View Full Version : Help me and my computer
maythemonth
2006-10-07, 00:53
Hi there.
Basically my poor computer has been infected a couple of times but viruses and i thought most of it had cleared up but i've been having lots of problems.
Spybot is still working to get rid of any spyware and i have AVG which occasionally pops up to tell me of some infected file but i know there is more going on as i have adaware as well and that now causes the blue screen of death everytime i try to update it. Windows defender refuses to work on my computer and my security updates refuse to recognise that the automatic updates are working.
I also keep getting all the time WinAntiVirus pro or whatever coming up. At first it was just in IE so i got Firefox. but now its started to invade Firefox as well and i'm stumped.
Any advice, help or fixes would be greatly appreciated!
May
shelf life
2006-10-07, 16:09
hi maythemonth,
first thing is to post a hjt log after you run ewido (see below)
4) HiJackThis log
* Downloads:
* Please make sure you have the latest version. HJT 1.99.1
* http://www.downloads.subratam.org/hijackthis.zip
* If you are unfamiliar with zip programs get HijackThis.exe here:
* http://www.merijn.org/files/HijackThis.exe
* First put hijackthis into a permanent folder.
* Do this first - go to C: and create a new permanent folder.
Example C:\AntiSpyWare or C:\hijackthis
* This is necessary to ensure you have backups should anything go wrong.
* Then put (or download - choose "save" not "run") the hijackthis.exe file in this folder.
If you downloaded a zipped HJT file unzip it to the permanent folder so you have C:\hijackthis\hijackthis.exe.
* Example of the wrong way:
C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory for hijackthis.zip\HijackThis.exe
* Running hjt from the wrong folder may delay assistance as your helper will have to ask for a new log
* Double click HijackThis.exe.
* Hit None Of The Above, just start the program.
* Hit Scan.
* When the scan is finished, the "Scan" button will change into a "Save Log" button.
* Click that, save the log somewhere, and copy/paste into your own new topic
a) The HJT log
b) The on-line Anti Virus scan log/report
---------------------------------------------------------
if windows defender/ad aware are causing problems dont use them to scan with just yet.
----------------------------
download, install update and run ewido (avg) anti spyware:
Download the trial version of AVG Anti-Spyware 7.5 (formerly ewido anti-spyware 4.0) from here:
http://www.ewido.net/en/download/
* Install AVG Anti-Spyware
* The program will now go to the main screen.
You will need to update AVG Anti-Spyware to the latest definition files.
* On the left-hand side of the main screen click the Update Button.
* Click on Start.
The update will start and a progress bar will show the updates being installed.
* Click on Scanner
* Click on Complete System Scan to start the scan process.
* Let the program scan the machine, it may take some time.
* AVG Anti-Spyware will list any infections found on the left hand side.
* When the scan has finished, it will automatically set the recommended action. Click "Apply all actions" AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
* Click OK.
When the scan finishes click on "Save Report", then "Save Report As". This will create a text file.
Save the report to your Desktop.
Close AVG Anti-Spyware
scan with hjt and post the log in your next reply please.
shelf life
maythemonth
2006-10-09, 01:19
Hi there,
right this is the hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:16:58 AM, on 10/9/2006
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows
Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows
Defender\MSASCui.exe
C:\Program Files\BroadJump\Client
Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\Motive
SB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program
Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Creative\MediaSource\Detector\CTDe
tect.exe
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpobnz08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.ex
e
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hposol08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.ex
e
C:\WINDOWS\system32\RAMASST.exe
C:\Program
Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.e
xe
C:\Program Files\ntl\broadband
medic\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN
Client\cvpnd.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program
Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\1XConfig.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.ucl.ac.uk/
R1 -
HKCU\Software\Microsoft\Windows\CurrentV
ersion\Internet Settings,ProxyOverride =
127.0.0.1
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.ex
e,C:\WINDOWS\system32\ati3ator.exe,C:\Do
cuments and Settings\may li\Application
Data\Explorer\ati3ator.exe,C:\Documents
and Settings\may li\Application
Data\Explorer\iaspji_1.exe
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program
Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Share-to-Web
Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe]
"C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [CPQHotkeys]
hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper]
cthelper.exe
O4 - HKLM\..\Run: [Remote Explorer]
C:\WINDOWS\system32\ati3ator.exe
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [Windows Defender]
"C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program
Files\BroadJump\Client
Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\Motive
SB.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper]
"C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program
Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [CPQHotkeys]
hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper]
cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTHelper]
cthelper.exe
O4 - HKCU\..\Run: [CPQHotkeys]
hotkeysvc.exe
O4 - HKCU\..\Run: [Creative Detector]
C:\Program
Files\Creative\MediaSource\Detector\CTDe
tect.exe /R
O4 - HKCU\..\Run: [Remote Explorer]
C:\WINDOWS\system32\ati3ator.exe
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EX
E" -quiet
O4 - HKCU\..\RunServices: [CPQHotkeys]
hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper]
cthelper.exe
O4 - Global Startup: Adobe Reader Speed
Launch.lnk = C:\Program
Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk
= C:\Program Files\ntl\broadband
medic\bin\matcli.exe
O4 - Global Startup: Cisco Systems VPN
Client.lnk = C:\Program Files\Cisco
Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 2000
Series.lnk = C:\Program
Files\Hewlett-Packard\Digital
Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office
OneNote 2003 Quick Launch.lnk =
C:\Program Files\Microsoft
Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft
Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk
= ?
O4 - Global Startup: RAMASST.lnk =
C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCE
L.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program
Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java
Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program
Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D
LL
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.ex
e
O9 - Extra 'Tools' menuitem: Yahoo!
Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.ex
e
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.windowsupdate.com
O16 - DPF:
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/06ab00e87249
d9c91620/netzip/RdxIE601.cab
O16 - DPF:
{5F8469B4-B055-49DD-83F7-62B522420ECC}
(Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Face
bookPhotoUploader.cab
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.microsoft.com/microsoftupd
ate/v6/V5Controls/en/x86/client/muweb_si
te.cab?1143144343743
O16 - DPF:
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/
as5free/asinst.cab
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file
missing)
O21 - SSODL: Remote Browser -
{10329655-1BA8-4F33-84E4-0863A20CA7B2} -
C:\WINDOWS\system32\kbdpenum.dll (file
missing)
O23 - Service: AVG Anti-Spyware Guard -
Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server
(Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.ex
e
O23 - Service: AVG7 Update Service
(Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.ex
e
O23 - Service: ConfigFree Service
(CFSvcs) - TOSHIBA CORPORATION -
C:\Program
Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for
CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN
Service (CVPND) - Cisco Systems, Inc. -
C:\Program Files\Cisco Systems\VPN
Client\cvpnd.exe
O23 - Service: DVD-RAM_Service -
Matsushita Electric Industrial Co., Ltd.
- C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple
Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper
(NipSvc) - Unknown owner -
C:\NORMAN\Nvc\BIN\nipsvc.exe (file
missing)
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel
Corporation -
C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor
(S24EventMonitor) - Intel Corporation -
C:\WINDOWS\System32\S24EvMon.exe
shelf life
2006-10-09, 02:35
hi maythemonth,
lets try this: first make sure files are set to show:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
-----------------------
next boot computer into safe mode. you reach safe mode by tapping the f8 key during a computer restart, chose the first option from the list safe mode. might want to copy/paste the rest of this into notepad and save it so you can find it in safe mode.
see if you can locate and delete these files:
ati3ator.exe located here:
C:\WINDOWS\system32 and here:
C:\Documents and settings\may li\application data\explorer\ati3ator.exe
iaspji_1.exe located here:
C:\Documents and Settings\may li\ApplicationData\Explorer
while in safe mode also run ewido again and save the log somewhere.
reboot normally, rescan with hjt and post a new hjt log and the saved ewido log please.
shelf life
maythemonth
2006-10-09, 22:27
right...
I did as you said but i couldnt find the files you were asking for
I found ati3ator.ocx in c:\\Windows\system32
but didnt find anything in c:\documents and settings\may li\application data\explorer
below is the hijackthis log and the ewido scan log
Logfile of HijackThis v1.99.1
Scan saved at 9:24:44 PM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucl.ac.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ati3ator.exe,C:\Documents and Settings\may li\Application Data\Explorer\ati3ator.exe,C:\Documents and Settings\may li\Application Data\Explorer\iaspji_1.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [Remote Explorer] C:\WINDOWS\system32\ati3ator.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Remote Explorer] C:\WINDOWS\system32\ati3ator.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06ab00e87249d9c91620/netzip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143144343743
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: Remote Browser - {10329655-1BA8-4F33-84E4-0863A20CA7B2} - C:\WINDOWS\system32\kbdpenum.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:14:47 PM 10/9/2006
+ Scan result:
C:\WINDOWS\system32\awvvw.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\iifcc.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\oppml.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\temp.exe -> Adware.WinAD : Ignored.
C:\Documents and Settings\may li\Local Settings\Temp\mmjguohp.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025660.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025661.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025662.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025663.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025664.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025665.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025666.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025667.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025668.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP471\A0025669.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\knacqtwc.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.
:mozilla.127:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.128:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.101:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.102:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.100:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.104:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.105:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.19:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.62:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.37:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.198:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.199:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.200:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.241:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.165:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.44:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.54:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.55:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.129:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.130:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.131:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.113:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.243:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.169:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.89:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.90:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.91:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.122:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.265:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.168:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.42:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.39:C:\Documents and Settings\may li\Application Data\Mozilla\Firefox\Profiles\grnvflzy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
shelf life
2006-10-10, 02:27
hi maythemonth,
ok thanks for the info.
I found ati3ator.ocx in c:\\Windows\system32
you deleted it?
try this:
VundoFix by Atri
Please download VundoFix.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=4
* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
---------------------------------------------------
shelf life
maythemonth
2006-10-11, 12:04
yes i did delete it
hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 1:11:47 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucl.ac.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ati3ator.exe,C:\Documents and Settings\may li\Application Data\Explorer\ati3ator.exe,C:\Documents and Settings\may li\Application Data\Explorer\iaspji_1.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\gtwusqfh.dll (file missing)
O2 - BHO: (no name) - {E65BB172-22D0-4B82-B4BB-BFB1A4C1BF8A} - C:\WINDOWS\security\Database\acbbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [Remote Explorer] C:\WINDOWS\system32\ati3ator.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Remote Explorer] C:\WINDOWS\system32\ati3ator.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06ab00e87249d9c91620/netzip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143144343743
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O21 - SSODL: Remote Browser - {10329655-1BA8-4F33-84E4-0863A20CA7B2} - C:\WINDOWS\system32\kbdpenum.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
vundo fix
VundoFix V6.2.1
Checking Java version...
Java version is 1.4.2.3
Java version is 1.5.0.9
Scan started at 12:34:33 PM 10/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\iifcc.dll
C:\WINDOWS\system32\oppml.dll
C:\WINDOWS\system32\howfyccn.exe
C:\WINDOWS\security\Database\acbbar.dll
C:\WINDOWS\security\Database\rabbca.ini
C:\WINDOWS\security\Database\rabbca.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\awvvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifcc.dll
C:\WINDOWS\system32\iifcc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oppml.dll
C:\WINDOWS\system32\oppml.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\howfyccn.exe
C:\WINDOWS\system32\howfyccn.exe Has been deleted!
Attempting to delete C:\WINDOWS\security\Database\acbbar.dll
C:\WINDOWS\security\Database\acbbar.dll Could not be deleted.
Attempting to delete C:\WINDOWS\security\Database\rabbca.ini
C:\WINDOWS\security\Database\rabbca.ini Has been deleted!
Attempting to delete C:\WINDOWS\security\Database\rabbca.bak2
C:\WINDOWS\security\Database\rabbca.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.1
Checking Java version...
Java version is 1.4.2.3
Java version is 1.5.0.9
Scan started at 12:42:50 PM 10/10/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.2.1
Checking Java version...
Java version is 1.4.2.3
Java version is 1.5.0.9
Scan started at 12:56:55 PM 10/10/2006
Listing files found while scanning....
C:\WINDOWS\security\Database\acbbar.dll
C:\WINDOWS\security\Database\rabbca.ini
C:\WINDOWS\security\Database\rabbca.bak1
C:\WINDOWS\security\Database\rabbca.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\security\Database\acbbar.dll
C:\WINDOWS\security\Database\acbbar.dll Has been deleted!
Attempting to delete C:\WINDOWS\security\Database\rabbca.ini
C:\WINDOWS\security\Database\rabbca.ini Has been deleted!
Attempting to delete C:\WINDOWS\security\Database\rabbca.bak1
C:\WINDOWS\security\Database\rabbca.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
shelf life
2006-10-12, 01:55
hi maythemonth
good.
scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ati3ator.exe,C:\Documents and Settings\may li\Application Data\Explorer\ati3ator.exe,C:\Documents and Settings\may li\Application Data\Explorer\iaspji_1.exe
O21 - SSODL: Remote Browser - {10329655-1BA8-4F33-84E4-0863A20CA7B2} - C:\WINDOWS\system32\kbdpenum.dll (file missing)
hows it looking on that end? please rescan with hjt and post a new log.
shelf life
maythemonth
2006-10-12, 02:33
right i got rid of those things in hijacklog like you asked
and this is the latest update from HJT
Logfile of HijackThis v1.99.1
Scan saved at 1:32:40 AM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucl.ac.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\gtwusqfh.dll (file missing)
O2 - BHO: (no name) - {E65BB172-22D0-4B82-B4BB-BFB1A4C1BF8A} - C:\WINDOWS\security\Database\acbbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [Remote Explorer] C:\WINDOWS\system32\ati3ator.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Remote Explorer] C:\WINDOWS\system32\ati3ator.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06ab00e87249d9c91620/netzip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143144343743
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
shelf life
2006-10-14, 02:46
hi maythemonth,
sorry for delay. that last log looks ok. hows it looking on that end?
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Glad we could help, thank you shelf life.