[triadtechtalk] Re: Hijackthis

  • From: Armando Barreiro <avbsantos@xxxxxxxxxxxx>
  • To: triadtechtalk@xxxxxxxxxxxxx
  • Date: Mon, 26 Feb 2007 09:03:43 -0500 (GMT-05:00)

How to remove WGA, manually:
<http://www.pcdoctor-guide.com/wordpress/?p=3104>

And a removal tool for WGA in XP SP2 that users in the blog attest it works:
<http://www.wilderssecurity.com/showthread.php?t=135257>

However, I really don't see how WGA would account for your present problems with ZAlarm,
though there's always something new to be learned about Windows.
Have you checked ZAlarm's forum on this?

If uninstalling WGA fixes it then I guess that takes care of that.

Remember to always create a restoration point when adding, removing or making changes to your XP system.
Name it something relevant so that you can remember what it was that you did and why you saved it. It would make no sense to restore to a time that has nothing to do with the problem that you wish to resolve.

HTH,
Armando

Bull Joke
Two farmers at the feed store were discussing the local
election for tax collector.

One of the candidates was named Harkins, who was also the
operator of the drawbridge over the local river.

"You gonna vote for Harkins?" the first farmer asked.

"No, I don't think so," the other replied.

"Why not?" the first farmer asked.

"Well, you remember that prize bull I used to have? One day I
looked in the barn and there's that bull lying down actin'
strange. So I asked the vet and he gave me some medicine,
and he said it had to be put in the bull's rectum.

"I took the medicine home but I couldn't find a funnel. So I
seen this old army bugle hangin' on a nail in the barn and I
used that.

"Only problem was that before I could get that bugle out, my
bull passed some gas and made a loud toot on that bugle.

"Well sir, that scared my bull somethin' awful and he busted out
of the stall, made another toot, then busted through the fence
and went runnin' down the road.

"He went down the road, runnin' and tootin' towards the bridge
that Harkins runs. That foolish old man opened the bridge, and
my bull ran across it, fell in the river and drowned.

"Now," the farmer said, "Do you think I could actually vote for a man
that's run that bridge for years, but don't know the difference
between a boat whistle, and a bull blowin' a bugle out his butt?"



-----Original Message-----
From: Juanita Kimble
Sent: Feb 25, 2007 9:05 PM
To: triadtechtalk@xxxxxxxxxxxxx
Subject: [triadtechtalk] Re: Hijackthis

???
The reason I ran hijackthis. I keep getting a popup from zone alarm iexplore.exe wants to moniter my computer and could also know every keystroke and mouse move. I think it might be genuine advantage from Microsoft update. It did say optional I installed it anyway. Should I go back and restore. Leave that off and see if I still get it?
 
Kind of liked your joke. Must be a real mean old horse!
 
Juanita
----- Original Message -----
Sent: Sunday, February 25, 2007 3:15 PM
Subject: [triadtechtalk] Re: Hijackthis

All seems O.K. but for
"Unknown 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess -"
when put through the grinder at
<http://www.hijackthis.de/>

Google has this to say about it when researched:
http://www.neuber.com/taskmanager/process/acroiehelper.dll.html

In conclusion, all is well, Juanita.

Armando
An Old Indian was asked what his wife's name was.
"Three Horse," he replied.                
"That's an unusual name, Three Horse.  What does it mean?"
"It's an old Indian name, means... Nag, Nag, Nag."
-----Original Message-----
From: Juanita Kimble
Sent: Feb 24, 2007 8:27 PM
To: triadtechtalk@xxxxxxxxxxxxx
Subject: [triadtechtalk] Hijackthis

Hi
Can someone read this and tell me if all are OK. What is the one with Groups international on it?
 
 
 
 
Logfile of HijackThis v1.99.1
Scan saved at 7:11:09 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Juanita\My Documents\Small Programs\hijackthis\hijackthis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telepak.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [jv16PT - Privacy Protector] C:\Program Files\jv16 PowerTools 2005\jv16PT.exe -ExecTask "C:\Program Files\jv16 PowerTools 2005\Tasks\_PrivacyProtector\Task.jvb"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139184716843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144004393109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
________________________________________
PeoplePC Online
A better way to Internet
http://www.peoplepc.com
VIEW ARCHIVES @ http://www.freelists.org UNSUBSCRIBE by sending email to triadtechtalk-request@xxxxxxxxxxxxx with unsubscribe in the Subject field. To VIEW/CHANGE your subscription status go to //www.freelists.org/webpage/triadtechtalk Contact List Owner - dbcfour@xxxxxxx

________________________________________
PeoplePC Online
A better way to Internet
http://www.peoplepc.com
VIEW ARCHIVES @ //www.freelists.org UNSUBSCRIBE by sending email to triadtechtalk-request@xxxxxxxxxxxxx with unsubscribe in the Subject field. To VIEW/CHANGE your subscription status go to //www.freelists.org/webpage/triadtechtalk Contact List Owner - dbcfour@xxxxxxx

Other related posts:

  1. Home
  2. triadtechtalk
  3. Archive
  4. 02-2007