Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Virus/IE Redirect Issues AFTER Destructive Recovery


  • This topic is locked This topic is locked
2 replies to this topic

#1 ChrisR67

ChrisR67

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 26 September 2010 - 11:09 AM

Hello, I am new to Bleeping Computer. Thanks for taking time to help. I am using Windows XP Home Edition 2002 (SP2) on a Compaq Presario V2000 Laptop, circa 2007. A couple of weeks ago, it was infected by a virus or malware that causes redirect from the IE and Mozilla Search Bar (the one up by the Browser Bar). Searches are OK straight from Google and other search pages.

Also, I was getting frequent svchost.exe errors, and an Error Box about Gen Windows Services 32 has encountered an error and must shut down. When that shut down, I lost USB Port functionality and sound.

PLUS, I got a popup for a Fake Spyware removal program.

Scanned with Malaware Bytes and Ad-Aware, found and cleaned a few things, then nothing. Problem persisted.

As last resort, did the Destructive Recovery from the Compaq D Drive.

And, I still have issues. Still have the redirect. So far, have not has a svchost.exe error.

Cannot get to Windows Update web page to load.

Downloaded and ran ComboFix. Log says it found Rootkit activity. Log posted below.

Still have the issues after running ComboFix.

Any thoughts?

Thanks,

Chris

ComboFix 10-09-25.07 - Family 09/26/2010 11:17:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.1037 [GMT -4:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000110_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-26 15:06 . 2006-09-01 19:53 110592 ----a-w- c:\documents and settings\Family\Application Data\U3\temp\cleanup.exe
2010-09-26 15:05 . 2006-10-04 18:21 3072000 ---ha-w- c:\documents and settings\Family\Application Data\U3\temp\Launchpad Removal.exe
2010-09-26 15:05 . 2010-09-26 15:06 -------- d-----w- c:\documents and settings\Family\Application Data\U3
2010-09-26 15:04 . 2004-08-04 03:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-26 14:38 . 2010-09-26 14:38 -------- d-----w- c:\documents and settings\Family\Application Data\Malwarebytes
2010-09-26 14:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-26 14:38 . 2010-09-26 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 14:38 . 2010-09-26 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-26 14:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-26 14:28 . 2010-09-26 14:28 -------- d-----w- c:\program files\Belkin
2010-09-26 00:05 . 2010-09-26 00:05 -------- d-sh--w- c:\documents and settings\Family\UserData
2010-09-26 00:00 . 2010-09-26 00:00 -------- d-----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
2010-09-25 23:28 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-25 23:26 . 2004-08-04 08:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-09-25 23:19 . 2004-08-04 13:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2010-09-25 23:19 . 2004-08-04 13:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2010-09-25 23:19 . 2004-08-04 13:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2010-09-25 23:19 . 2004-08-04 13:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2010-09-25 21:59 . 2010-09-25 21:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-25 21:48 . 2010-09-25 21:48 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-25 21:48 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-25 21:48 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-25 21:48 . 2010-09-25 21:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-25 21:47 . 2010-09-25 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-25 21:47 . 2010-09-25 21:47 -------- d-----w- c:\program files\Lavasoft
2010-09-25 21:22 . 2010-09-25 21:22 -------- d-sh--w- c:\documents and settings\Family\IECompatCache
2010-09-25 21:21 . 2010-09-25 21:21 -------- d-sh--w- c:\documents and settings\Family\PrivacIE
2010-09-25 21:21 . 2010-09-25 21:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-25 21:18 . 2010-09-25 21:18 -------- d-sh--w- c:\documents and settings\Family\IETldCache
2010-09-25 21:14 . 2010-09-25 21:15 -------- dc-h--w- c:\windows\ie8
2010-09-25 21:13 . 2010-09-25 22:19 -------- d-----w- c:\program files\Microsoft
2010-09-25 21:12 . 2010-09-25 21:16 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-25 21:08 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 23:58 . 2006-04-20 05:28 -------- d-----w- c:\program files\Quicken
2010-09-25 23:28 . 2010-09-25 23:24 61752 ----a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-25 23:28 . 2010-09-25 23:24 129 ----a-w- c:\documents and settings\Family\Local Settings\Application Data\fusioncache.dat
2010-09-25 23:25 . 2010-09-25 23:25 814 ----a-w- c:\windows\system32\drivers\OCA_LOG.TXT
2010-09-25 23:18 . 2006-04-20 05:07 -------- d-----w- c:\program files\HPQ
2010-09-25 22:53 . 2006-04-20 05:34 -------- d-----w- c:\program files\WildTangent
2010-09-25 22:53 . 2006-04-20 05:31 -------- d-----w- c:\program files\Synaptics
2010-09-25 22:53 . 2006-04-20 05:28 -------- d-----w- c:\program files\Sonic
2010-09-25 22:52 . 2006-04-20 05:27 -------- d-----w- c:\program files\Quickensetup
2010-09-25 22:49 . 2006-04-20 05:53 -------- d-----w- c:\program files\Netscape
2010-09-25 22:49 . 2006-04-20 05:58 -------- d-----w- c:\program files\music_now
2010-09-25 22:49 . 2006-04-20 05:57 -------- d-----w- c:\program files\muvee Technologies
2010-09-25 22:49 . 2006-04-20 05:25 -------- d-----w- c:\program files\MSN Encarta Plus
2010-09-25 22:49 . 2006-04-20 05:26 -------- d-----w- c:\program files\Microsoft Works
2010-09-25 22:48 . 2006-04-20 05:58 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2010-09-25 22:48 . 2006-04-20 03:52 -------- d-----w- c:\program files\microsoft frontpage
2010-09-25 22:48 . 2006-04-20 06:18 -------- d-----w- c:\program files\Java
2010-09-25 22:47 . 2006-04-20 05:58 -------- d-----w- c:\program files\HP Rhapsody
2010-09-25 22:47 . 2006-04-20 05:40 -------- d-----w- c:\program files\HP
2010-09-25 22:46 . 2006-04-20 05:19 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-25 22:45 . 2006-04-20 05:52 -------- d-----w- c:\program files\Google
2010-09-25 22:45 . 2006-04-20 05:30 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-09-25 22:45 . 2006-04-20 03:55 -------- d-----w- c:\program files\CONEXANT
2010-09-25 22:45 . 2006-04-20 05:29 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-09-25 22:45 . 2006-04-20 05:28 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-09-25 22:45 . 2006-04-20 05:57 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-09-25 22:44 . 2006-04-20 06:02 -------- d-----w- c:\program files\Common Files\LightScribe
2010-09-25 22:44 . 2006-04-20 06:18 -------- d-----w- c:\program files\Common Files\Java
2010-09-25 22:44 . 2006-04-20 05:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-25 22:44 . 2006-04-20 05:40 -------- d-----w- c:\program files\Common Files\HP
2010-09-25 22:44 . 2006-04-20 05:02 -------- d-----w- c:\program files\ATI Technologies
2010-09-25 22:44 . 2006-04-20 05:05 -------- d-----w- c:\program files\AMD
2010-09-25 22:41 . 2010-09-25 23:24 -------- d-----w- c:\documents and settings\Family\Application Data\Intuit
2010-09-25 22:40 . 2006-04-20 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-09-25 22:40 . 2006-04-20 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-09-25 22:40 . 2006-04-20 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2010-09-25 22:40 . 2006-04-20 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-09-25 22:40 . 2006-04-20 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-09-25 22:40 . 2006-04-20 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi
2010-09-25 22:40 . 2006-04-20 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-09-25 22:40 . 2006-04-20 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-09-25 22:24 . 2006-04-20 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-25 22:24 . 2006-04-20 05:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-25 22:05 . 2006-04-20 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/25/2010 5:48 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2010-09-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 11:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????.????|?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8994CC76]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf72f87b4
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x805780c2
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x805780c2
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-26 11:27:54
ComboFix-quarantined-files.txt 2010-09-26 15:27

Pre-Run: 19,646,877,696 bytes free
Post-Run: 19,651,293,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0083AA8E6DB35DECCD0EEB27B685F5B5

I decided to go ahead and run a HiJack This Log, as I know that is often helpful. Downloaded the file. And, could NOT run it until I rebooted. Here is my HiJack this log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:06 PM, on 9/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Family\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1285448853336
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1285448816774
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 5423 bytes

EDIT: Posts merged ~BP

Edited by Budapest, 26 September 2010 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 ChrisR67

ChrisR67
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 28 September 2010 - 11:13 PM

Did Total wipe, reformat, reinstall. No help needed. THanks

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 28 September 2010 - 11:20 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users