Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections


  • This topic is locked This topic is locked
2 replies to this topic

#1 PunchMe

PunchMe

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 01 August 2007 - 01:51 PM

My wife's computer became infected a few days ago with WinAntiSpyware 2007. Trying to delete that program seems to have unleashed a bevy of malware programs on her computer that causes a bunch of popups and slow computer performance.

I have spent countless hours in safe mode running scans via AdAware, Spybot and others.

Nothing seems to eradicate the offending programs. However, I am holding them at bay for the moment.

So I want to turn this over to the pros and see what you suggest. :thumbsup:


My HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:15 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\fufuxulA.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {344C1CAE-A03C-AAE9-4960-FF8DBA2084B9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {CA8EB129-DCEB-48D7-B952-A5A522BFA7CA} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [fufuxulA] C:\WINDOWS\fufuxulA.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-529695778-515905948-64780581-1005\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\dico.html

--
End of file - 2992 bytes



Combofix Log

ComboFix 07-08-01.6 - "Brandi's brain" 2007-08-01 14:16:00.1 - NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\BRANDI~1\MYDOCU~1.\racle~1
C:\DOCUME~1\BRANDI~1\MYDOCU~1.\smante~1
C:\Program Files\MSN Gaming Zone\dico.html
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\crosof~1
C:\WINDOWS\csrss.exe
C:\WINDOWS\racle~1
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b06FdUe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F9
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G3\wr725.exe
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\ppiuufxm.exe
C:\WINDOWS\system32\souyxsdu.dll
C:\WINDOWS\system32\ssqonlm.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\yayxvvs.dll
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NWSAPAGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


2007-08-01 14:14 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 13:08 <DIR> d-------- C:\Program Files\movie maker
2007-08-01 06:40 577,536 --a------ C:\Notepad2.exe
2007-07-30 19:33 109,056 --a------ C:\VundoFix.exe
2007-07-30 18:41 125,504 --a------ C:\WINDOWS\system32\qakyslxc.dll
2007-07-30 18:38 1,734,032 ---hs---- C:\WINDOWS\system32\hjllm.bak2
2007-07-29 18:33 6,689 --a------ C:\WINDOWS\system32\ldcore.dll
2007-07-29 18:24 6,466 ---hs---- C:\WINDOWS\system32\hjllm.bak1
2007-07-29 18:23 228,960 --a------ C:\WINDOWS\system32\mlljh.dll.vir
2007-07-29 18:20 <DIR> d--hs---- C:\WINDOWS\QnJhbmRpJ3MgYnJhaW4
2007-07-29 18:18 576,352 -r-hs---- C:\WINDOWS\fufuxulA.exe
2007-07-29 18:18 31,254 --a------ C:\WINDOWS\system32\vtusstu.dll.vir
2007-07-13 22:51 <DIR> d-------- C:\DOCUME~1\BRANDI~1\APPLIC~1\Viewpoint
2007-07-08 21:13 <DIR> d-------- C:\notepad2
2007-07-07 08:43 3,932,160 --a------ C:\DOCUME~1\BRANDI~1\ntuser.dat
2007-07-04 16:18 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-07-04 15:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-02 18:57 <DIR> d-------- C:\VundoFix Backups
2007-07-01 21:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-01 21:25 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-01 20:10 <DIR> d-------- C:\Temp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 14:18 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-01 11:53 --------- d-------- C:\Program Files\Modem Helper
2007-08-01 11:53 --------- d-------- C:\Program Files\Messenger
2007-08-01 11:53 --------- d-------- C:\Program Files\Mad About Cats
2007-08-01 11:53 --------- d-------- C:\Program Files\GemMaster
2007-08-01 11:53 --------- d-------- C:\Program Files\Apoint
2007-08-01 07:22 366 --a------ C:\WINDOWS\system32\mhncache.dat
2007-07-29 18:18 --------- d-------- C:\Program Files\Movie Makerr
2007-07-12 21:28 4704 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-12 21:28 104 -r-hs---- C:\WINDOWS\system32\BBE04BCB40.sys
2007-07-10 19:26 --------- d-------- C:\Program Files\Online Services
2007-06-25 21:37 --------- d-------- C:\Program Files\Yahoo! Games
2007-06-25 09:54 53248 --a------ C:\WINDOWS\uni_eh44.exe
2007-06-25 09:53 53248 --a------ C:\WINDOWS\uninst1014.exe
2007-06-07 22:16 --------- d-------- C:\DOCUME~1\BRANDI~1\APPLIC~1\Sandlot Games
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-01-02 18:59 774144 --a------ C:\Program Files\RngInterstitial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{344C1CAE-A03C-AAE9-4960-FF8DBA2084B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA8EB129-DCEB-48D7-B952-A5A522BFA7CA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"fufuxulA"="C:\WINDOWS\fufuxulA.exe" [1989-12-12 10:10]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 07:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN Gaming Zone\dico.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brandi's brain^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Brandi's brain\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fufuxulA]
C:\WINDOWS\fufuxulA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rnienc]
C:\WINDOWS\??crosoft\services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uaol]
"C:\PROGRA~1\SCURIT~1\arpa.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{55-5A-AC-C1-ZN}]
c:\windows\system32\qodsregl.exe SKY009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Wmi"=2 (0x2)
"winmgmt"=2 (0x2)
"TrkWks"=2 (0x2)
"TapiSrv"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SENS"=2 (0x2)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NwSapAgent"=2 (0x2)
"NtLmSsp"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"MSDTC"=2 (0x2)
"MHN"=2 (0x2)
"McrdSvc"=2 (0x2)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EvtEng"=2 (0x2)
"EventSystem"=2 (0x2)
"Eventlog"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"CryptSvc"=3 (0x3)
"CiSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Uaol"="C:\PROGRA~1\SCURIT~1\arpa.exe" -vt yazb
"Rnienc"=C:\WINDOWS\??crosoft\services.exe
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"{55-5A-AC-C1-ZN}"=c:\windows\system32\qodsregl.exe SKY009
"fufuxulA"=C:\WINDOWS\fufuxulA.exe
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"Salestart"="C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-08-01 17:39:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 14:19:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-01 14:21:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-01 14:21

--- E O F ---



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:08 PM

Posted 01 August 2007 - 06:05 PM

Hi,

When dealing with malware, a first thing that should be done is to install at least an Antivirus.
Not having Antivirus software and a Firewall is somewhat suicidal in today's digital world.
That's why I want you to install them first.

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls

Reboot your computer afterwards.
After reboot, perform a full scan with your Antivirus and let it remove anything it is finding. Then reboot once again in order to delete files that were in use previously.

Post a new HijackThislog and a new Combofixlog (so rescan with Combofix as well) in your next reply - then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

By the way, is there any reason why you disabled all these services via msconfig?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Wmi"=2 (0x2)
"winmgmt"=2 (0x2)
"TrkWks"=2 (0x2)
"TapiSrv"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SENS"=2 (0x2)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NwSapAgent"=2 (0x2)
"NtLmSsp"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"MSDTC"=2 (0x2)
"MHN"=2 (0x2)
"McrdSvc"=2 (0x2)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EvtEng"=2 (0x2)
"EventSystem"=2 (0x2)
"Eventlog"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"CryptSvc"=3 (0x3)
"CiSvc"=3 (0x3)

Are you actually aware what you disabled? They are all legit Microsoft services. If you disable them,you may have a lot of problems.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:08 PM

Posted 16 August 2007 - 01:01 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users