Jump to content

Infected with Advanced Virus Remover infection HELP NEEDED


Recommended Posts

  • Replies 119
  • Created
  • Last Reply

Top Posters In This Topic

Hi - Thanks - here is the Combofix log:

ComboFix 09-09-01.04 - HP_Administrator 09/01/2009 18:08.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1384 [GMT -4:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::

"l:\bootex\thumbcache_131.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll

l:\bootex\thumbcache_131.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_kbiwkmewcdpuiu

-------\Service_kbiwkmewcdpuiu

((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))

.

2009-08-31 21:48 . 2009-08-31 21:53 -------- d-----w- C:\USBNoRisk

2009-08-31 01:43 . 2009-08-31 01:43 3584 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2009-08-31 01:43 . 2009-08-31 01:43 -------- d-----w- c:\program files\Windows Installer Clean Up

2009-08-31 01:35 . 2009-08-31 01:43 -------- d-----w- c:\program files\MSECACHE

2009-08-30 22:05 . 2009-08-29 19:30 95616 ----a-w- C:\junction.exe

2009-08-30 13:32 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-08-30 13:32 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2009-08-30 13:32 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-08-30 13:32 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2009-08-30 13:31 . 2009-08-30 13:32 -------- d-----w- c:\program files\Common Files\McAfee

2009-08-30 13:31 . 2009-08-30 13:32 -------- d-----w- c:\program files\McAfee.com

2009-08-30 13:31 . 2009-08-31 09:46 -------- d-----w- c:\program files\McAfee

2009-08-30 13:29 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2009-08-29 20:06 . 2009-08-29 20:06 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-29 17:30 . 2009-08-29 17:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate

2009-08-29 17:30 . 2009-08-29 17:30 -------- d-----w- c:\windows\Hewlett-Packard

2009-08-29 11:46 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-29 11:46 . 2009-08-29 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-29 11:46 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-29 11:20 . 2009-08-29 11:20 244130 ----a-w- C:\Avenger.zip

2009-08-29 11:15 . 2009-08-29 11:15 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache

2009-08-28 23:18 . 2009-08-29 00:01 -------- d-s---w- C:\Something

2009-08-28 22:55 . 2009-08-28 23:00 574 ----a-w- C:\cleanup.bat

2009-08-28 22:55 . 2009-08-28 23:00 135168 ----a-w- C:\zip.exe

2009-08-26 23:51 . 2009-08-28 23:08 -------- d--h--w- c:\windows\PIF

2009-08-26 22:33 . 2009-08-29 13:39 -------- d-----w- C:\rsit

2009-08-22 17:14 . 2009-08-22 17:14 -------- d-----w- c:\program files\Trend Micro

2009-08-15 14:47 . 2006-04-05 23:38 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe

2009-08-15 14:40 . 2009-08-15 14:40 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-08-15 13:59 . 2009-08-15 14:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

2009-08-15 00:50 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-08-13 00:59 . 2009-08-13 00:59 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-08-13 00:58 . 2009-08-13 00:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-08-13 00:30 . 2009-08-13 00:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Netscape

2009-08-12 21:25 . 2009-08-31 10:55 -------- d-----w- c:\program files\Windows Defender

2009-08-12 21:23 . 2009-08-12 21:23 5154304 ----a-w- c:\program files\WindowsDefender.msi

2009-08-12 10:07 . 2009-08-31 10:55 -------- d-sh--w- c:\windows\Installer

2009-08-06 07:05 . 2009-08-06 07:05 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-06 07:05 . 2009-08-06 07:05 -------- d-----w- c:\program files\MSBuild

2009-08-06 07:05 . 2009-08-06 07:05 -------- d-----w- c:\program files\Reference Assemblies

2009-08-06 07:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-06 07:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-06 07:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-06 07:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-06 07:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-06 07:04 . 2009-08-06 07:04 -------- d-----w- C:\821b3653477c13d951269d

2009-08-06 07:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-06 07:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-06 07:04 . 2009-08-11 19:09 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-31 01:13 . 2007-01-13 21:46 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-30 16:32 . 2006-12-13 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-08-29 20:07 . 2006-08-19 21:13 -------- d-----w- c:\program files\Java

2009-08-29 19:30 . 2007-07-24 19:58 95616 ----a-w- c:\windows\junction.exe

2009-08-29 11:28 . 2008-11-29 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-22 17:11 . 2006-12-28 15:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3

2009-08-12 10:18 . 2008-11-29 13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-

2009-08-06 07:18 . 2006-08-19 21:42 55088 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-05 09:01 . 2004-08-09 21:00 204800 ------w- c:\windows\system32\mswebdvd.dll

2009-07-31 02:39 . 2006-12-20 02:47 -------- d-----w- c:\program files\DVD Decrypter

2009-07-27 01:55 . 2009-07-26 19:32 116838 ----a-w- c:\windows\hpqins00.dat

2009-07-26 22:34 . 2008-07-12 02:38 -------- d-----w- c:\program files\Safari

2009-07-26 22:32 . 2009-07-26 22:32 -------- d-----w- c:\program files\iTunes

2009-07-26 22:32 . 2009-07-26 22:32 -------- d-----w- c:\program files\iPod

2009-07-26 22:32 . 2007-10-20 12:51 -------- d-----w- c:\program files\Common Files\Apple

2009-07-26 22:28 . 2009-07-26 22:28 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

2009-07-25 09:23 . 2008-12-11 22:40 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 15:40 . 2007-09-30 17:35 -------- d-----w- c:\program files\TuxPaint

2009-07-14 03:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-07-05 07:00 . 2009-07-05 07:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-07-05 07:00 . 2009-07-05 07:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-07-03 17:09 . 2004-08-09 21:00 915456 ------w- c:\windows\system32\wininet.dll

2009-06-16 14:36 . 2004-08-09 21:00 81920 ------w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-09 21:00 119808 ------w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-09 21:00 80896 ------w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-10 04:00 76288 ------w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2004-08-09 21:00 84992 ------w- c:\windows\system32\avifil32.dll

2009-06-10 13:19 . 2004-08-09 21:00 2066432 ------w- c:\windows\system32\mstscax.dll

2009-06-10 06:14 . 2004-08-09 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2006-11-22 02:42 . 2006-11-22 02:42 251 ----a-w- c:\program files\wt3d.ini

2007-02-21 21:51 . 2007-08-22 16:16 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-02-21 21:51 . 2007-08-22 16:16 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-02-21 21:51 . 2007-08-22 16:16 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-02-21 21:51 . 2007-08-22 16:16 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-02-21 21:51 . 2007-08-22 16:16 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2006-11-04 17:29 . 2006-11-04 17:29 22 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-19 180269]

"BarbieGirlsTray"="c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-15 24576]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-13 16239616]

"PCDrProfiler"="" [bU]

"NWEReboot"="" [bU]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]

Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-8-19 36903]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 5:42 PM 156968]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-30 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-30 01:26]

2009-08-30 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-30 01:26]

2009-09-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-08-11 c:\windows\Tasks\User_Feed_Synchronization-{6958BBF8-D413-4978-AA6B-0841C88A6138}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKLM-Run-Google Quick Search Box - c:\program files\Google\Quick Search Box\qsb.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jfjtgfp5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-01 18:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1836)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\Common Files\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\dllhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\msiexec.exe

c:\hp\KBD\kbd.exe

.

**************************************************************************

.

Completion time: 2009-09-01 18:33 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-01 22:32

ComboFix2.txt 2009-08-29 00:01

Pre-Run: 6,017,908,736 bytes free

Post-Run: 6,100,631,552 bytes free

296 --- E O F --- 2009-09-01 09:53

Link to post
Share on other sites

Congratulations your logs look clean :(

Let's see if I can help you keep it that way

First lets tidy up

Uninstall Combofix

  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png

OTCleanup

Please download OTCleanup from HERE

Click the OTC.exe icon and then click the CleanUp button.

If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.

Let me know if there were any problems with OT CleanIt

You can also delete any logs we have produced and any other tools we have downloaded.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners

I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan

http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html

!!! Make sure that all your programs are updated !!!

Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

    [*] MalwareBytes Anti-malware <<< A New and effective program

    [*]a-squared Free <<< A good "realtime" or "on demand" scanner

    [*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition

    [*]SpywareBlaster 4.0

    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.

    [*]SpywareGuard 2.2

    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol

    [*]ZonedOut

    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.

    [*]MVPS HOSTS

    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.

      [*]Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential

    [*]Opera

    • Another popular alternative

    [*]Netscape

    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.
    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use

    [*]CCleaner

    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.

If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.

Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :)

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Link to post
Share on other sites

Hi - First, I want to thank you on behalf of our household in helping us. We really appreciate your time and help. I learned a lot as well and hope you and your team learned from my detriments that will end up allowing you to better help others.

I do have a few questions that I was hoping you could help with - please let me know if they are best handled via PM or if you don't have time to answer - I'm somewhat high maintenance as you can tell:

1) Can you instruct me on how to turn on Spybot - we turned it off in an earlier post --- and-- do you feel it is a good tool. Sometimes it is hard for me to understand whether or not to accept a registry change, so I always Deny them. It seems annoying at times, but I am guessing it is really trying to help. Should I try to uninstall and re-install or is there a script to run to turn it back on. If you had to pick one Prevention tool you listed above, which would you pick or find to be the most effective ??

2) Would a disk defrag help in trying to alleviate the super slowness start up the virus caused ??

3) My earlier MBAM question - in the Quarentine tab it lists the viruses it has quarentined -- should I Delete All or leave them and if leave them, is that risky ?? Not sure what the best course of action is and wanted to get your expert thoughts. It seems scary to me to leave them lurking.

4) Can you tell if I have an Recovery process on my machine from the logs that were run, and if not, is it something I should do (and how do I do it)?? Would that have been an option to fix this virus??

5) I ran OTCleanup but it did not get delete a lot of the desktop items that were downloaded as part of fixing my PC. Is it okay to delete all of the programs I have downloaded to my desktop as part of ridding the pc of the virus?? (Inherit, Win32KDiag (may want to keep incase I get another virus), SystemLookout, RSIT, Java, usbnorisk, Junction, etc..., these all remain)

6) Would you think McAfee would now be up to speed with preventing this virus ?

7) Is Windows Defender worth keeping - I did not notice it in your Best Practice recommendations ??

8) If there is something lurking, do I post a new issue and refer to this posting? Can I ask specifically for your help ??

9) Lastly, is there a way to save a copy of the post with Best Practices ??? Are these tools you recommend safe - someone in work thought some tools as such may actually have weaknesses that allow hackers to compromise and sneak viruses in? I told him he was wrong, correct?

Thank you so much Katina !!!!!

Link to post
Share on other sites

I do have a few questions that I was hoping you could help with - please let me know if they are best handled via PM or if you don't have time to answer - I'm somewhat high maintenance as you can tell:

Ask as many questions as you like, we actually like it that you show an interest in staying safe :)

1) Can you instruct me on how to turn on Spybot - we turned it off in an earlier post --- and-- do you feel it is a good tool. 
~
If you had to pick one Prevention tool you listed above, which would you pick or find to be the most effective ??

Both those questions can be answered at once ---- WinPatrol ... It does a similar job to Spybot Teatimer, but it gives far more options. (so there is no need to re-enable Spybot)

2) Would a disk defrag help in trying to alleviate the super slowness start up the virus caused ??

We are just investigating that, so I will be asking for another log shortly :)

3) My earlier MBAM question - in the Quarentine tab it lists the viruses it has quarentined -- should I Delete All or leave them and if leave them, is that risky ?? Not sure what the best course of action is and wanted to get your expert thoughts. It seems scary to me to leave them lurking.

They are perfectly safe in MBAM quarantine, but now that we are sure they aren't false positives you can Delete All.

4) Can you tell if I have an Recovery process on my machine from the logs that were run, and if not, is it something I should do (and how do I do it)?? Would that have been an option to fix this virus??

I'm not sure what you mean by this, do you mean Recovery Console, or a Recovery Partition ?

Combofix installed Recovery Console for you , there is more info on what that does HERE

Your logs won't show if you have a Recovery Partition, you would need to look at the documents for your machine.

5) I ran OTCleanup but it did not get delete a lot of the desktop items that were downloaded as part of fixing my PC. Is it okay to delete all of the programs I have downloaded to my desktop as part of ridding the pc of the virus?? (Inherit, Win32KDiag (may want to keep incase I get another virus), SystemLookout, RSIT, Java, usbnorisk, Junction, etc..., these all remain)

You can delete all the tools we downloaded, they will likely have been updated if you ever need them again.

6) Would you think McAfee would now be up to speed with preventing this virus ?

I have a very low opinion of McAfee, so I'll keep it to a simple unlikely.

7) Is Windows Defender worth keeping

Not really

8) A) If there is something lurking, do I post a new issue and refer to this posting?
B ) Can I ask specifically for your help ??

A) Yes

B ) Not really, no. All the helpers here are trained, so any help you get will be the same.

9)A) Lastly, is there a way to save a copy of the post with Best Practices ??? 
B ) Are these tools you recommend safe -
C) someone in work thought some tools as such may actually have weaknesses that allow hackers to compromise and sneak viruses in? I told him he was wrong, correct?

A) If you bookmark this page, you should be able come back to it any time you like.

B ) Yes

C) It's the first I've heard of it, which ones was he refering to ? .... You are correct.

Now, let's get a quick log from you to trouble shoot this slow down.

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.

Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off

SC QUERY state= all |findstr "DISPLAY_NAME STATE" >> C:\servicelook.txt

start notepad C:\servicelook.txt

del /q %0

exit

Double click on look.bat

It shouldn't take long

Notepad will open, please copy/paste the results here.

Link to post
Share on other sites

Hi - First, sorry for mispelling Katana in my lays post - my eyes are not as good as they used to be.

I just tried to do the HP Update (my PC is an HP), and I got the message I got a while back in post 52:

"So, in trying to install automatic updates, such as an HP fix, I get an error that states "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'HP Update.msi' in the box below. Use Source: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pft21F.tmp\"

Clicking OK to the message I get" "The path C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pft21F.tmp\HP Update.msi' cannot be found. Verify that you have access to this location and try again, or to try to find the package 'HP Update.msi' in a folder from which you can install the product HP Update.'

Canelling out I get: Error 1714. The older version of HP Update cannot be removed. Contact your technical support group."

Windows Installer keeps popping up trying to install it.

I am wondering if the HP Update got compomised when the virus hit and it has impacted the file(s) used in this process ??

Is there a way to get this fixed ??

Link to post
Share on other sites

Hi - we posted at the same time. Here is the results of the new look.bat file:

DISPLAY_NAME: Alerter

STATE : 1 STOPPED

DISPLAY_NAME: Application Layer Gateway Service

STATE : 4 RUNNING

DISPLAY_NAME: Apple Mobile Device

STATE : 4 RUNNING

DISPLAY_NAME: Application Management

STATE : 1 STOPPED

DISPLAY_NAME: ASP.NET State Service

STATE : 1 STOPPED

DISPLAY_NAME: Windows Audio

STATE : 4 RUNNING

DISPLAY_NAME: Background Intelligent Transfer Service

STATE : 4 RUNNING

DISPLAY_NAME: Bonjour Service

STATE : 4 RUNNING

DISPLAY_NAME: Computer Browser

STATE : 4 RUNNING

DISPLAY_NAME: Canon Camera Access Library 8

STATE : 4 RUNNING

DISPLAY_NAME: Indexing Service

STATE : 1 STOPPED

DISPLAY_NAME: ClipBook

STATE : 1 STOPPED

DISPLAY_NAME: .NET Runtime Optimization Service v2.0.50727_X86

STATE : 1 STOPPED

DISPLAY_NAME: COM+ System Application

STATE : 4 RUNNING

DISPLAY_NAME: CryptSvc

STATE : 4 RUNNING

DISPLAY_NAME: DCOM Server Process Launcher

STATE : 4 RUNNING

DISPLAY_NAME: DHCP Client

STATE : 4 RUNNING

DISPLAY_NAME: Logical Disk Manager Administrative Service

STATE : 1 STOPPED

DISPLAY_NAME: Logical Disk Manager

STATE : 4 RUNNING

DISPLAY_NAME: DNS Client

STATE : 4 RUNNING

DISPLAY_NAME: Wired AutoConfig

STATE : 1 STOPPED

DISPLAY_NAME: Extensible Authentication Protocol Service

STATE : 1 STOPPED

DISPLAY_NAME: Media Center Receiver Service

STATE : 4 RUNNING

DISPLAY_NAME: Media Center Scheduler Service

STATE : 4 RUNNING

DISPLAY_NAME: Intel® Quick Resume technology

STATE : 4 RUNNING

DISPLAY_NAME: Error Reporting Service

STATE : 4 RUNNING

DISPLAY_NAME: Event Log

STATE : 4 RUNNING

DISPLAY_NAME: COM+ Event System

STATE : 4 RUNNING

DISPLAY_NAME: Fast User Switching Compatibility

STATE : 4 RUNNING

DISPLAY_NAME: Fax

STATE : 1 STOPPED

DISPLAY_NAME: Windows Presentation Foundation Font Cache 3.0.0.0

STATE : 1 STOPPED

DISPLAY_NAME: Seagate Service

STATE : 4 RUNNING

DISPLAY_NAME: Google Software Updater

STATE : 1 STOPPED

DISPLAY_NAME: Help and Support

STATE : 4 RUNNING

DISPLAY_NAME: HID Input Service

STATE : 4 RUNNING

DISPLAY_NAME: Health Key and Certificate Management Service

STATE : 1 STOPPED

DISPLAY_NAME: hpqcxs08

STATE : 4 RUNNING

DISPLAY_NAME: HP CUE DeviceDiscovery Service

STATE : 4 RUNNING

DISPLAY_NAME: HP Network Devices Support

STATE : 4 RUNNING

DISPLAY_NAME: HTTP SSL

STATE : 4 RUNNING

DISPLAY_NAME: Intel® Matrix Storage Event Monitor

STATE : 4 RUNNING

DISPLAY_NAME: InstallDriver Table Manager

STATE : 1 STOPPED

DISPLAY_NAME: Windows CardSpace

STATE : 1 STOPPED

DISPLAY_NAME: IMAPI CD-Burning COM Service

STATE : 1 STOPPED

DISPLAY_NAME: Intuit Update Service

STATE : 4 RUNNING

DISPLAY_NAME: iPod Service

STATE : 4 RUNNING

DISPLAY_NAME: Java Quick Starter

STATE : 4 RUNNING

DISPLAY_NAME: Server

STATE : 4 RUNNING

DISPLAY_NAME: Workstation

STATE : 4 RUNNING

DISPLAY_NAME: LightScribeService Direct Disc Labeling Service

STATE : 4 RUNNING

DISPLAY_NAME: TCP/IP NetBIOS Helper

STATE : 4 RUNNING

DISPLAY_NAME: MBackMonitor

STATE : 1 STOPPED

DISPLAY_NAME: McAfee Services

STATE : 4 RUNNING

DISPLAY_NAME: McAfee Network Agent

STATE : 4 RUNNING

DISPLAY_NAME: McAfee Scanner

STATE : 1 STOPPED

DISPLAY_NAME: McAfee Proxy Service

STATE : 4 RUNNING

DISPLAY_NAME: Media Center Extender Service

STATE : 4 RUNNING

DISPLAY_NAME: McAfee Real-time Scanner

STATE : 4 RUNNING

DISPLAY_NAME: McAfee SystemGuards

STATE : 4 RUNNING

DISPLAY_NAME: Messenger

STATE : 1 STOPPED

DISPLAY_NAME: MHN

STATE : 1 STOPPED

DISPLAY_NAME: NetMeeting Remote Desktop Sharing

STATE : 1 STOPPED

DISPLAY_NAME: McAfee Personal Firewall Service

STATE : 4 RUNNING

DISPLAY_NAME: Windows Installer

STATE : 4 RUNNING

DISPLAY_NAME: Network Access Protection Agent

STATE : 1 STOPPED

DISPLAY_NAME: NBService

STATE : 1 STOPPED

DISPLAY_NAME: Net Driver HPZ12

STATE : 4 RUNNING

DISPLAY_NAME: Network DDE

STATE : 1 STOPPED

DISPLAY_NAME: Network DDE DSDM

STATE : 1 STOPPED

DISPLAY_NAME: Net Logon

STATE : 1 STOPPED

DISPLAY_NAME: Network Connections

STATE : 4 RUNNING

DISPLAY_NAME: Net.Tcp Port Sharing Service

STATE : 1 STOPPED

DISPLAY_NAME: Network Location Awareness (NLA)

STATE : 4 RUNNING

DISPLAY_NAME: NT LM Security Support Provider

STATE : 1 STOPPED

DISPLAY_NAME: Removable Storage

STATE : 1 STOPPED

DISPLAY_NAME: Plug and Play

STATE : 4 RUNNING

DISPLAY_NAME: Pml Driver HPZ12

STATE : 4 RUNNING

DISPLAY_NAME: IPSEC Services

STATE : 4 RUNNING

DISPLAY_NAME: Protected Storage

STATE : 4 RUNNING

DISPLAY_NAME: Remote Access Auto Connection Manager

STATE : 1 STOPPED

DISPLAY_NAME: Remote Access Connection Manager

STATE : 4 RUNNING

DISPLAY_NAME: Remote Desktop Help Session Manager

STATE : 1 STOPPED

DISPLAY_NAME: Routing and Remote Access

STATE : 1 STOPPED

DISPLAY_NAME: Remote Registry

STATE : 4 RUNNING

DISPLAY_NAME: Remote Procedure Call (RPC) Locator

STATE : 1 STOPPED

DISPLAY_NAME: Remote Procedure Call (RPC)

STATE : 4 RUNNING

DISPLAY_NAME: QoS RSVP

STATE : 1 STOPPED

DISPLAY_NAME: Security Accounts Manager

STATE : 4 RUNNING

DISPLAY_NAME: Smart Card

STATE : 1 STOPPED

DISPLAY_NAME: Task Scheduler

STATE : 1 STOPPED

DISPLAY_NAME: Secondary Logon

STATE : 4 RUNNING

DISPLAY_NAME: System Event Notification

STATE : 4 RUNNING

DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)

STATE : 4 RUNNING

DISPLAY_NAME: Shell Hardware Detection

STATE : 4 RUNNING

DISPLAY_NAME: Print Spooler

STATE : 4 RUNNING

DISPLAY_NAME: System Restore Service

STATE : 4 RUNNING

DISPLAY_NAME: SSDP Discovery Service

STATE : 4 RUNNING

DISPLAY_NAME: Windows Image Acquisition (WIA)

STATE : 4 RUNNING

DISPLAY_NAME: MS Software Shadow Copy Provider

STATE : 1 STOPPED

DISPLAY_NAME: Performance Logs and Alerts

STATE : 1 STOPPED

DISPLAY_NAME: Telephony

STATE : 4 RUNNING

DISPLAY_NAME: Terminal Services

STATE : 4 RUNNING

DISPLAY_NAME: Themes

STATE : 4 RUNNING

DISPLAY_NAME: Telnet

STATE : 1 STOPPED

DISPLAY_NAME: TomTomHOMEService

STATE : 4 RUNNING

DISPLAY_NAME: Distributed Link Tracking Client

STATE : 4 RUNNING

DISPLAY_NAME: Universal Plug and Play Device Host

STATE : 1 STOPPED

DISPLAY_NAME: Uninterruptible Power Supply

STATE : 1 STOPPED

DISPLAY_NAME: Volume Shadow Copy

STATE : 1 STOPPED

DISPLAY_NAME: Windows Time

STATE : 4 RUNNING

DISPLAY_NAME: WebClient

STATE : 4 RUNNING

DISPLAY_NAME: Windows Defender

STATE : 4 RUNNING

DISPLAY_NAME: Windows Management Instrumentation

STATE : 4 RUNNING

DISPLAY_NAME: Portable Media Serial Number Service

STATE : 1 STOPPED

DISPLAY_NAME: Windows Management Instrumentation Driver Extensions

STATE : 1 STOPPED

DISPLAY_NAME: WMI Performance Adapter

STATE : 1 STOPPED

DISPLAY_NAME: Windows Media Player Network Sharing Service

STATE : 1 STOPPED

DISPLAY_NAME: Security Center

STATE : 4 RUNNING

DISPLAY_NAME: Automatic Updates

STATE : 4 RUNNING

DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework

STATE : 1 STOPPED

DISPLAY_NAME: Wireless Zero Configuration

STATE : 4 RUNNING

DISPLAY_NAME: Network Provisioning Service

STATE : 1 STOPPED

Link to post
Share on other sites

Please download RegQuery by Noviciate to your desktop

  • Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]

    [*]Double click RegQuery.exe to run the program

    [*]Paste the text you have copied using CRTL and V, into the textbox

    [*]Click the Query button

    [*]A Notepad file will open. Please paste the contents in your next reply

    [*]You may now close the RegQuery program

Link to post
Share on other sites

Hi - Here is the output of ReqQuery :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]

