nitro2gomike
asked on
Virus or Malware Issue on XP PRO
I am running on XP Pro Service Pack 2. I have AVG, AdAware SE, and Spybot. I am having some issues with my pc. Periodically my monitor will flicker and I may be running a program and it will freeze. I have run all three virus, spyware, and malware programs on my pc in normal mode and safe mode to no avail. I do notice when I am shutting down my pc I get a message stating a certain dll. file needs to close. I have not been able to get a good look at it and don't know enuff about these files to mess with them. If anyone has any suggestions or possible solutions they would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is the analisys
Logfile of HijackThis v1.99.1
This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
This should be the newest version.
C:\WINDOWS\System32\smss.e xe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\winlog on.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\servic es.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass. exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\Ati2ev xx.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchos t.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\svchos t.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\ZoneLa bs\vsmon.e xe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\WLTRYS VC.EXE
Safe
Broadcom Corporation Wireless Network Tray Applet
C:\WINDOWS\System32\bcmwlt ry.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\spools v.exe
Safe
This entry was classified from our visitors as good.
C:\PROGRA~1\COMMON~1\AOL\A CS\AOLacsd .exe
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\aol\acs\! Check if you know this process and arrange a viruscheck where required. Part of AOL
C:\PROGRA~1\Grisoft\AVG7\a vgamsvr.ex e
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\a vgupsvc.ex e
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\a vgemc.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\Ati2ev xx.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
Safe
C:\WINDOWS\system32\WLTRAY .exe
Very safe This is a unknown process.
This entry was classified from our visitors as good.
C:\WINDOWS\stsystra.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\ATI Technologies\ATI.ACE\cli.e xe
Very safe
ATI Control Center
C:\Program Files\Dell\QuickSet\quicks et.exe
Safe
C:\WINDOWS\system32\dla\tf swctrl.exe
Neutral
HP DLA Packet Writing Software
C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe
Very safe
Install Shield Software Update
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Very safe
Google Desktop Search
C:\Program Files\Dell\MediaDirect\PCM Service.ex e
PowerCinema
C:\PROGRA~1\Grisoft\AVG7\a vgcc.exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Microsoft IntelliType Pro\type32.exe
Very safe
Possibly nasty! According to our database this process runs normally in c:\programme\microsoft hardware\keyboard\! Check if you know this process and arrange a viruscheck where required.
C:\Program Files\Microsoft IntelliPoint\point32.exe
Safe
C:\Program Files\Hewlett-Packard\Tool box2.0\Apa che Tomcat 4.0\webapps\Toolbox\Status Client\Sta tusClient. exe
Very safe
Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packa rd\toolbox \statuscli ent\! Check if you know this process and arrange a viruscheck where required. Toolbox for a Hewlett-Packard Printer
C:\Program Files\NetWaiting\netWaitin g.exe
NetWaiting
C:\Program Files\Dell Support\DSAgnt.exe
Very safe
Dell Support Application
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex. exe
Very safe
Goodle Dekstop Search
C:\Program Files\Google\GoogleToolbar Notifier\1 .2.1128.54 62\GoogleT oolbarNoti fier.exe
Safe
Associated with GoogleToolbarNotifier from Google Inc.
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDispla y.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\ctfmon .exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Messenger\msmsgs.exe
Safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Yahoo!\MESSEN~ 1\YAHOOM~1 .EXE
Fuzzy Algorithmcheck (4.18 / 5.00), Safe
C:\Program Files\Hewlett-Packard\Tool box2.0\Jav asoft\JRE\ 1.3.1\bin\ javaw.exe
Possibly nasty! According to our database this process runs normally in c:\programme\java\jre1.5.0 _05\bin\! Check if you know this process and arrange a viruscheck where required. Java
C:\Program Files\Digital Line Detect\DLG.exe
Safe
Digital Line Detect - BVRP Phone Tools software suite
C:\Program Files\Internet Explorer\iexplore.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\ATI Technologies\ATI.ACE\cli.e xe
Very safe
ATI Control Center
C:\PROGRA~1\MI1933~1\Offic e10\OUTLOO K.EXE
Possibly nasty! According to our database this process runs normally in c:\programme\microsoft office\office11\! Check if you know this process and arrange a viruscheck where required. E-Mail Client für Windows.
C:\PROGRA~1\ZONELA~1\ZONEA L~1\MAILFR ~1\mantisp m.exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Microsoft Office\Office10\WINWORD.EX E
Safe
Microsoft Word
E:\Hijack This\HijackThis.exe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\Hi jackThis.e xe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
This page has been identified as safe.
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
Safe This page has been identified as safe.
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This page has been identified as safe.
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This page has been identified as safe.
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Safe This page has been identified as safe.
R1 - HKLM\Software\Microsoft\In ternet Explorer\Search,Default_Pa ge_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
This page has been identified as safe.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll
This entry has been identified as safe.
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll
Ycomp*_*_*_*.dll - Yahoo Companion!, Yahoo Companion!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
Very safe AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-3 45BE45BC91 1} - C:\Program Files\Yahoo!\Search\YSearc hSuggest.d ll
Fuzzy Algorithmcheck (2.33 / 5.00), Nasty
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrv c.dll
SBC Yahoo! Browser related
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
Neutral tfswshx.dll - Hewlett-Packard/Veritas DLA software
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 2.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A 07C3DB8F77 7} - C:\Program Files\BAE\BAE.dll
GoogleAE.dll - Google Search related, found on Dell computers. Reportedly responsible for displaying this, http://www.google.com/hws/dell/afe? placeholder web page; also see here, http://www.gamedev.net/community/forums/ topic.asp?topic_id=368054 a
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
Safe This entry was classified from our visitors as good.
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll
Neutral Ycomp*_*_*_*.dll - Yahoo Companion!, http://companion.yahoo.com/
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
Very safe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY .exe
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.e xe" runtime -Delay
Very safe ATI Catalyst ControlCenter
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quicks et.exe
Very safe Not dangerous, but unnecessary. Dell taskbar icon allowing you to quickly change settings
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
Safe Part of Sonic Solutions DVD/CD Suite / HP's packet writing software
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\ISUSPM. exe -startup
Not dangerous, but unnecessary. InstallShield Update Service related; Automatically searches for and performs any updates to the software. Not required.
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start
Very safe Not dangerous, but unnecessary. InstallShield Update Service Scheduler; automatically searches for and performs any updates to the software so youre always working with the most current version. Not required.
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Very safe Not dangerous, but unnecessary. Google Desktop Search -
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCM Service.ex e"
In a Dell\Media Experience sub-directory
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\a vgcc.exe /STARTUP
Very safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
Neutral Not dangerous, but unnecessary. QuickTime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e"
Very safe Firewall program from Zonelabs. Pro version inlcudes other online security options
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
Safe O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
Safe Not dangerous, but unnecessary. For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Safe Microsoft IntelliPoint
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Tool box2.0\Apa che Tomcat 4.0\webapps\Toolbox\Status Client\Sta tusClient. exe /auto
Part of Hewlett-Packard Toolbox
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Tool box2.0\hpb psttp.exe
Very safe Part of Hewlett-Packard Toolbox
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaitin g.exe
Safe Dell V.92 modem control software
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
Neutral Dell Support
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar Notifier\1 .2.1128.54 62\GoogleT oolbarNoti fier.exe
Very safe Associated with GoogleToolbarNotifier from Google Inc.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN ~1\YAHOOM~ 1.EXE" -quiet
Part of Yahoo Instant Messenger
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
Adjusts monitor colours across all programs
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Neutral Not dangerous, but unnecessary. Speeds up the time it takes to load the Adobe Reader application. Your choice
O4 - Global Startup: Digital Line Detect.lnk = ?
Neutral
The entry is unnecessary and can be fixed.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1 \Office10\ EXCEL.EXE/ 3000
The entry E&xport to Microsoft Excel has been identified as safe.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
Safe The entry has been identified as safe.
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
Very safe The entry Sun Java Console has been identified as safe.
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrv c.dll
Very safe The entry Yahoo! Services has been identified as safe.
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\system32\Shdocv w.dll
Safe The entry Real.com has been identified as safe.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Safe
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Very safe
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
Very safe The entry Messenger has been identified as safe.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
Safe The entry Windows Messenger has been identified as safe.
O11 - Options group: [INTERNATIONAL] International*
Neutral
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
Safe This entry was classified from our visitors as good.
O16 - DPF: {30528230-99f7-4bb4-88d8-f a1d4f56a2a b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth elper.dll
This entry has been identified as safe.
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~ 1\GOEC62~1 .DLL
Safe This entry was classified from our visitors as good.
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog on.dll
Safe This entry was classified from our visitors as good.
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc. exe
Safe This service (Adobelmsvc.exe) was identified as a good one.
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\A CS\AOLacsd .exe
This service (AOLacsd.exe) was identified as a good one.
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
Safe This service (Ati2evxx.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a vgamsvr.ex e
Very safe This service (avgamsvr.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a vgupsvc.ex e
Safe This service (avgupsvc.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a vgemc.exe
Very safe This service (avgemc.exe) was identified as a good one.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
Safe This service (GoogleUpdaterService.exe) was identified as a good one.
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm 12.exe
Safe This service (HPZipm12.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLa bs\vsmon.e xe
Very safe This service (vsmon.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYS VC.EXE
Very safe This service (WLTRYSVC.EXE) was identified as a good one.
Short analysis
Logfile of HijackThis v1.99.1
This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
This should be the newest version.
C:\WINDOWS\System32\smss.e
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\winlog
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\servic
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass.
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\Ati2ev
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchos
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\svchos
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\ZoneLa
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\WLTRYS
Safe
Broadcom Corporation Wireless Network Tray Applet
C:\WINDOWS\System32\bcmwlt
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\spools
Safe
This entry was classified from our visitors as good.
C:\PROGRA~1\COMMON~1\AOL\A
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\aol\acs\! Check if you know this process and arrange a viruscheck where required. Part of AOL
C:\PROGRA~1\Grisoft\AVG7\a
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\a
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\a
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\Ati2ev
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Synaptics\SynTP\SynT
Safe
C:\WINDOWS\system32\WLTRAY
Very safe This is a unknown process.
This entry was classified from our visitors as good.
C:\WINDOWS\stsystra.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\ATI Technologies\ATI.ACE\cli.e
Very safe
ATI Control Center
C:\Program Files\Dell\QuickSet\quicks
Safe
C:\WINDOWS\system32\dla\tf
Neutral
HP DLA Packet Writing Software
C:\Program Files\Common Files\InstallShield\Update
Very safe
Install Shield Software Update
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Very safe
Google Desktop Search
C:\Program Files\Dell\MediaDirect\PCM
PowerCinema
C:\PROGRA~1\Grisoft\AVG7\a
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Microsoft IntelliType Pro\type32.exe
Very safe
Possibly nasty! According to our database this process runs normally in c:\programme\microsoft hardware\keyboard\! Check if you know this process and arrange a viruscheck where required.
C:\Program Files\Microsoft IntelliPoint\point32.exe
Safe
C:\Program Files\Hewlett-Packard\Tool
Very safe
Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packa
C:\Program Files\NetWaiting\netWaitin
NetWaiting
C:\Program Files\Dell Support\DSAgnt.exe
Very safe
Dell Support Application
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.
Very safe
Goodle Dekstop Search
C:\Program Files\Google\GoogleToolbar
Safe
Associated with GoogleToolbarNotifier from Google Inc.
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDispla
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\ctfmon
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Messenger\msmsgs.exe
Safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Yahoo!\MESSEN~
Fuzzy Algorithmcheck (4.18 / 5.00), Safe
C:\Program Files\Hewlett-Packard\Tool
Possibly nasty! According to our database this process runs normally in c:\programme\java\jre1.5.0
C:\Program Files\Digital Line Detect\DLG.exe
Safe
Digital Line Detect - BVRP Phone Tools software suite
C:\Program Files\Internet Explorer\iexplore.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\ATI Technologies\ATI.ACE\cli.e
Very safe
ATI Control Center
C:\PROGRA~1\MI1933~1\Offic
Possibly nasty! According to our database this process runs normally in c:\programme\microsoft office\office11\! Check if you know this process and arrange a viruscheck where required. E-Mail Client für Windows.
C:\PROGRA~1\ZONELA~1\ZONEA
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
Safe
Microsoft Word
E:\Hijack This\HijackThis.exe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\Hi
R1 - HKCU\Software\Microsoft\In
This page has been identified as safe.
R1 - HKLM\Software\Microsoft\In
Safe This page has been identified as safe.
R1 - HKLM\Software\Microsoft\In
Safe This page has been identified as safe.
R1 - HKLM\Software\Microsoft\In
Safe This page has been identified as safe.
R0 - HKLM\Software\Microsoft\In
Safe This page has been identified as safe.
R1 - HKLM\Software\Microsoft\In
This page has been identified as safe.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
This entry has been identified as safe.
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
Ycomp*_*_*_*.dll - Yahoo Companion!, Yahoo Companion!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
Very safe AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
Safe This entry was classified from our visitors as good.
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-3
Fuzzy Algorithmcheck (2.33 / 5.00), Nasty
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2
SBC Yahoo! Browser related
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
Neutral tfswshx.dll - Hewlett-Packard/Veritas DLA software
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
Safe This entry was classified from our visitors as good.
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
Safe This entry was classified from our visitors as good.
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A
GoogleAE.dll - Google Search related, found on Dell computers. Reportedly responsible for displaying this, http://www.google.com/hws/dell/afe? placeholder web page; also see here, http://www.gamedev.net/community/forums/ topic.asp?topic_id=368054 a
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
Safe This entry was classified from our visitors as good.
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
Neutral Ycomp*_*_*_*.dll - Yahoo Companion!, http://companion.yahoo.com/
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
Very safe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.e
Very safe ATI Catalyst ControlCenter
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quicks
Very safe Not dangerous, but unnecessary. Dell taskbar icon allowing you to quickly change settings
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
Safe Part of Sonic Solutions DVD/CD Suite / HP's packet writing software
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTA
Not dangerous, but unnecessary. InstallShield Update Service related; Automatically searches for and performs any updates to the software. Not required.
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
Very safe Not dangerous, but unnecessary. InstallShield Update Service Scheduler; automatically searches for and performs any updates to the software so youre always working with the most current version. Not required.
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Very safe Not dangerous, but unnecessary. Google Desktop Search -
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCM
In a Dell\Media Experience sub-directory
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\a
Very safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
Neutral Not dangerous, but unnecessary. QuickTime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
Very safe Firewall program from Zonelabs. Pro version inlcudes other online security options
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
Safe O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
Safe Not dangerous, but unnecessary. For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Safe Microsoft IntelliPoint
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Tool
Part of Hewlett-Packard Toolbox
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Tool
Very safe Part of Hewlett-Packard Toolbox
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaitin
Safe Dell V.92 modem control software
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
Neutral Dell Support
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
Very safe Associated with GoogleToolbarNotifier from Google Inc.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN
Part of Yahoo Instant Messenger
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
Adjusts monitor colours across all programs
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Neutral Not dangerous, but unnecessary. Speeds up the time it takes to load the Adobe Reader application. Your choice
O4 - Global Startup: Digital Line Detect.lnk = ?
Neutral
The entry is unnecessary and can be fixed.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1
The entry E&xport to Microsoft Excel has been identified as safe.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
Safe The entry has been identified as safe.
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
Very safe The entry Sun Java Console has been identified as safe.
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2
Very safe The entry Yahoo! Services has been identified as safe.
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
Safe The entry Real.com has been identified as safe.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
Safe
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
Very safe
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
Very safe The entry Messenger has been identified as safe.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
Safe The entry Windows Messenger has been identified as safe.
O11 - Options group: [INTERNATIONAL] International*
Neutral
O16 - DPF: {17492023-C23A-453E-A040-C
Safe This entry was classified from our visitors as good.
O16 - DPF: {30528230-99f7-4bb4-88d8-f
This entry has been identified as safe.
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~
Safe This entry was classified from our visitors as good.
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
Safe This entry was classified from our visitors as good.
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
Safe This service (Adobelmsvc.exe) was identified as a good one.
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\A
This service (AOLacsd.exe) was identified as a good one.
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
Safe This service (Ati2evxx.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
Very safe This service (avgamsvr.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
Safe This service (avgupsvc.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
Very safe This service (avgemc.exe) was identified as a good one.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Safe This service (GoogleUpdaterService.exe)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
Safe This service (HPZipm12.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLa
Very safe This service (vsmon.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYS
Very safe This service (WLTRYSVC.EXE) was identified as a good one.
Short analysis
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Johnb6767 you had mentioned missing dll file. I am not aware of any missing dll files off hand. I just recently purchased a new Dell laptop with 1 m of RAM. It has an ATI Mobility Radeon X1400 video driver - Pretty much basic stuff.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just downloaded and installed this software. Is there an application or log file under one of the tabs that would allow me to go back in after a shut down to find out what files was not closing?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Logfile of HijackThis v1.99.1
Scan saved at 3:23:47 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\ZoneLa
C:\WINDOWS\System32\WLTRYS
C:\WINDOWS\System32\bcmwlt
C:\WINDOWS\system32\spools
C:\PROGRA~1\COMMON~1\AOL\A
C:\PROGRA~1\Grisoft\AVG7\a
C:\PROGRA~1\Grisoft\AVG7\a
C:\PROGRA~1\Grisoft\AVG7\a
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynT
C:\WINDOWS\system32\WLTRAY
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.e
C:\Program Files\Dell\QuickSet\quicks
C:\WINDOWS\system32\dla\tf
C:\Program Files\Common Files\InstallShield\Update
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCM
C:\PROGRA~1\Grisoft\AVG7\a
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\Tool
C:\Program Files\NetWaiting\netWaitin
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.
C:\Program Files\Google\GoogleToolbar
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDispla
C:\WINDOWS\system32\ctfmon
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~
C:\Program Files\Hewlett-Packard\Tool
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.e
C:\PROGRA~1\MI1933~1\Offic
C:\PROGRA~1\ZONELA~1\ZONEA
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
E:\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-3
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.e
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quicks
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTA
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCM
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Tool
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Tool
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaitin
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\A
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLa
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYS