Startup items making me sick now ( HelP Me)

pirates1323 · 30-05-2005, 11:53 AM

The following tasks starts up in task Manager when I start my computer....... I have noticed tht If I end task then my computer goes a bit fast.. can u explain a bit about the following taks.. huh :roll: :roll:

alg.exe
Msctrl32ocx.exe
pctspk.exe
mdm.exe
isafe.exe
spoolsv.exe
mantispm.exe
wuauclt.exe

The above tasks eats my ram... any suggestion.. or something about the above.. :roll: :roll: :roll:

swatkat · 30-05-2005, 01:31 PM

alg.exe --> Essential process
Msctrl32ocx.exe --> VIRUS Troj/Bdoor-BK
pctspk.exe --> Non essential, you can disable this one.
mdm.exe --> Non essential, you can disable it.
isafe.exe --> Related to ZoneAlarm AntiVirus (eTrust), essential
spoolsv.exe --> Essential Windows process
mantispm.exe --> Related to MailFrontier software, you can disable it.
wuauclt.exe --> Checks for Windows updates automatically, disable it, if you dont want Automatic updates.

You better update your AV and scan your system. Also, you could use TrojanHunter to remove Trojans.

htnakirs · 30-05-2005, 01:44 PM

Not using printer, disable spoolsv.exe

anomit · 30-05-2005, 02:08 PM

I think another class of spoolsv.exe is also registered as a trojan (Backdoor.Ciadoor.B) and his comp is already infected. See if the file spoolsv.exe tries to access the internet using the port 1987. ZoneAlarm should tell you that.

If u dont use a printer, this is serious.

pirates1323 · 30-05-2005, 02:51 PM

All of u r sying to disable it.... u mean whenever I start my comp... I have to end process everytime in task manager.....

Quote:

Originally Posted by swatkat

Msctrl32ocx.exe --> VIRUS Troj/Bdoor-BK

I scanned memory with trojan hunter and then stopped .... it did not detect it...eh!

sriram_d · 30-05-2005, 02:59 PM

type msconfig in the run command box, then disable all the unwanted startup items and your computer runs faster and then run the trojan hunter or any antivirus software, hope the infection is removed

swatkat · 30-05-2005, 05:45 PM

Quote:

Originally Posted by pirates1323

All of u r sying to disable it.... u mean whenever I start my comp... I have to end process everytime in task manager.....

Quote:

Originally Posted by swatkat

Msctrl32ocx.exe --> VIRUS Troj/Bdoor-BK

I scanned memory with trojan hunter and then stopped .... it did not detect it...eh!

Download HijackThis and unzip it to a folder (like C:\HJT\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log. Copy the entire contents of the file and post it here.

NikhilVerma · 30-05-2005, 06:33 PM

And I would prefer if you use...

Spybot Search and Destroy's "Tea Timer" utility....

It block out most of the memory resident applications....

pirates1323 · 30-05-2005, 06:58 PM

Quote:

Originally Posted by swatkat

Copy the entire contents of the file and post it here.

Logfile of HijackThis v1.99.1
Scan saved at 6:56:40 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\ZoneLabs\isafe.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\ping.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
E:\Program Files\Mozilla Firefox\firefox.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115285933312
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD24234-F6A4-4272-AB47-65F1A7FAA263}: NameServer = 202.144.115.4,202.144.50.4
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: MediaSource - Cat Soft - E:\WINDOWS\system32\Msctrl32ocx.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - E:\WINDOWS\system32\MsCtrl32ocx.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

swatkat · 30-05-2005, 08:07 PM

Right-click on the empty part of the Desktop, choose "New" > "Text Document" to open NotePad. Copy the contents of the below "Code" box and paste it in NotePad.

Code:

cd %windir%
cd system32
sc config MediaSource start= disabled 
sc stop MediaSource
sc delete MediaSource
sc config Serv-U FTP Server start= disabled 
sc stop Serv-U FTP Server
sc delete Serv-U FTP Server
attrib -s -r -h Msctrl32ocx.exe
del Msctrl32ocx.exe

Go to File Menu> Save As and type the filename as Fix.bat and save it. Exit from NotePad.

Reboot in SAFE Mode.

Double-click on the Fix.bat file, a DOS type window should open up, and after few seconds close it.

Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: MediaSource - Cat Soft - E:\WINDOWS\system32\Msctrl32ocx.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - E:\WINDOWS\system32\MsCtrl32ocx.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Reboot to Normal Mode and run HijackThis again. Then click Do a System scan and save log, and post the fresh log here.

pirates1323 · 31-05-2005, 08:05 AM

Fresh log goes here:

Logfile of HijackThis v1.99.1
Scan saved at 8:05:19 AM, on 5/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\ZoneLabs\isafe.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\ping.exe
E:\Program Files\Mozilla Firefox\firefox.exe
D:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115285933312
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD24234-F6A4-4272-AB47-65F1A7FAA263}: NameServer = 202.144.115.4,202.144.50.4
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

swatkat · 31-05-2005, 10:21 AM

Ok! Log looks clean!

pirates1323 · 31-05-2005, 10:23 AM

Quote:

Originally Posted by swatkat

Ok! Log looks clean!

Thz for ur help .. 8)

swatkat · 31-05-2005, 10:29 AM

And, you can disable some of the other processes you mentioned in your first post by using msconfig. Go to Start> Run and type msconfig and press ENTER. Here click "StartUp" tab, and uncheck these processes:-
pctspk.exe --> Non essential, you can disable this one.
mdm.exe --> Non essential.
mantispm.exe --> Related to MailFrontier software, you can disable it.
wuauclt.exe --> Checks for Windows updates automatically, disable it, if you dont want Automatic updates.

pirates1323 · 31-05-2005, 10:44 AM

Quote:

Originally Posted by swatkat

And, you can disable some of the other processes you mentioned in your first post by using msconfig. Go to Start> Run and type msconfig and press ENTER. Here click "StartUp" tab, and uncheck these processes:-
pctspk.exe --> Non essential, you can disable this one.
mdm.exe --> Non essential.
mantispm.exe --> Related to MailFrontier software, you can disable it.
wuauclt.exe --> Checks for Windows updates automatically, disable it, if you dont want Automatic updates.

Hey u see my start up tab:

swatkat · 31-05-2005, 01:08 PM

mdm.exe --> Go to Start> Run and type services.msc and press ENTER. Here disable the service "Machine Debug Manager". Also, open Internet Explorer, go to Tools> Internet Options. Here click "Advanced" tab, and uncheck the option "Display notification for eyery script error" and check the option "Disable script debugging".

mantispm.exe --> Related to MailFrontier software, look for the option to disable autostart in the software itself.

wuauclt.exe --> Disable Automatic updates, to do this, go to Control Panel> System. Click "Automatic Updates" tab, un-select the "Keep my computer up to date" box. Click OK and exit.

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine