheduler)

wordpad.exe/Kristina-----(Name or Startup Item on Sysinfo.org=Wind0ws +++++++++++Added by the AGOBOT-TL WORM! Note - this is not the legitimate Windows application wordpad.exe (which is found in the Program Files\Accessories folder) which should not normally be seen in Msconfig or as a Startup item. This file is loacted in the System (9x/Me) or System32 (NT/2K/XP) folder
***help please! I don't know about this one. There's only one listing for it on Sysinfo.org and I DO have wordpad open. ?


tfswctrl.exe/Kristina-----Y (two entries for it, both Y) (CD-RW writer. Without it loading, you can burn but not read the burned CDs)

ApntEx.exe/Kristina-----not listed ***help please!

mmtask.exe/Kristina-----2 entries on Sysinfo.org: (1. Name or Startup Item on Sysinfo.org=mmtask)++++++++++which is not required; it's part of MusicMatch Jukebox~~(2. Name or Startup Item on Syinfo.org=MMtask Service)++++++++++which is "added by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename
***help please! I'm thinking on this one, to probably go with '1.' because the Name or Startup Item on Sysinfo.org is the same as my Image Name. ?


mm_tray.exe/Kristina-----N (MusicMatch Jukebox icon in the task tray)

quickset.exe/Kristina-----N (2 entries for it, both N) (Dell taskbar icon allowing you to quickly change settings)

PCMService.exe/Kristina-----? Unknown (1 entry on Sysinfo.org) (In a DellMedia Experience sub-directory) ***I'll do my job and look up DellMedia for more info then ask questions if needed, unless you already know and want to tell me.

iFrmewrk.exe/Kristina-----Y (Associated with the Intel PRO/Set Wireless software)

jusched.exe/Kristina-----3 entries on Sysinfo.org: (1. N Name or Startup Item on Sysinfo.org=jusched) ++++++++++ to do with Sun's Java updates) (2. N Name or Startup Item on Sysinfo.org=SunJavaUpdateSched) ++++++++++ to do with Sun's Java updates) (3. X Name or Startup Item on Sysinfo.org=wmon) ++++++++++ Added by the AGOBOT-OW WORM!
***help please! I don't know about this one--I'm thinking it's probably '1.' but just don't know. ?


hkcmd.exe/Kristina-----2 entries on Sysinfo.org: (1. N Name or Startup Item on Sysinfo.org=hkcmd) (2. N Name or Startup Item on Sysinfo.org=HotKeysCmds) ++++++++++ (both entries: Installed by the Intel 810 and 815 chipset graphic drivers. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel)

Apoint.exe/Kristina-----2 entries on Sysinfo.org: (1. U Name or Startup Item on Sysinfo.org=AlpsPoint) (2. U Name or Startup Item on Sysinfo.org=Apoint) ++++++++++ (both entries: Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work.)

DLG.exe/Kristina-----2 entries on Sysinfo.org: (1. X Name or Startup Item on Sysinfo.org=cryptdlg) ++++++++++ Added by an unidentified TROJAN! (2. N Name or Startup Item on Sysinfo.org=Digital Line Detect) ++++++++++ Detects whether you are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems)
***help please!

alg.exe/LOCAL SERVICE-----2 entries on Sysinfo.org: (1. X Name or Startup Item on Sysinfo.org=ALG.EXE) (Command or Data on Sysinfo.org=iexplorer.exe) ++++++++++ Added by the DEMOTRY-B WORM! (2. X Name or Startup Item on Sysinfo.org=Anti-Virus Update Scheduler V1.39.12R) (Command or Data on Sysinfo.org=[various filenames]) ++++++++++ Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more) ***definitely help please if still there after I run AdAware, Spybot S&D, AVG, and CCleaner!

IEXPLORE.EXE/Kristina-----21 entries on Sysinfo.org; all are X; only two are all uppercase letters same as my taskbar Image Name is: (1. X Name or Startup Item on Sysinfo.org=$WindowsRegKey%update--not sure if there is or isn't a space betw the last % and "update") Command or Data on Sysinfo.org=IEXPLORE.EXE) ++++++++++Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
(2. X Name or Startup Item on Sysinfo.org=Internet Explorer) (Command or Data on Sysinfo.org=IEXPLORE.EXE) ++++++++++ Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder ***OMG!! definitely help please if still there after I run AdAware, Spybot S&D, AVG, and CCleaner!!


taskmgr.exe/Kristina-----7 entries on Sysinfo.org; 1 is U, 1 is N, and 5 are X. I believe mine is probably the N, but how can I be sure??

avgupsvc.exe/SYSTEM-----not listed but I know this is AVG

avgamsvr.exe/SYSTEM-----2 entries on Sysinfo.org; both are Y ++++++++++ AVG antivirus related

AOLacsd.exe/SYSTEM-----Y 1 entry on Sysinfo.org (Name or Startup Item on Sysinfo.org=AolAcsDaemon1) (Command or Data on Sysinfo.org=AOLACSD.EXE) ++++++++++ AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually. I don't use AOL for ANYthing, that I know of, although there are AOL listings in my Add/Remove Programs and an AOL icon on desktop that says "Free 6 Months Try AOL". (New computer from Dell, one month old) Can I Remove all AOL stuff? I'm not interested!

spoolsv.exe/SYSTEM-----6 entries on Sysinfo.org; 5 are X and one is Y. As follows:

~~Name or Startup Item~~ ~~Status~~ ~~Command or Data~~ ~~Description~~

~~~~~~~~clock~~~~~~~~~~~~X~~~~~~~[various filenames]~~~~~LiveChat Adware......
~~~~~~~~load~~~~~~~~~~~~~X~~~~~~~Spoolsv.exe~~~~~~~~~~Added by CIADOOR.B TROJAN.....
~~~~~Print Spooler~~~~~~~~~X~~~~~~~~Spoolsv.exe~~~~~~~~~Added by the CIADOOR.B TROJAN.....
~~~~~~~Spoolsv~~~~~~~~~~~X~~~~~~~~Spoolsv.exe~~~~~~~~~Added by the CIADOOR.121 VIRUS.....
~~~~~~SVCHOST~~~~~~~~~~X~~~~~~~SPOOLSV.EXE~~~~~~~Added by the BAITAP-A WORM.....
~~~~~[random name}~~~~~~~~Y~~~~~~~spoolsv.exe~~~~~~~~~~PurityScan/Clickspring adware
***help please if still there after I run AdAware, Spybot S&D, AVG and CCleaner!

svchost.exe/LOCAL SERVICE-----75 entries on Sysinfo.org; most are X, one is ?, and 4 are U. None of the entries on Sysinfo.org say LOCAL SERVICE. ***help please!!

svchost.exe/NETWORK SERVICE-----75 entries on Sysinfo.org; most are X, one is ?, and 4 are U. None of the entries on Sysinfo.org say NETWORK SERVICE. ***help please!!

explorer.exe/Kristina-----61 entries on Sysinfo.org; one is U, the others are all X. Looking at the U one: (Name or Startup Item on Sysinfo.org=explorer) (Command or Data on Sysinfo.org=explorer.exe) ++++++++++ the Description for the U one one on Sysinfo.org says: Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that is is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL
***what to do what to do? help please if still there after I run AdAware, Spybot S&D, AVG and CCleaner!


WLKEEPER.exe/SYSTEM-----not listed ***help please!


wmiprvse.exe/SYSTEM-----X (only one entry); Added by the SONEBOT-B WORM!

ZCfgSvc.exe/Kristina-----U (only one entry); ++++++++++ part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards

S24EvMon.exe/SYSTEM-----? (only one entry); ++++++++++ Event Monitor - supports driver extensions to NIC Driver for wireless adapters. Is it required?

EvtEng.exe/SYSTEM-----not listed ***help please!

svchost.exe/SYSTEM-----75 entries on Sysinfo.org ***help please

svchost.exe/NETWORK SERVICE-----75 entries on Sysinfo.org ***help please

svchost.exe/SYSTEM-----75 entries on Sysinfo.org ***help please

lsass.exe/SYSTEM-----X 25 entries on Sysinfo.org and all are X !!

services.exe/SYSTEM-----54 entries on Sysinfo.org; one is Y, two are U, and the rest are X. The two U are keyloggers and say to remove them unless you installed them yourself. The Y one (Name or Startup Item on Sysinfo.org=Raptor Mobile) (Command or Data on Sysinfo.org=vpnservices.exe) ++++++++++ Symantec VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking.

winlogon.exe/SYSTEM-----X 21 entries on Sysinfo.org; all are X !!

csrss.exe/SYSTEM-----42 entries on Sysinfo.org; two are U, the rest are X. One U says it is surveillance software and to uninstall it if you didn't put it there yourself. The other U says EmployeeWatch is a commercial surveillance software program designed to monitor user activity on a computer.

smss.exe/SYSTEM-----24 entries on Sysinfo.org; all are X !!

DSAgnt.exe/Kristina-----not listed ***help please!

1XConfig.exe/Kristina-----not listed ***help please!

zlclient.exe/Kristina-----Y 2 entries; both are Y ++++++++++ both are: Firewall program from Zonelabs.

avgemc.exe/Kristina-----Y 2 entries; both are Y ++++++++++ both are: AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses.

vsmon.exe/SYSTEM-----2 entries; one Y, one X. As follows: Y (Name or Startup Item on Sysinfo.org=TrueVector) (Command or Data on Sysinfo.org=VSMON.EXE) ++++++++++ Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this.
X (Name or Startup Item on Sysinfo.org=Zone Alarm) (Command or Data on Sysinfo.org=vsmon.exe) ++++++++++ Added by the RBOT.BO WORM! If this was the ZoneAlarm firewall the name column would be TrueVector.
***help please!! Mine is the X one, isn't it?

wdfmgr.exe/LOCAL SERVICE-----X (only one entry on Sysinfo.org) ++++++++++ Added by the AGOBOT-TB WORM!

svchost.exe/SYSTEM-----75 entries on Sysinfo.org ***help please!

RegSrvc.exe/SYSTEM-----X (only one entry on Sysinfo.org) ++++++++++ Added by the STOPED-A TROJAN!

NicConfigSvc.exe/SYSTEM-----not listed ***help please!

System/SYSTEM-----1339 entries on Sysinfo.org ***help please!

System Idle Process/SYSTEM-----not listed, but I believe it is supposed to be there?



~~~~~~~~~~~~~~~~~~~~~~~~
Sure hope this all fits in one post!!
~~~~~~~~~~~~~~~~~~~~~~~~



HiJack This


Logfile of HijackThis v1.99.1
Scan saved at 1:42:00 PM, on 10/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\MyCreated HJT Folder\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


Is that everything I need to post??

Besides Thank you so much for your time in helping me!!

Edited by Lily Livered, 29 October 2005 - 04:02 PM.

Dell Inspiron 6000--Mobile Intel Pentium M 730J/1.60GHz--512MB--60 or 80GB HD, can't remember for sure--wireless--XP Home SP2
AVG--ZoneAlarm--Ad-Aware SE--Spybot S&D--SpywareBlaster--SpywareGuard--Ewido--a-squared--CCleaner--HJT--IE and Firefox

BC AdBot (Login to Remove)

 


#2 Lily Livered

Lily Livered
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 02 November 2005 - 03:23 AM

Please please please don't beat me down for this. I'm not being ugly; I promise. I've counted at least 6 posts on HJT that were posted AND answered after mine. I thought you all worked from the back-upwards?

I can't stress enough to you that I'm not being ugly about it...I've just been very worried about the stuff I found in my Startup when I went and looked them up, and I've been trying so hard to exercise some patience, which I'm not known to have much of.

I know you all do this of your own free time and I truly do appreciate that this board exists. Everyone is so kind.

Just wondering and couldn't help myself from posting. Please don't be offended.
Dell Inspiron 6000--Mobile Intel Pentium M 730J/1.60GHz--512MB--60 or 80GB HD, can't remember for sure--wireless--XP Home SP2
AVG--ZoneAlarm--Ad-Aware SE--Spybot S&D--SpywareBlaster--SpywareGuard--Ewido--a-squared--CCleaner--HJT--IE and Firefox

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 02 November 2005 - 12:39 PM

Hi Lily Livered,

First let me say that, from looking at your log, there is not much bad there. So don't worry so much. :thumbsup:

Second, you're suffering from several misconceptions and misunderstandings. A lack of patience, which you admit to yourself, is the cause of a lot of it. I don't mean to offend you and I may sound like a jerk to you, but let me outline how this normally works. You could have saved yourself a lot of time if you had known this before hand, and this saves us time.

1. You have some symptoms that make you suspect you have malware of some kind.

2. You do all you know how to fix it. For most people this means running security programs like an anti-virus, anti-spyware, etc. Some who are familiar with the registry will find what needs to be edited out there. But a little bit of knowledge can be dangerous. If you don't know exactly what you are doing you can get in trouble. And even folks with experience with the registry can get in trouble if they don't know what the malware is doing.

3. You submit a HijackThis log. That is all that needs to be posted in the initial post of any thread along with a description of the symptoms and what has already been done to remedy the problem.

4. You then wait for a response. This is where the greatest deal of patience comes in. At this site we have filters to answer the oldest topic with no replies first. So instead of the top of the list being the first post on the first page of the forum, the first topic to be answered will be several pages deep, depending on the size of the backlog of unanswered posts. So if you reply to your topic before it gets answered, as you have done, you actually push yourself to the back of the line.

5. When you get a response, follow the instructions to remedy your problem. Everything will go much smoother if you follow all instructions and put your trust in the person who is helping you.

The point of this last is that the main purpose of a HJT log session is to solve a problem. You can learn from what is done, but consider that there are a lot of logs to do, yours it not the only log the helper is handling, some take an extremely long time to do, and the helper has spent a lot of time to get the experience to be able to help you more quickly than you could help yourself. So, as much as I and others would like to help you learn the ropes, we really don't have the time to do so.

All those questions you are asking help with are good questions, but our main purpose is to answer the question of how to fix the problem and move on. It saves us time and would have saved you the six hours you spent on this. Again, I would love to teach you what all this means, but those sort of questions should be asked in another forum, or if you want to learn this stuff, you can become an HJT Trainee.

I will tell you that you are confusing processes with startups. This can get pretty involved, but not all processes are startups in the classic sense of the word. Instead of looking in Task Manager for startups, you should look in MSCONFIG. Task Manager is for looking at processes that are running. MSCONFIG is for looking at certain registry keys that are set to start some programs to start when window starts. Those other processes got started in a different way, by different reg entries and is very complex.

What HJT looks at and deals with is some of these reg entries that start processes in different ways.

The second misconception you are suffering from is using just one source of information (sysinfo.org) and that is meant only for startups (in the classic sense of the word) and not all processes. There are process lists available, and even that you need to know how to interpret this info. That is what we as helpers ae trained to do and have the experience with to do more quickly.

Soooo... :flowers: you have one minor problem that is a privacy concern. Please do exactly the following to correct it.

Scan again with HijackThis 1.99.1. Put a checkmark by the following entries, double-checking to be sure that only these entries are checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

Close all other windows--you should only see HijackThis on your Desktop--and then click the "Fix checked" button.

Reboot your computer.

That's it. To double-check, scan again with HijackThis and post a new log.

If there is something else happening that makes you think you have malware let me know. Like a lot of popups, extreme sudden slowness, suspicioous outgoing traffic in your firewall, etc. Not even HijackThis looks at everything. But I think you're in good shape and my advise is don't look for things to worry about.

Just a couple of more things. Managing startups is what HijackThis does, but we use it to rid folks of malware primarily. Some of the startups are rated as useless, but we don't really have the time to go into all those. You can use HijackThis to fix any that are rated N. Classic startups that you seem to be interested in begin with 04 in HijackThis. I could help you with those, but I suggest that you post in another forum asking for help with managing startups of a non-malicous nature.

Please don't use those lite colored text. It is extremely hard to read.

The thing about people

is they change

when they walk away.--Mipso


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 PM

Posted 02 November 2005 - 01:32 PM

Well basically we do try to go bottom up, but the volunteers are not required to do it this way. Ultimately all logs will get done, but sometimes may take a bit longer than a poster wants smile.gif

Here is an analysis of the above processes you were concerned about. If there is an entry not listed in my descrips, that means you were right in your assessment and should prob be left alone.

dlbtbmon.exe/Kristina-----Valid dell file. Not sure what its for.

dlbtbmgr.exe/Kristina-----Dell again.

wordpad.exe/Kristina----- Your seeing this because wordpad is open..

ApntEx.exe/Kristina-----Touchpad driver for your laptop...

mmtask.exe/Kristina----- This is valid but not necessary. Turn it off
mm_tray.exe/Kristina----- This is valid but not necessary. Turn it off


PCMService.exe/Kristina----- dell file. Unknown if necessary but probably not needed to run. asking you to submit it below.


jusched.exe/Kristina----- Java update scheduler. Legit but not necessary unles you want to be notified about new java updates.

hkcmd.exe/Kristina----- Your choice..if you dont use, disable.

Apoint.exe/Kristina----- Test this disabled and see if its needed.

DLG.exe/Kristina----- You can tend to disable this without any problems.

alg.exe/LOCAL SERVICE----- Legit leave alone

IEXPLORE.EXE/Kristina----- Internet explorer process. You prob had IE open so its legit/

taskmgr.exe/Kristina----- Windows task manager..legit

AOLacsd.exe/SYSTEM----- Asbolutely...remove all AOL stuff if you are not using it.

spoolsv.exe/SYSTEM----- For printing..leave alone


svchost.exe/LOCAL SERVICE----- leave these alone..perfectly legit

explorer.exe/Kristina----- leave alone..perfectly legit

WLKEEPER.exe/SYSTEM----- you have a wireless lan card? This is its driver.


wmiprvse.exe/SYSTEM-----X (only one entry); Added by the SONEBOT-B WORM!

ZCfgSvc.exe/Kristina----- leave alone

S24EvMon.exe/SYSTEM----- leave alone

EvtEng.exe/SYSTEM-----not listed ***help please!

lsass.exe/SYSTEM----- leave alone


winlogon.exe/SYSTEM----- leave alone

csrss.exe/SYSTEM----- Leavel alone

smss.exe/SYSTEM----- leave alone

DSAgnt.exe/Kristina----- dell support...you can disable this

1XConfig.exe/Kristina-----part of intel card


vsmon.exe/SYSTEM----- zonealarm

wdfmgr.exe/LOCAL SERVICE----- leave alone

RegSrvc.exe/SYSTEM----- leave alone

NicConfigSvc.exe/SYSTEM----- for network card


--------------------

#5 Lily Livered

Lily Livered
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 02 November 2005 - 06:14 PM

Well, now I humiliated myself. I apologise for offending.
I was just trying to (and am trying to get accustomed to) help myself before I go trying to get someone to "do it for me." I don't mess with anything I'm not sure of which is a LOT, and especially not the registry.

I just wanted to be thorough about what I thought were problems, in order to not aggravate whomever might try to help me. I'm really sorry.

I didn't double-post though. It was a separate post that was merged with this one (I wish it had been deleted instead). I only thought that since the ones at the top of the list which had been posted in the last two days and answered already may mean that mine had accidently been overlooked since it was more than 14 pages back last time I checked. Which I understand is common; I saw that mine wasn't the only one way back there. I understand the rules/guidelines and keep checking them to make sure I'm doing okay.

I've seen a lot of discussion on unneccesary STARTUPs causing problems. And had been putting off tackling the lookups, but finally dug my heals in and only succeeded in making myself look dumber than I am. I was under the impression that looking those things up was something I needed to do to help my security. So when I saw all those entries with the words "added by trojan so and so" or "worm so and so" etc, I thought maybe they were bad bad news which weren't being spotted by my malware programs.

I used to never get viruses or trojans and now I can't go looking through the net anymore because I always end up with something or more than one. I feel like I can't go surfing anymore at all and rarely do, much as I want to. That's why I want to learn how to take care.

I'm good about running the few things that I'm fairly comfortable with (AVG, Ad-Aware, Spybot and CCleaner). I read and read and read here to learn these things and have seen a lot of people who are using a-squared and SpywareBlaster, so I just added both of those in the past couple of days. And I have read the tutorial on SpywareBlaster, but haven't looked for one yet on a-squared, so I haven't put those two to use yet.

Again, I apologise. And I thank you for your help. Here is my new log after having checked and "Fixed" the entries you gave.


Grinler, thanks for going through those things with me...I'll look at them more closely when this HJT is done. BUT, if I have more questions due to what your answer is, should I post them here in this thread or go make a new thread in another location here at BC? I really do aim to please/do things correctly.

Thank you both.


Logfile of HijackThis v1.99.1
Scan saved at 4:29:14 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\MyCreated HJT Folder\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Dell Inspiron 6000--Mobile Intel Pentium M 730J/1.60GHz--512MB--60 or 80GB HD, can't remember for sure--wireless--XP Home SP2
AVG--ZoneAlarm--Ad-Aware SE--Spybot S&D--SpywareBlaster--SpywareGuard--Ewido--a-squared--CCleaner--HJT--IE and Firefox

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 PM

Posted 03 November 2005 - 01:51 PM

Your doing fine...dont worry about it. If you have questions about any of your startup programs, I have created a forum devoted to that and can be found here:

http://www.bleepingcomputer.com/forums/f/85/windows-startup-programs-database/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users