Hijack This log results - Please help

Author	All Replies
quasireal Premium join:2003-01-26 Los Angeles, CA	Hijack This log results - Please help Logfile of HijackThis v1.97.7 Scan saved at 8:03:24 AM, on 3/26/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\crypserv.exe C:\PROGRA~1\NavNT\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\NavNT\Rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\Explorer.Exe C:\WINNT\system32\atiptaxx.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\NavNT\vptray.exe C:\WINNT\system32\PwsTray.exe C:\WINNT\ds64Czxf.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINNT\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINNT\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\awashington\My Documents\downloads\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.117.182.193:80 R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) F0 - system.ini: Shell=C:\WINNT\Explorer.Exe, F2 - REG:system.ini: Shell=C:\WINNT\Explorer.Exe, O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [PWSTray] PwsTray.exe O4 - HKLM\..\Run: [pV18] C:\WINNT\ds64Czxf.exe O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\AWASHI~1\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe O4 - Startup: Shortcut to Microsoft Outlook.lnk = ? O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: DO Maping.bat O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http: //office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http: //download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http: //toolbar.isearch.com/general/req.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http: //download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http: //office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http: //a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http: //a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http: //support.gateway.com/support/serialharvest/gwCID.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http: //v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37462.6138194444 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http: //download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http: //www.bundleware.com/activeX/DS3/DS3.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https: //businessprotection.webex.com/client/latest/webex/ieatgpc.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http: //support2.sl-tech.net/xupload/XUpload.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AD.CUSD O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AD.CUSD O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AD.CUSD Additionally, Ad-Aware and Spybot S&D found the following respectively: Troj Istbar.N istsvc[1].exe Roings HKEY.LOCAL_MACHINE:software\roimoi In a recent AV scan, the following was found: download.trojan I thank you in advance for any assistance. -- Quazireal* All of life is learning *
	to forum · permalink · · 2004-03-26 12:04:05 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	I am suspicious of this entry, as I can find nothing on it at all. O4 - HKLM\..\Run: [pV18] C:\WINNT\ds64Czxf.exe -- Better to remain silent and be thought a fool, than to speak and remove all doubt.
	to forum · permalink · · 2004-03-26 12:18:19 ·
atangel Now What?? Premium join:2002-02-18 Bronx, NY	It's kinda funny looking too.... quasireal, you mention "recent" scans. Have you done any immediately prior to running HiJack. If not, you may want to do that first. Online AV scans (I see in your HiJack you've done them before, but), downloaded, updated, and run an Anit-trojan? etc. Pretty much, everything laid out in »Security »I think my computer is infected or hijacked. What should I do? -- The reason you think I'm way on the left is 'cause you're so far to the right. Dell Dimension, XP Pro, 2.4 Ghz, 512MB, BEFSX41, ZAP 4.5, NOD32, BOClean, Adaware, Spybot, MW Pro, The Bat!
	to forum · permalink · · 2004-03-26 12:23:44 ·
quasireal Premium join:2003-01-26 Los Angeles, CA	Yes the antivirus scans took place at the end of the day Tuesday, 3/24/04. I was absent for two days and then ran Hijack This this morning. -- Quazireal* All of life is learning *
	to forum · permalink · · 2004-03-26 12:45:05 ·
quasireal Premium join:2003-01-26 Los Angeles, CA	reply to John2g John2g, Based upon your suspicions, what do you recommend I do next? -- Quazireal* All of life is learning *
	to forum · permalink · · 2004-03-26 12:48:48 ·
Tablet Premium join:2003-01-15 Czech 4 edits	reply to quasireal Check this entry and select fix in HijackThis.. O4 - HKLM\..\Run: [pV18] C:\WINNT\ds64Czxf.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://businessprotection.webex.com/client/latest/webex/ieatgpc.cab The latter is adware detected by KAV as AdvWare.WebEx
	to forum · permalink · · 2004-03-26 12:52:23 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	reply to quasireal I think this need fixing by HJT as well O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http: //toolbar.isearch.com/general/req.cab -- Better to remain silent and be thought a fool, than to speak and remove all doubt.
	to forum · permalink · · 2004-03-26 13:25:44 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	reply to quasireal When you have followed Tablet s advice, you should be able to delete this file C:\WINNT\ds64Czxf.exe -- Better to remain silent and be thought a fool, than to speak and remove all doubt.
	to forum · permalink · · 2004-03-26 13:28:38 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL 2 edits	reply to quasireal Wait on that fix on iSearch, please. Run Adaware first - it handles it properly so that you do not lose your Toolbar and address bar in IE. (HijackThis fix on iSearch bar misses getting that one right) Download Adaware (get the free edition) »www.lavasoft.de/software/adaware/ (choose download from the lefthand menu) Go to: Select Full Install and choose the download location of your choice (1.7mb) Choose Download from »fileforum.betanews.com/detail.ph···65718306 --easiest After download and installing first, please update the program. The latest Reference file you should see loaded is 01R275 25.03.2004 Just open Adaware and click on Check for Updates Now and then Connect. It will find a new reference-file. Click ok and let it download and install the updates by clicking on Finish .This will return you to the main screen. Then press the Start button to begin the scan of your system. Let it fix what it finds (Adaware will checkmark the bad items for you so you can just then remove them) Reboot your PC after cleaning with Adaware and scan again. Repeat the process until no further items are found as bad. Then, Scan again with HijackThis and post a new log, please
	to forum · permalink · · 2004-03-26 13:44:23 ·
quasireal Premium join:2003-01-26 Los Angeles, CA	Happy Belated, CJ!! It looks like I was a little too ambitious and have already used Hijack This to fix the iSearch item (blind faith in you guys here at BBR!) I am re-running AdAware and will post a new Hijack log shortly. -- Quazireal* All of life is learning *
	to forum · permalink · · 2004-03-26 13:52:06 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	There is an option in HJT to re-install deleted entries.
	to forum · permalink · · 2004-03-26 13:55:53 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to quasireal Adaware may be able to fix it with a new update and scan. The problem with iSearch bar and fixing in HJT was found just in the last few days. I know of an uninstaller available from iSearch as well (but I don't trust it as well as Adaware's fix) -- It takes a disaster to make a woman out of a female Gladiator Security Forum
	to forum · permalink · · 2004-03-26 14:01:20 ·
quasireal Premium join:2003-01-26 Los Angeles, CA	reply to quasireal Thank you all for your advice and help. This PC has been running trouble free for a couple of days now. For comparative purposes, the latest Hijack This log follows: Logfile of HijackThis v1.97.7 Scan saved at 9:07:28 AM, on 3/30/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\crypserv.exe C:\PROGRA~1\NavNT\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\NavNT\Rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\atiptaxx.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\NavNT\vptray.exe C:\WINNT\system32\PwsTray.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINNT\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\awashington\My Documents\downloads\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »my.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.microsoft.com/isapi/redir.dl···&ar=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »www.microsoft.com/isapi/redir.dl···iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.microsoft.com/isapi/redir.dl···=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »www.microsoft.com/isapi/redir.dl···iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.117.182.193:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [PWSTray] PwsTray.exe O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\AWASHI~1\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: DO Maping.bat O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - »office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···wdir.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - »office.microsoft.com/officeupdat···opuc.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1540.g.akamai.net/7/1540/52/200···ller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - »a840.g.akamai.net/7/840/537/2003···an53.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - »support.gateway.com/support/seri···wCID.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···38194444 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - »www.bundleware.com/activeX/DS3/DS3.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - »support2.sl-tech.net/xupload/XUpload.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AD.CUSD O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AD.CUSD O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AD.CUSD -- Quazireal* All of life is learning *
	to forum · permalink · · 2004-03-30 12:19:46 ·
Lappen join:2000-12-07 sweden ·Bredbands Bolaget 1 edit	Hmm this line quote: O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - »www.bundleware.com/activeX/DS3/DS3.cab Is look2me... Remove that line in HJT and then reboot Please also open IE, paste the following into the address line and click Go: javascript:navigator.userAgent You should get a one line result, copy and paste that result here.
	to forum · permalink · · 2004-03-30 16:22:31 ·
quasireal Premium join:2003-01-26 Los Angeles, CA	Thanks for the "heads-up" I thought the computer was clean. Here's the results of the javascript command: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; {D536EA39-ABF7-4A5D-9220-E975411EBC6E}; .NET CLR 1.1.4322) -- Quazireal* All of life is learning *
	to forum · permalink · · 2004-03-30 18:57:33 ·
Ctrl Alt Del Premium join:2002-02-18	reply to quasireal These three I'm not sure about... said by quasireal : O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\AWASHI~1\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe" O4 - Global Startup: DO Maping.bat I'd go to the system32 folder and see what 3cmlink.exe is. Also, the auto_update_loader.exe just smells foul. No software I know keeps anything important in the Temp folder, now have it run on startup. Even the same smells nasty. I'd go to that Temp folder and empty the whole folder out, especially that auto_update_loader.exe. I'm 99% sure this is malware. DO Maping.bat... find that file, right click on it, and select Edit to view inside the file. Might be fine, but I'd see what it is. -- The day after tomorrow. Where will you be?
	to forum · permalink · · 2004-03-30 19:25:30 ·
Lappen join:2000-12-07 sweden ·Bredbands Bolaget	reply to quasireal Re: Hijack This log results - Please help Hi again quasireal! You seem to have been infected by Look2Me. Please go to this page and follow the instructions. »www10.brinkster.com/expl0iter/fr···g121.htm After that reboot and run a new HJT log and post it here. Also please describe how your computer behavs. -- I can also be found at the SWI Forums as Lappen
	to forum · permalink · · 2004-03-31 00:52:10 ·
quasireal Premium join:2003-01-26 Los Angeles, CA	reply to Ctrl Alt Del Thanks for the review. The 3cmlink.exe is a driver for 3Com's modem. Oddly enough, this computer has never been connected via modem. When looking into the auto_update_loader executable issue, I find nothing in the directory listed in the HJT log. Could this be a terminate-stay resident of some sort? Finally, DO Maping.bat is a batch program that I wrote to map my network drives. It is harmless. -- Quazireal* All of life is learning *
	to forum · permalink · · 2004-03-31 13:55:55 ·


Wednesday, 25-Nov 23:39:31	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF