Ace01
Honorary Members-
Posts
76 -
Joined
-
Last visited
Reputation
0 Neutral-
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Awesome -that worked fine. Thanks !!! Will do. Things are working well. I feel you can close this case. Thanks again for all of your time, patience, and help!!!! -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - two hopefully last few things that I was hoping you could help with: 1) My clock never seemed to get adjusted back to how it was...so for example 3:00 PM EST shows as 15:00. I right clicked on the clock, tried Adjust Date/Time but everthing looks proper there, but when I try to sych to internet time (the time displayed is correct, just in a different format) it cannot synch. Not sure how to get it back to the 3:00 PM format 2) In doing a Microsoft Windows Update I get an error updating or accessing Software Update Microsoft .NET Framework. Any thoughts on that? Thanks again !!! -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - in regards to the no Remove buttons, I could swear that is the way I removed Windows Defender when I initially removed it before reinstalling it. I had wanted to remove it (based on the fact that I'd use MBAM and WinPatrol), but do not see that option in Control Mgr or in the Start>All Programs>Windows Defender. Besides this, I have not run into any other problems. Again, I greatly appreciate your time and help with this!!!! -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - It took me sometime to do some research on removing the installer prompt but I think I have figured it out. It was actually related to My Sonic which came with the PC and I have never used. So that seems good now. One thing I noticed though is that when I go into Control Pannel and choose "Add and Remove Programs", I don't see a Remove button for hardly any of the programs. I had thought there was a Remove button for everything...am I mistaken, or was that ability compromised somehow - ability to delete programs via the Remove button in the Add and Remove Programs menu? Or aren't there Remove buttons for most everything ?? -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - Yes, this has helped. The desktop loads a lot quicker. The hard drive still sounds like it could use a defragging though, so I may do that later, but yest the start up performance has gotten better. When you mentioned you thought Windows Defender is not worth keeping, is that because MBAM and WinPatrol provide better scanning/protection? I still get the Windows Installer poping up looking to install an HP update every now and then. Thanks. -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - Here is the output of ReqQuery : Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "DisplayName"="DHCP Client" "Group"="TDI" "DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,41,00,66,00,64,00,\ 00,00,4e,00,65,00,74,00,42,00,54,00,00,00 "DependOnGroup"=hex(7):00,00 "ObjectName"="LocalSystem" "Description"="Manages network configuration by registering and updating IP addresses and DNS names." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations] "Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\ 00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\ 00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Linkage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Linkage\Disabled] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "{892900FC-9814-4488-99C0-81491C1EE93D}"=hex:2e,00,00,00,00,00,00,00,01,00,00,\ 00,00,00,00,00,ac,03,29,43,08,00,00,00,2c,00,00,00,00,00,00,00,10,00,00,00,\ 00,00,00,00,ac,03,29,43,10,5c,03,f6,10,5c,03,f7,10,51,03,f7,10,72,03,f7,06,\ 00,00,00,00,00,00,00,10,00,00,00,00,00,00,00,ac,03,29,43,10,5c,03,f2,10,5c,\ 03,f3,10,51,03,f3,10,76,03,f3,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\ 00,ac,03,29,43,0f,0e,38,01,0f,00,00,00,00,00,00,00,15,00,00,00,00,00,00,00,\ ac,03,29,43,61,6d,65,72,69,63,61,73,2e,68,70,71,63,6f,72,70,2e,6e,65,74,00,\ 00,00,00,51,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,ac,03,29,43,00,ff,\ ff,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,ff,ff,f8,\ 00,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,10,5c,03,fa,\ 33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,00,13,c6,80,3b,\ 00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,00,11,4d,b0,3a,00,\ 00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,00,09,e3,40,35,00,00,\ 00,00,00,00,00,01,00,00,00,00,00,00,00,ac,03,29,43,05,00,00,00,fc,00,00,00,\ 00,00,00,00,18,00,00,00,00,00,00,00,d5,fe,28,43,68,74,74,70,3a,2f,2f,61,75,\ 74,6f,63,61,63,68,65,2e,68,70,2e,63,6f,6d,00 "{3E2D1254-0094-4F99-90EE-FD4C040318AE}"=hex:51,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,40,8d,e7,44,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 40,8d,e7,44,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,40,8d,e7,44,33,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,40,8d,e7,44,3b,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,40,8d,e7,44,3a,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,40,8d,e7,44,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 40,8d,e7,44 "{2E9571C2-11F2-43D7-983F-E250429226C4}"=hex:33,00,00,00,00,00,00,00,04,00,00,\ 00,00,00,00,00,59,0f,56,46,00,00,00,14,01,00,00,00,00,00,00,00,04,00,00,00,\ 00,00,00,00,59,0f,56,46,ff,ff,ff,00,36,00,00,00,00,00,00,00,04,00,00,00,00,\ 00,00,00,59,0f,56,46,c0,a8,64,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,\ 00,00,59,0f,56,46,05,00,00,00 "{AAF9F080-AD34-4B06-AECA-83AA222E97F2}"=hex:1f,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,ba,02,d9,47,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ ba,02,d9,47,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ba,02,d9,47,0f,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ba,02,d9,47,01,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,ba,02,d9,47,33,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,ba,02,d9,47,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ ba,02,d9,47,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ba,02,d9,47 "{A6261C93-1E00-4AE4-A23B-0311F47ED5D3}"=hex:0f,00,00,00,00,00,00,00,14,00,00,\ 00,00,00,00,00,bb,59,a0,4a,68,73,64,31,2e,70,61,2e,63,6f,6d,63,61,73,74,2e,\ 6e,65,74,2e,06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,bb,59,a0,4a,44,\ 57,40,96,44,57,4b,c6,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,bb,59,\ a0,4a,c0,a8,01,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,bb,59,a0,\ 4a,ff,ff,ff,00,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,bb,59,a0,4a,\ c0,a8,01,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,bb,59,a0,4a,05,\ 00,00,00,fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,3b,09,9f,4a,33,00,\ 00,00,00,00,00,00,04,00,00,00,00,00,00,00,bb,59,a0,4a,00,01,51,80 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\1] "KeyType"=dword:00000007 "RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\ 00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\ 65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\ 00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\ 65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\ 00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,\ 65,00,74,00,4d,00,61,00,73,00,6b,00,4f,00,70,00,74,00,00,00,53,00,59,00,53,\ 00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,\ 6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,\ 00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,61,00,\ 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,\ 00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,65,00,74,00,4d,00,61,00,\ 73,00,6b,00,4f,00,70,00,74,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15] "KeyType"=dword:00000001 "RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\ 00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\ 65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\ 00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\ 65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\ 00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,\ 69,00,6e,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\ 00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\ 65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\ 00,63,00,70,00,49,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\ 65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,69,\ 00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\220] "KeyType"=dword:00000003 "VendorType"=dword:00000001 "RegSendLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,\ 72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,\ 00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,\ 54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,\ 00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,\ 65,00,73,00,5c,00,3f,00,5c,00,53,00,6f,00,48,00,52,00,65,00,71,00,75,00,65,\ 00,73,00,74,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\3] "KeyType"=dword:00000007 "RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\ 00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\ 65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\ 00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\ 65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\ 00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,\ 75,00,6c,00,74,00,47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,53,00,59,\ 00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,\ 00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,\ 61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,\ 00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,\ 47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\44] "KeyType"=dword:00000001 "RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\ 00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\ 65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\ 00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\ 65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\ 00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\ 63,00,70,00,4e,00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,4c,\ 00,69,00,73,00,74,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,\ 75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,\ 00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,\ 5c,00,4e,00,65,00,74,00,42,00,54,00,5c,00,41,00,64,00,61,00,70,00,74,00,65,\ 00,72,00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,\ 65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\46] "KeyType"=dword:00000004 "RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpNodeType" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\47] "KeyType"=dword:00000001 "RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpScopeID" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\6] "KeyType"=dword:00000001 "RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\ 00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\ 65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\ 00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\ 65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\ 00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,65,00,\ 53,00,65,00,72,00,76,00,65,00,72,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,\ 00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,\ 72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,\ 00,65,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,\ 61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,4e,\ 00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\DhcpNetbiosOptions] "KeyType"=dword:00000004 "OptionId"=dword:00000001 "VendorType"=dword:00000001 "RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\ 00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\ 65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\ 00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\ 65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\ 00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\ 63,00,70,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,4f,00,70,00,74,00,69,\ 00,6f,00,6e,00,73,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 2c,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Enum] "0"="Root\\LEGACY_DHCP\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 ================================ -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - I have to go and will be back later tonight (around 7:30pm EST). Thanks again. -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - we posted at the same time. Here is the results of the new look.bat file: DISPLAY_NAME: Alerter STATE : 1 STOPPED DISPLAY_NAME: Application Layer Gateway Service STATE : 4 RUNNING DISPLAY_NAME: Apple Mobile Device STATE : 4 RUNNING DISPLAY_NAME: Application Management STATE : 1 STOPPED DISPLAY_NAME: ASP.NET State Service STATE : 1 STOPPED DISPLAY_NAME: Windows Audio STATE : 4 RUNNING DISPLAY_NAME: Background Intelligent Transfer Service STATE : 4 RUNNING DISPLAY_NAME: Bonjour Service STATE : 4 RUNNING DISPLAY_NAME: Computer Browser STATE : 4 RUNNING DISPLAY_NAME: Canon Camera Access Library 8 STATE : 4 RUNNING DISPLAY_NAME: Indexing Service STATE : 1 STOPPED DISPLAY_NAME: ClipBook STATE : 1 STOPPED DISPLAY_NAME: .NET Runtime Optimization Service v2.0.50727_X86 STATE : 1 STOPPED DISPLAY_NAME: COM+ System Application STATE : 4 RUNNING DISPLAY_NAME: CryptSvc STATE : 4 RUNNING DISPLAY_NAME: DCOM Server Process Launcher STATE : 4 RUNNING DISPLAY_NAME: DHCP Client STATE : 4 RUNNING DISPLAY_NAME: Logical Disk Manager Administrative Service STATE : 1 STOPPED DISPLAY_NAME: Logical Disk Manager STATE : 4 RUNNING DISPLAY_NAME: DNS Client STATE : 4 RUNNING DISPLAY_NAME: Wired AutoConfig STATE : 1 STOPPED DISPLAY_NAME: Extensible Authentication Protocol Service STATE : 1 STOPPED DISPLAY_NAME: Media Center Receiver Service STATE : 4 RUNNING DISPLAY_NAME: Media Center Scheduler Service STATE : 4 RUNNING DISPLAY_NAME: Intel® Quick Resume technology STATE : 4 RUNNING DISPLAY_NAME: Error Reporting Service STATE : 4 RUNNING DISPLAY_NAME: Event Log STATE : 4 RUNNING DISPLAY_NAME: COM+ Event System STATE : 4 RUNNING DISPLAY_NAME: Fast User Switching Compatibility STATE : 4 RUNNING DISPLAY_NAME: Fax STATE : 1 STOPPED DISPLAY_NAME: Windows Presentation Foundation Font Cache 3.0.0.0 STATE : 1 STOPPED DISPLAY_NAME: Seagate Service STATE : 4 RUNNING DISPLAY_NAME: Google Software Updater STATE : 1 STOPPED DISPLAY_NAME: Help and Support STATE : 4 RUNNING DISPLAY_NAME: HID Input Service STATE : 4 RUNNING DISPLAY_NAME: Health Key and Certificate Management Service STATE : 1 STOPPED DISPLAY_NAME: hpqcxs08 STATE : 4 RUNNING DISPLAY_NAME: HP CUE DeviceDiscovery Service STATE : 4 RUNNING DISPLAY_NAME: HP Network Devices Support STATE : 4 RUNNING DISPLAY_NAME: HTTP SSL STATE : 4 RUNNING DISPLAY_NAME: Intel® Matrix Storage Event Monitor STATE : 4 RUNNING DISPLAY_NAME: InstallDriver Table Manager STATE : 1 STOPPED DISPLAY_NAME: Windows CardSpace STATE : 1 STOPPED DISPLAY_NAME: IMAPI CD-Burning COM Service STATE : 1 STOPPED DISPLAY_NAME: Intuit Update Service STATE : 4 RUNNING DISPLAY_NAME: iPod Service STATE : 4 RUNNING DISPLAY_NAME: Java Quick Starter STATE : 4 RUNNING DISPLAY_NAME: Server STATE : 4 RUNNING DISPLAY_NAME: Workstation STATE : 4 RUNNING DISPLAY_NAME: LightScribeService Direct Disc Labeling Service STATE : 4 RUNNING DISPLAY_NAME: TCP/IP NetBIOS Helper STATE : 4 RUNNING DISPLAY_NAME: MBackMonitor STATE : 1 STOPPED DISPLAY_NAME: McAfee Services STATE : 4 RUNNING DISPLAY_NAME: McAfee Network Agent STATE : 4 RUNNING DISPLAY_NAME: McAfee Scanner STATE : 1 STOPPED DISPLAY_NAME: McAfee Proxy Service STATE : 4 RUNNING DISPLAY_NAME: Media Center Extender Service STATE : 4 RUNNING DISPLAY_NAME: McAfee Real-time Scanner STATE : 4 RUNNING DISPLAY_NAME: McAfee SystemGuards STATE : 4 RUNNING DISPLAY_NAME: Messenger STATE : 1 STOPPED DISPLAY_NAME: MHN STATE : 1 STOPPED DISPLAY_NAME: NetMeeting Remote Desktop Sharing STATE : 1 STOPPED DISPLAY_NAME: McAfee Personal Firewall Service STATE : 4 RUNNING DISPLAY_NAME: Windows Installer STATE : 4 RUNNING DISPLAY_NAME: Network Access Protection Agent STATE : 1 STOPPED DISPLAY_NAME: NBService STATE : 1 STOPPED DISPLAY_NAME: Net Driver HPZ12 STATE : 4 RUNNING DISPLAY_NAME: Network DDE STATE : 1 STOPPED DISPLAY_NAME: Network DDE DSDM STATE : 1 STOPPED DISPLAY_NAME: Net Logon STATE : 1 STOPPED DISPLAY_NAME: Network Connections STATE : 4 RUNNING DISPLAY_NAME: Net.Tcp Port Sharing Service STATE : 1 STOPPED DISPLAY_NAME: Network Location Awareness (NLA) STATE : 4 RUNNING DISPLAY_NAME: NT LM Security Support Provider STATE : 1 STOPPED DISPLAY_NAME: Removable Storage STATE : 1 STOPPED DISPLAY_NAME: Plug and Play STATE : 4 RUNNING DISPLAY_NAME: Pml Driver HPZ12 STATE : 4 RUNNING DISPLAY_NAME: IPSEC Services STATE : 4 RUNNING DISPLAY_NAME: Protected Storage STATE : 4 RUNNING DISPLAY_NAME: Remote Access Auto Connection Manager STATE : 1 STOPPED DISPLAY_NAME: Remote Access Connection Manager STATE : 4 RUNNING DISPLAY_NAME: Remote Desktop Help Session Manager STATE : 1 STOPPED DISPLAY_NAME: Routing and Remote Access STATE : 1 STOPPED DISPLAY_NAME: Remote Registry STATE : 4 RUNNING DISPLAY_NAME: Remote Procedure Call (RPC) Locator STATE : 1 STOPPED DISPLAY_NAME: Remote Procedure Call (RPC) STATE : 4 RUNNING DISPLAY_NAME: QoS RSVP STATE : 1 STOPPED DISPLAY_NAME: Security Accounts Manager STATE : 4 RUNNING DISPLAY_NAME: Smart Card STATE : 1 STOPPED DISPLAY_NAME: Task Scheduler STATE : 1 STOPPED DISPLAY_NAME: Secondary Logon STATE : 4 RUNNING DISPLAY_NAME: System Event Notification STATE : 4 RUNNING DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS) STATE : 4 RUNNING DISPLAY_NAME: Shell Hardware Detection STATE : 4 RUNNING DISPLAY_NAME: Print Spooler STATE : 4 RUNNING DISPLAY_NAME: System Restore Service STATE : 4 RUNNING DISPLAY_NAME: SSDP Discovery Service STATE : 4 RUNNING DISPLAY_NAME: Windows Image Acquisition (WIA) STATE : 4 RUNNING DISPLAY_NAME: MS Software Shadow Copy Provider STATE : 1 STOPPED DISPLAY_NAME: Performance Logs and Alerts STATE : 1 STOPPED DISPLAY_NAME: Telephony STATE : 4 RUNNING DISPLAY_NAME: Terminal Services STATE : 4 RUNNING DISPLAY_NAME: Themes STATE : 4 RUNNING DISPLAY_NAME: Telnet STATE : 1 STOPPED DISPLAY_NAME: TomTomHOMEService STATE : 4 RUNNING DISPLAY_NAME: Distributed Link Tracking Client STATE : 4 RUNNING DISPLAY_NAME: Universal Plug and Play Device Host STATE : 1 STOPPED DISPLAY_NAME: Uninterruptible Power Supply STATE : 1 STOPPED DISPLAY_NAME: Volume Shadow Copy STATE : 1 STOPPED DISPLAY_NAME: Windows Time STATE : 4 RUNNING DISPLAY_NAME: WebClient STATE : 4 RUNNING DISPLAY_NAME: Windows Defender STATE : 4 RUNNING DISPLAY_NAME: Windows Management Instrumentation STATE : 4 RUNNING DISPLAY_NAME: Portable Media Serial Number Service STATE : 1 STOPPED DISPLAY_NAME: Windows Management Instrumentation Driver Extensions STATE : 1 STOPPED DISPLAY_NAME: WMI Performance Adapter STATE : 1 STOPPED DISPLAY_NAME: Windows Media Player Network Sharing Service STATE : 1 STOPPED DISPLAY_NAME: Security Center STATE : 4 RUNNING DISPLAY_NAME: Automatic Updates STATE : 4 RUNNING DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework STATE : 1 STOPPED DISPLAY_NAME: Wireless Zero Configuration STATE : 4 RUNNING DISPLAY_NAME: Network Provisioning Service STATE : 1 STOPPED -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - First, sorry for mispelling Katana in my lays post - my eyes are not as good as they used to be. I just tried to do the HP Update (my PC is an HP), and I got the message I got a while back in post 52: "So, in trying to install automatic updates, such as an HP fix, I get an error that states "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'HP Update.msi' in the box below. Use Source: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pft21F.tmp\" Clicking OK to the message I get" "The path C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pft21F.tmp\HP Update.msi' cannot be found. Verify that you have access to this location and try again, or to try to find the package 'HP Update.msi' in a folder from which you can install the product HP Update.' Canelling out I get: Error 1714. The older version of HP Update cannot be removed. Contact your technical support group." Windows Installer keeps popping up trying to install it. I am wondering if the HP Update got compomised when the virus hit and it has impacted the file(s) used in this process ?? Is there a way to get this fixed ?? -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - First, I want to thank you on behalf of our household in helping us. We really appreciate your time and help. I learned a lot as well and hope you and your team learned from my detriments that will end up allowing you to better help others. I do have a few questions that I was hoping you could help with - please let me know if they are best handled via PM or if you don't have time to answer - I'm somewhat high maintenance as you can tell: 1) Can you instruct me on how to turn on Spybot - we turned it off in an earlier post --- and-- do you feel it is a good tool. Sometimes it is hard for me to understand whether or not to accept a registry change, so I always Deny them. It seems annoying at times, but I am guessing it is really trying to help. Should I try to uninstall and re-install or is there a script to run to turn it back on. If you had to pick one Prevention tool you listed above, which would you pick or find to be the most effective ?? 2) Would a disk defrag help in trying to alleviate the super slowness start up the virus caused ?? 3) My earlier MBAM question - in the Quarentine tab it lists the viruses it has quarentined -- should I Delete All or leave them and if leave them, is that risky ?? Not sure what the best course of action is and wanted to get your expert thoughts. It seems scary to me to leave them lurking. 4) Can you tell if I have an Recovery process on my machine from the logs that were run, and if not, is it something I should do (and how do I do it)?? Would that have been an option to fix this virus?? 5) I ran OTCleanup but it did not get delete a lot of the desktop items that were downloaded as part of fixing my PC. Is it okay to delete all of the programs I have downloaded to my desktop as part of ridding the pc of the virus?? (Inherit, Win32KDiag (may want to keep incase I get another virus), SystemLookout, RSIT, Java, usbnorisk, Junction, etc..., these all remain) 6) Would you think McAfee would now be up to speed with preventing this virus ? 7) Is Windows Defender worth keeping - I did not notice it in your Best Practice recommendations ?? 8) If there is something lurking, do I post a new issue and refer to this posting? Can I ask specifically for your help ?? 9) Lastly, is there a way to save a copy of the post with Best Practices ??? Are these tools you recommend safe - someone in work thought some tools as such may actually have weaknesses that allow hackers to compromise and sneak viruses in? I told him he was wrong, correct? Thank you so much Katina !!!!! -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - Thanks - here is the Combofix log: ComboFix 09-09-01.04 - HP_Administrator 09/01/2009 18:08.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1384 [GMT -4:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "l:\bootex\thumbcache_131.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll l:\bootex\thumbcache_131.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_kbiwkmewcdpuiu -------\Service_kbiwkmewcdpuiu ((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 ))))))))))))))))))))))))))))))) . 2009-08-31 21:48 . 2009-08-31 21:53 -------- d-----w- C:\USBNoRisk 2009-08-31 01:43 . 2009-08-31 01:43 3584 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2009-08-31 01:43 . 2009-08-31 01:43 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-08-31 01:35 . 2009-08-31 01:43 -------- d-----w- c:\program files\MSECACHE 2009-08-30 22:05 . 2009-08-29 19:30 95616 ----a-w- C:\junction.exe 2009-08-30 13:32 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-08-30 13:32 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-08-30 13:32 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-08-30 13:32 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-08-30 13:31 . 2009-08-30 13:32 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-30 13:31 . 2009-08-30 13:32 -------- d-----w- c:\program files\McAfee.com 2009-08-30 13:31 . 2009-08-31 09:46 -------- d-----w- c:\program files\McAfee 2009-08-30 13:29 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-08-29 20:06 . 2009-08-29 20:06 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-29 17:30 . 2009-08-29 17:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate 2009-08-29 17:30 . 2009-08-29 17:30 -------- d-----w- c:\windows\Hewlett-Packard 2009-08-29 11:46 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-29 11:46 . 2009-08-29 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-29 11:46 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-29 11:20 . 2009-08-29 11:20 244130 ----a-w- C:\Avenger.zip 2009-08-29 11:15 . 2009-08-29 11:15 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache 2009-08-28 23:18 . 2009-08-29 00:01 -------- d-s---w- C:\Something 2009-08-28 22:55 . 2009-08-28 23:00 574 ----a-w- C:\cleanup.bat 2009-08-28 22:55 . 2009-08-28 23:00 135168 ----a-w- C:\zip.exe 2009-08-26 23:51 . 2009-08-28 23:08 -------- d--h--w- c:\windows\PIF 2009-08-26 22:33 . 2009-08-29 13:39 -------- d-----w- C:\rsit 2009-08-22 17:14 . 2009-08-22 17:14 -------- d-----w- c:\program files\Trend Micro 2009-08-15 14:47 . 2006-04-05 23:38 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe 2009-08-15 14:40 . 2009-08-15 14:40 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-08-15 13:59 . 2009-08-15 14:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2009-08-15 00:50 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-13 00:59 . 2009-08-13 00:59 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-13 00:58 . 2009-08-13 00:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-13 00:30 . 2009-08-13 00:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Netscape 2009-08-12 21:25 . 2009-08-31 10:55 -------- d-----w- c:\program files\Windows Defender 2009-08-12 21:23 . 2009-08-12 21:23 5154304 ----a-w- c:\program files\WindowsDefender.msi 2009-08-12 10:07 . 2009-08-31 10:55 -------- d-sh--w- c:\windows\Installer 2009-08-06 07:05 . 2009-08-06 07:05 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-06 07:05 . 2009-08-06 07:05 -------- d-----w- c:\program files\MSBuild 2009-08-06 07:05 . 2009-08-06 07:05 -------- d-----w- c:\program files\Reference Assemblies 2009-08-06 07:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-06 07:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-06 07:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-06 07:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-06 07:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-06 07:04 . 2009-08-06 07:04 -------- d-----w- C:\821b3653477c13d951269d 2009-08-06 07:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-06 07:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-06 07:04 . 2009-08-11 19:09 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-31 01:13 . 2007-01-13 21:46 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-30 16:32 . 2006-12-13 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-29 20:07 . 2006-08-19 21:13 -------- d-----w- c:\program files\Java 2009-08-29 19:30 . 2007-07-24 19:58 95616 ----a-w- c:\windows\junction.exe 2009-08-29 11:28 . 2008-11-29 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-22 17:11 . 2006-12-28 15:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3 2009-08-12 10:18 . 2008-11-29 13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware- 2009-08-06 07:18 . 2006-08-19 21:42 55088 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:01 . 2004-08-09 21:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-31 02:39 . 2006-12-20 02:47 -------- d-----w- c:\program files\DVD Decrypter 2009-07-27 01:55 . 2009-07-26 19:32 116838 ----a-w- c:\windows\hpqins00.dat 2009-07-26 22:34 . 2008-07-12 02:38 -------- d-----w- c:\program files\Safari 2009-07-26 22:32 . 2009-07-26 22:32 -------- d-----w- c:\program files\iTunes 2009-07-26 22:32 . 2009-07-26 22:32 -------- d-----w- c:\program files\iPod 2009-07-26 22:32 . 2007-10-20 12:51 -------- d-----w- c:\program files\Common Files\Apple 2009-07-26 22:28 . 2009-07-26 22:28 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe 2009-07-25 09:23 . 2008-12-11 22:40 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 15:40 . 2007-09-30 17:35 -------- d-----w- c:\program files\TuxPaint 2009-07-14 03:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-07-05 07:00 . 2009-07-05 07:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-07-05 07:00 . 2009-07-05 07:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-07-03 17:09 . 2004-08-09 21:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-16 14:36 . 2004-08-09 21:00 81920 ------w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-09 21:00 119808 ------w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-09 21:00 80896 ------w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2004-08-10 04:00 76288 ------w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-09 21:00 84992 ------w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2004-08-09 21:00 2066432 ------w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-09 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2006-11-22 02:42 . 2006-11-22 02:42 251 ----a-w- c:\program files\wt3d.ini 2007-02-21 21:51 . 2007-08-22 16:16 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-02-21 21:51 . 2007-08-22 16:16 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-02-21 21:51 . 2007-08-22 16:16 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-02-21 21:51 . 2007-08-22 16:16 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-02-21 21:51 . 2007-08-22 16:16 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2006-11-04 17:29 . 2006-11-04 17:29 22 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-19 180269] "BarbieGirlsTray"="c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-15 24576] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-13 16239616] "PCDrProfiler"="" [bU] "NWEReboot"="" [bU] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-8-19 36903] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 5:42 PM 156968] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-08-30 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-30 01:26] 2009-08-30 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-30 01:26] 2009-09-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] 2009-08-11 c:\windows\Tasks\User_Feed_Synchronization-{6958BBF8-D413-4978-AA6B-0841C88A6138}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-Google Quick Search Box - c:\program files\Google\Quick Search Box\qsb.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jfjtgfp5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 18:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1836) c:\windows\system32\WININET.dll c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\msiexec.exe c:\hp\KBD\kbd.exe . ************************************************************************** . Completion time: 2009-09-01 18:33 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-01 22:32 ComboFix2.txt 2009-08-29 00:01 Pre-Run: 6,017,908,736 bytes free Post-Run: 6,100,631,552 bytes free 296 --- E O F --- 2009-09-01 09:53 -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
I just did a search on my C:drive and all it finds are some of the output text files I had renamed (by adding date and time at the end) after previous ComboFix runs and a book mark to this thread that I created and this "ComboFix-quarantined-files.txt" in the Qoobox folder. Is the fact that it is missing now a concern?? Should I redownload it. I do have to go. Thanks and I'll be back at 5:15 EST for continuted and totally appreciative assistance. -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Hi - It seems like ComboFix is gone off my desktop and PC ?? I had two versions, 1) the renamed one from one of the earlier posts and 2) the ComboFix one that we used most recently? I don't see either now ??? Seems wierd - I did not delete them. I acutally need to go. I will log off and be back at 5:15pm EST today. -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Logging off tonight - will disconnect both external drives. Back after a few hours of sleep. Thanks again for your time and help with this. Other than this, my pc seems to be running fine - it just starts a lot slower than it had in the past. -
Infected with Advanced Virus Remover infection HELP NEEDED
Ace01 replied to Ace01's topic in Resolved Malware Removal Logs
Ok - before giving up for the night, I tried to scan each device individually and was successful. I did not do my PC though (that is where it seemed to get hung up - on the PC). Here is the first log L Thumb drive (looks like there is something on this): -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, August 31, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, September 01, 2009 04:07:18 Records in database: 2733618 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - Folder: L:\ Scan statistics: Objects scanned: 189 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 00:00:32 File name / Threat / Threats count L:\BOOTEX\thumbcache_131.exe Infected: Trojan.Win32.Buzus.btpt 1 Selected area has been scanned. ================================== Here is the second one - the external hard drive (seems ok?) : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, August 31, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, September 01, 2009 04:07:18 Records in database: 2733618 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - Folder: G:\ Scan statistics: Objects scanned: 30193 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 00:38:04 No threats found. Scanned area is clean. Selected area has been scanned.