Jump to content

Infected? Please help & Thank you!


Recommended Posts

When i run MalwareBytes program is says 'Run time error '0' then Runtime error 440 and exits

I ran OTL and here is what i got.

OTL logfile created on: 2/6/2011 8:05:00 PM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:Documents and SettingsaMy DocumentsDownloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 233.75 Gb Total Space | 61.39 Gb Free Space | 26.26% Space Free | Partition Type: NTFS

Drive D: | 542.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CENTER | User Name: a | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/06 20:02:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsaMy DocumentsDownloadsOTL.exe

PRC - [2010/04/16 10:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

PRC - [2009/03/20 13:36:42 | 001,133,056 | ---- | M] (ARM Software) -- C:Program FilesARM SoftwareMacroMakerMacroMaker.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2006/08/03 07:12:36 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:WINDOWSsoundman.exe

PRC - [2006/04/02 15:20:16 | 000,733,184 | ---- | M] () -- C:Program FilesSynergysynergys.exe

========== Modules (SafeList) ==========

MOD - [2011/02/06 20:02:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsaMy DocumentsDownloadsOTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:WINDOWSWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202comctl32.dll

MOD - [2006/04/02 15:20:00 | 000,024,576 | ---- | M] () -- C:Program FilesSynergysynrgyhk.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 10:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WINDOWSMicrosoft.NETFrameworkv4.0.30319aspnet_state.exe -- (aspnet_state)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WINDOWSMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:WINDOWSMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:WINDOWSMicrosoft.NETFrameworkv4.0.30319SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe -- (YahooAUService)

SRV - [2006/04/02 15:20:16 | 000,733,184 | ---- | M] () [Auto | Running] -- C:Program FilesSynergysynergys.exe -- (Synergy Server)

========== Driver Services (SafeList) ==========

DRV - [2010/07/31 09:47:00 | 009,892,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversnv4_mini.sys -- (nv)

DRV - [2010/06/21 17:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversnvhda32.sys -- (NVHDA)

DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversusbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows

Link to post
Share on other sites

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

ran all 3 programs still get the error '0' then error '440' automation error and program wont run.

GooredFix by jpshortstuff (03.07.10.1)

Log created at 19:37 on 12/02/2011 (a)

Firefox version 3.6.13 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:29 21/01/2011]

C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\6dwholip.default\extensions\

ffxtlbr@Facemoods.com [03:44 26/01/2011]

{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [04:31 21/01/2011]

{20a82645-c095-46ed-80e3-08825760534b} [13:28 08/02/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:35 02/01/2010]

-=E.O.F=-

tdds found no threats.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-02-12.01 - a 02/12/2011 21:49:16.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1657 [GMT -5:00]

Running from: c:\documents and settings\a\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\a\Application Data\facemoods.com

c:\documents and settings\a\Application Data\PriceGong

c:\documents and settings\a\Application Data\PriceGong\Data\1.xml

c:\documents and settings\a\Application Data\PriceGong\Data\a.xml

c:\documents and settings\a\Application Data\PriceGong\Data\b.xml

c:\documents and settings\a\Application Data\PriceGong\Data\c.xml

c:\documents and settings\a\Application Data\PriceGong\Data\d.xml

c:\documents and settings\a\Application Data\PriceGong\Data\e.xml

c:\documents and settings\a\Application Data\PriceGong\Data\f.xml

c:\documents and settings\a\Application Data\PriceGong\Data\g.xml

c:\documents and settings\a\Application Data\PriceGong\Data\h.xml

c:\documents and settings\a\Application Data\PriceGong\Data\i.xml

c:\documents and settings\a\Application Data\PriceGong\Data\J.xml

c:\documents and settings\a\Application Data\PriceGong\Data\k.xml

c:\documents and settings\a\Application Data\PriceGong\Data\l.xml

c:\documents and settings\a\Application Data\PriceGong\Data\m.xml

c:\documents and settings\a\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\a\Application Data\PriceGong\Data\n.xml

c:\documents and settings\a\Application Data\PriceGong\Data\o.xml

c:\documents and settings\a\Application Data\PriceGong\Data\p.xml

c:\documents and settings\a\Application Data\PriceGong\Data\q.xml

c:\documents and settings\a\Application Data\PriceGong\Data\r.xml

c:\documents and settings\a\Application Data\PriceGong\Data\s.xml

c:\documents and settings\a\Application Data\PriceGong\Data\t.xml

c:\documents and settings\a\Application Data\PriceGong\Data\u.xml

c:\documents and settings\a\Application Data\PriceGong\Data\v.xml

c:\documents and settings\a\Application Data\PriceGong\Data\w.xml

c:\documents and settings\a\Application Data\PriceGong\Data\x.xml

c:\documents and settings\a\Application Data\PriceGong\Data\y.xml

c:\documents and settings\a\Application Data\PriceGong\Data\z.xml

.

((((((((((((((((((((((((( Files Created from 2011-01-13 to 2011-02-13 )))))))))))))))))))))))))))))))

.

2011-02-07 00:35 . 2011-02-07 00:38 -------- d-----w- c:\program files\Wise Registry Cleaner

2011-02-07 00:32 . 2011-02-07 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-07 00:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-07 00:32 . 2011-02-07 00:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1

2011-02-07 00:32 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-03 06:54 . 2011-02-03 06:54 86016 ----a-w- c:\windows\system32\frapsvid.dll

2011-01-31 00:30 . 2011-01-31 00:30 -------- d-----w- c:\program files\Microsoft.NET

2011-01-26 03:45 . 2011-01-26 03:48 -------- d-----w- c:\documents and settings\a\Application Data\Real Park

2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

2011-01-21 04:30 . 2011-01-21 04:30 -------- d-----w- c:\documents and settings\a\Local Settings\Application Data\Mozilla

2011-01-19 23:53 . 2010-06-21 22:07 26216 ----a-w- c:\windows\system32\nvhdap32.dll

2011-01-19 23:53 . 2010-06-21 22:07 232040 ----a-w- c:\windows\system32\nvcohda.dll

2011-01-19 23:53 . 2010-06-21 22:07 91496 ----a-w- c:\windows\system32\drivers\nvhda32.sys

2011-01-19 23:51 . 2011-01-22 03:03 235352 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-01-19 23:51 . 2011-01-22 03:03 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-01-19 23:51 . 2011-01-22 00:49 235352 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-01-16 19:13 . 2011-01-29 01:15 -------- d-----w- c:\documents and settings\a\Application Data\mIRC

2011-01-16 19:13 . 2011-01-28 22:14 -------- d-----w- c:\program files\mIRC

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 22:15 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 22:15 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2010-12-20 22:15 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 15:30 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec

2010-12-11 08:00 . 2010-12-25 06:27 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-07 18:40 . 2010-12-25 06:27 183808 ----a-w- c:\windows\system32\xvidvfw.dll

2010-12-07 18:22 . 2010-12-25 06:27 810496 ----a-w- c:\windows\system32\xvidcore.dll

2010-11-18 18:12 . 2000-08-20 02:02 81920 ----a-w- c:\windows\system32\isign32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-13 13:32 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-13 3911776]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\a\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2000-08-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-31 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-31 13925480]

c:\documents and settings\a\Start Menu\Programs\Startup\

MacroMaker.lnk - c:\documents and settings\a\Application Data\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_576A67D38B93E433719FBD.exe [2009-10-3 10134]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Synergy\\synergys.exe"=

"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\SecondLife\\SLVoice.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\a\\My Documents\\dayosl\\SLVoice.exe"=

"c:\\Program Files\\SecondLife\\SecondLife.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Runes of Magic\\Client.exe"=

"c:\\Documents and Settings\\a\\Desktop\\EVE\\bin\\ExeFile.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/19/2011 6:53 PM 91496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-448539723-839522115-1003Core.job

- c:\documents and settings\a\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2000-08-20 02:22]

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-448539723-839522115-1003UA.job

- c:\documents and settings\a\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2000-08-20 02:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.facemoods.com/?a=desktop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\a\Application Data\Mozilla\Firefox\Profiles\6dwholip.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=desktop

FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=desktop&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com

FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-12 22:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-448539723-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:83,ba,63,87,81,56,bf,fa,29,59,ba,90,0e,ed,47,b9,6f,58,ae,a6,1f,

35,15,91,ac,b3,aa,d6,2c,af,a3,98,c7,9b,f8,c9,c0,79,c9,ec,25,59,cc,8e,56,e5,\

"rkeysecu"=hex:84,dc,2d,9b,e3,44,a2,77,d6,15,77,60,28,35,0b,02

.

Completion time: 2011-02-12 22:04:45

ComboFix-quarantined-files.txt 2011-02-13 03:04

Pre-Run: 71,210,954,752 bytes free

Post-Run: 80,920,121,344 bytes free

- - End Of File - - E201DC8F4E963FF10BABA0FF8ACC8B68

Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please

To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read Carefully

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important !
  • Download and run mbam-clean.exe from Here

It will ask to restart your computer, please allow it to do so, very important

After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from Here

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5751

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

2/12/2011 10:36:10 PM

mbam-log-2011-02-12 (22-36-10).txt

Scan type: Quick scan

Objects scanned: 143581

Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I didnt have an infection. nice.

Link to post
Share on other sites

Looks like we got them all.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :)

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Logfile created: 2/12/2011 22:56:50

Ad-Aware version: 9.0.2

Extended engine: 3

Extended engine version: 3.1.2770

User performing scan: a

*********************** Definitions database information ***********************

Lavasoft definition file: 150.275

Genotype definition file version: Unknown

Extended engine definition file: 8400.0

******************************** Scan results: *********************************

Scan profile name: Smart Scan (ID: smart)

Objects scanned: 142459

Objects detected: 26

Type Detected

==========================

Processes.......: 0

Registry entries: 0

Hostfile entries: 0

Files...........: 2

Folders.........: 0

LSPs............: 0

Cookies.........: 24

Browser hijacks.: 0

MRU objects.....: 0

Removed items:

Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0

Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0

Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0

Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0

Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0

Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409259 Family ID: 0

Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0

Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0

Description: *.ru4* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409055 Family ID: 0

Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0

Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0

Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0

Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0

Description: *.zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409030 Family ID: 0

Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0

Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0

Description: *.lycos* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408930 Family ID: 0

Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0

Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0

Quarantined items:

Description: c:\documents and settings\a\my documents\blackra1n (1).exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 7ad0a6a31f0dc6360d7080b0c7ba1717

Description: c:\documents and settings\a\my documents\blackra1n.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 7ad0a6a31f0dc6360d7080b0c7ba1717

Scan and cleaning complete: Finished correctly after 1083 seconds

*********************************** Settings ***********************************

Scan profile:

ID: smart, enabled:1, value: Smart Scan

ID: folderstoscan, enabled:1, value:

ID: useantivirus, enabled:1, value: true

ID: sections, enabled:1

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: false

ID: scanhostsfile, enabled:1, value: false

ID: scanmru, enabled:1, value: false

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: filescanningoptions, enabled:1

ID: archives, enabled:1, value: false

ID: onlyexecutables, enabled:1, value: true

ID: skiplargerthan, enabled:1, value: 20480

ID: scanrootkits, enabled:1, value: true

ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict

ID: usespywareheuristics, enabled:1, value: true

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:

<Empty>

Update settings:

ID: updates, enabled:1

ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently

ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: schedules, enabled:1, value: true

ID: updatedaily1, enabled:1, value: Daily 1

ID: time, enabled:1, value: Sat Feb 12 22:48:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily2, enabled:1, value: Daily 2

ID: time, enabled:1, value: Sat Feb 12 04:48:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily3, enabled:1, value: Daily 3

ID: time, enabled:1, value: Sat Feb 12 10:48:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily4, enabled:1, value: Daily 4

ID: time, enabled:1, value: Sat Feb 12 16:48:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updateweekly1, enabled:1, value: Weekly

ID: time, enabled:1, value: Sat Feb 12 22:48:00 2011

ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: true

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: true

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:

ID: appearance, enabled:1

ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource

ID: showtrayicon, enabled:1, value: true

ID: autoentertainmentmode, enabled:1, value: true

ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple

ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:

ID: realtime, enabled:1

ID: layers, enabled:1

ID: useantivirus, enabled:1, value: true

ID: usespywareheuristics, enabled:1, value: true

ID: maintainbackup, enabled:1, value: true

ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

ID: modules, enabled:1

ID: processprotection, enabled:1, value: true

ID: onaccessprotection, enabled:1, value: true

ID: registryprotection, enabled:1, value: true

ID: networkprotection, enabled:1, value: true

****************************** System information ******************************

Computer name: CENTER

Processor name: AMD Athlon 64 X2 Dual Core Processor 3800+

Processor identifier: x86 Family 15 Model 35 Stepping 2

Processor speed: ~1999MHZ

Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 8962, number of processors 2, processor features: [MMX,SSE,SSE2,3DNow]

Physical memory available: 1630081024 bytes

Physical memory total: 2145886208 bytes

Virtual memory available: 1850511360 bytes

Virtual memory total: 2147352576 bytes

Memory load: 24%

Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Windows startup mode:

Running processes:

PID: 468 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 524 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 548 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY

PID: 592 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY

PID: 604 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY

PID: 804 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 852 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 920 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 952 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1020 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 1112 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1248 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1352 name: C:\WINDOWS\Explorer.EXE owner: a domain: CENTER

PID: 1456 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1680 name: C:\WINDOWS\SOUNDMAN.EXE owner: a domain: CENTER

PID: 1696 name: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe owner: a domain: CENTER

PID: 1716 name: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe owner: a domain: CENTER

PID: 1860 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: a domain: CENTER

PID: 1888 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1932 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1944 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY

PID: 264 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 428 name: C:\Program Files\Synergy\synergys.exe owner: SYSTEM domain: NT AUTHORITY

PID: 944 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1096 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2108 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 2324 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2372 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2584 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3308 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: a domain: CENTER

Startup items:

Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}

imagepath: Browseui preloader

Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}

imagepath: Component Categories cache daemon

Name: PostBootReminder

imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}

Name: CDBurn

imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}

Name: WebCheck

imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Name: SysTray

imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}

Name: WPDShServiceObj

imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Name: SoundMan

imagepath: SOUNDMAN.EXE

Name: QuickTime Task

imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Name: Adobe Reader Speed Launcher

imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Name: Adobe ARM

imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Name: NvMediaCenter

imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Name: NvCplDaemon

imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Name:

imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Name:

imagepath: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:

Name:

imagepath: autocheck autochk *

Running services:

Name: ALG

displayname: Application Layer Gateway Service

Name: Apple Mobile Device

displayname: Apple Mobile Device

Name: AudioSrv

displayname: Windows Audio

Name: BITS

displayname: Background Intelligent Transfer Service

Name: Bonjour Service

displayname: Bonjour Service

Name: Browser

displayname: Computer Browser

Name: CryptSvc

displayname: CryptSvc

Name: DcomLaunch

displayname: DCOM Server Process Launcher

Name: Dhcp

displayname: DHCP Client

Name: dmserver

displayname: Logical Disk Manager

Name: Dnscache

displayname: DNS Client

Name: ERSvc

displayname: Error Reporting Service

Name: Eventlog

displayname: Event Log

Name: EventSystem

displayname: COM+ Event System

Name: FastUserSwitchingCompatibility

displayname: Fast User Switching Compatibility

Name: helpsvc

displayname: Help and Support

Name: HidServ

displayname: HID Input Service

Name: HTTPFilter

displayname: HTTP SSL

Name: lanmanserver

displayname: Server

Name: lanmanworkstation

displayname: Workstation

Name: Lavasoft Ad-Aware Service

displayname: Lavasoft Ad-Aware Service

Name: LmHosts

displayname: TCP/IP NetBIOS Helper

Name: Netman

displayname: Network Connections

Name: Nla

displayname: Network Location Awareness (NLA)

Name: PlugPlay

displayname: Plug and Play

Name: PolicyAgent

displayname: IPSEC Services

Name: ProtectedStorage

displayname: Protected Storage

Name: RasMan

displayname: Remote Access Connection Manager

Name: RemoteRegistry

displayname: Remote Registry

Name: RpcSs

displayname: Remote Procedure Call (RPC)

Name: SamSs

displayname: Security Accounts Manager

Name: Schedule

displayname: Task Scheduler

Name: seclogon

displayname: Secondary Logon

Name: SENS

displayname: System Event Notification

Name: SharedAccess

displayname: Windows Firewall/Internet Connection Sharing (ICS)

Name: ShellHWDetection

displayname: Shell Hardware Detection

Name: Spooler

displayname: Print Spooler

Name: srservice

displayname: System Restore Service

Name: SSDPSRV

displayname: SSDP Discovery Service

Name: stisvc

displayname: Windows Image Acquisition (WIA)

Name: Synergy Server

displayname: Synergy Server

Name: TapiSrv

displayname: Telephony

Name: TermService

displayname: Terminal Services

Name: Themes

displayname: Themes

Name: TrkWks

displayname: Distributed Link Tracking Client

Name: W32Time

displayname: Windows Time

Name: WebClient

displayname: WebClient

Name: winmgmt

displayname: Windows Management Instrumentation

Name: wscsvc

displayname: Security Center

Name: wuauserv

displayname: Automatic Updates

Name: WudfSvc

displayname: Windows Driver Foundation - User-mode Driver Framework

Name: WZCSVC

displayname: Wireless Zero Configuration

Name: YahooAUService

displayname: Yahoo! Updater

before i clean up i ran ad aware. ill get to that cleaning now. thank you for all your hepl

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.