Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious looking startup entries?


  • Please log in to reply
7 replies to this topic

#1 Ghostlilly

Ghostlilly

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Utah
  • Local time:12:57 PM

Posted 13 August 2010 - 05:23 PM

I recently have been working on my mothers computer for her, just making sure everything is up to date and trying to make it run faster.

I went into the System Configuration Utility to remove some of the programs that startup when I turn the computer on to make it run a little faster, and I found a few entries that look suspicious. And yes, I was using the Startup list section of your site to do this. I'm going to post them in order from the most concerning to least for you, then I will go into more detail about them.


nwiz
nwiz.exe /installquiet /keeploaded /nodetect

ALCXMNTR
ALCXMNTR.EXE

NvCpl
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

qttask
C:\Program Files\QuickTime\qttask.exe -atboottime

Updates from HP
c:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE -startup

jusched
c:\Program Files\Common Files\Java\Java Update\jusched.exe


nwiz: This is the most concerning. When I looked it up on your startup list I saw all those scary looking X's and the command it is under just makes me more concerned.

ALCXMNTR: Looks like spyware, how do I remove it if it is?

NvCpl: cant really tell if this is bad or just this: http://www.bleepingcomputer.com/startups/NvCpl-3803.html

qttask: Not really sure if I should be worried about this one or not.

Updates from HP: On your system start up "BACKWE~1.EXE"'s name is "Data LifeGuard" but on my computer its under Updates from HP. Probably not anything bad, I'm just wanting to cover all my bases.

jusched: Looks like the updater for Java, but still slightly concerning. Again, just wanting to cover all my bases for things I'm not 100% sure with.


I have currently disabled all of these. Now I just need to know if I should do more about them or not. Here is some information about the computer this is all on, since you will probably need that.

System: Microsoft XP Home edition version 2002 Service pack 3

and its an HP computer

Thanks for you help. :thumbsup:

BC AdBot (Login to Remove)

 


#2 toop4

toop4

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 13 August 2010 - 05:58 PM

I'll try to tell you every thing I know about the ones that I do:

nwiz looks like NVIDIA nView control panel.

ALCXMNTR - RealTek Monitor.

NvCpl - if the file extension is .dll I'm pretty sure is save, but if it's .exe, again, pretty sure is some type of malware.

qttask - looks like QuickTime Tray Icon.

jusched - Java's automatic updater.

It wouldn't hurt to say, run MalwareBytes Anti-Malware to double check everything.

Hope this helped.

:thumbsup:

#3 Ghostlilly

Ghostlilly
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Utah
  • Local time:12:57 PM

Posted 13 August 2010 - 08:27 PM

My malwearebytes is having problems of its own and not wanting to update. :thumbsup:

#4 toop4

toop4

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 13 August 2010 - 09:03 PM

Error message?

#5 Ghostlilly

Ghostlilly
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Utah
  • Local time:12:57 PM

Posted 13 August 2010 - 09:12 PM

Yes I get an error. Says error code 732, I tried to contact Malwarebytes about it but haven't had any luck yet. :/ I was planing on either just reinstalling the program, or posting another topic about it on here.

#6 toop4

toop4

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 13 August 2010 - 09:25 PM

1) Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2) Restart your computer (very important).
3) Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe
4) It will ask to restart your computer, do so.
5) After the computer restarts, reinstall the latest version from here: http://www.malwarebytes.org/mbam-download.php

Click the update tab, and check for updates.

Then, run a quick scan.

If you find something, I'll have an admin either move the topic, or assist you, etc.

#7 Ghostlilly

Ghostlilly
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Utah
  • Local time:12:57 PM

Posted 14 August 2010 - 03:11 PM

okay. Malwarebytes is currently scanning. I just had a question while it does that. The NvCpl has both a NvCpl.exe and a NvCpl.dll in the command but I'm not sure what the file extension for it is to double check it. Anyway I can figure it out?

#8 toop4

toop4

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 14 August 2010 - 06:20 PM

If you can see where the file is, you should be able to right click it, and see which it is...

By running MBAM it should also pick it up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users