"Type"=dword:00000020

"Start"=dword:00000002

"ErrorControl"=dword:00000001

"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

"DisplayName"="DHCP Client"

"Group"="TDI"

"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,41,00,66,00,64,00,\

00,00,4e,00,65,00,74,00,42,00,54,00,00,00

"DependOnGroup"=hex(7):00,00

"ObjectName"="LocalSystem"

"Description"="Manages network configuration by registering and updating IP addresses and DNS names."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations]

"Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\

00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\

00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Linkage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Linkage\Disabled]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters]

"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\

00

"{892900FC-9814-4488-99C0-81491C1EE93D}"=hex:2e,00,00,00,00,00,00,00,01,00,00,\

00,00,00,00,00,ac,03,29,43,08,00,00,00,2c,00,00,00,00,00,00,00,10,00,00,00,\

00,00,00,00,ac,03,29,43,10,5c,03,f6,10,5c,03,f7,10,51,03,f7,10,72,03,f7,06,\

00,00,00,00,00,00,00,10,00,00,00,00,00,00,00,ac,03,29,43,10,5c,03,f2,10,5c,\

03,f3,10,51,03,f3,10,76,03,f3,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\

00,ac,03,29,43,0f,0e,38,01,0f,00,00,00,00,00,00,00,15,00,00,00,00,00,00,00,\

ac,03,29,43,61,6d,65,72,69,63,61,73,2e,68,70,71,63,6f,72,70,2e,6e,65,74,00,\

00,00,00,51,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,ac,03,29,43,00,ff,\

ff,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,ff,ff,f8,\

00,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,10,5c,03,fa,\

33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,00,13,c6,80,3b,\

00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,00,11,4d,b0,3a,00,\

00,00,00,00,00,00,04,00,00,00,00,00,00,00,ac,03,29,43,00,09,e3,40,35,00,00,\

00,00,00,00,00,01,00,00,00,00,00,00,00,ac,03,29,43,05,00,00,00,fc,00,00,00,\

00,00,00,00,18,00,00,00,00,00,00,00,d5,fe,28,43,68,74,74,70,3a,2f,2f,61,75,\

74,6f,63,61,63,68,65,2e,68,70,2e,63,6f,6d,00

"{3E2D1254-0094-4F99-90EE-FD4C040318AE}"=hex:51,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,40,8d,e7,44,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

40,8d,e7,44,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,40,8d,e7,44,33,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,40,8d,e7,44,3b,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,40,8d,e7,44,3a,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,40,8d,e7,44,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

40,8d,e7,44

"{2E9571C2-11F2-43D7-983F-E250429226C4}"=hex:33,00,00,00,00,00,00,00,04,00,00,\

00,00,00,00,00,59,0f,56,46,00,00,00,14,01,00,00,00,00,00,00,00,04,00,00,00,\

00,00,00,00,59,0f,56,46,ff,ff,ff,00,36,00,00,00,00,00,00,00,04,00,00,00,00,\

00,00,00,59,0f,56,46,c0,a8,64,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,\

00,00,59,0f,56,46,05,00,00,00

"{AAF9F080-AD34-4B06-AECA-83AA222E97F2}"=hex:1f,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,ba,02,d9,47,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

ba,02,d9,47,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ba,02,d9,47,0f,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ba,02,d9,47,01,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,ba,02,d9,47,33,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,ba,02,d9,47,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

ba,02,d9,47,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ba,02,d9,47

"{A6261C93-1E00-4AE4-A23B-0311F47ED5D3}"=hex:0f,00,00,00,00,00,00,00,14,00,00,\

00,00,00,00,00,bb,59,a0,4a,68,73,64,31,2e,70,61,2e,63,6f,6d,63,61,73,74,2e,\

6e,65,74,2e,06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,bb,59,a0,4a,44,\

57,40,96,44,57,4b,c6,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,bb,59,\

a0,4a,c0,a8,01,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,bb,59,a0,\

4a,ff,ff,ff,00,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,bb,59,a0,4a,\

c0,a8,01,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,bb,59,a0,4a,05,\

00,00,00,fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,3b,09,9f,4a,33,00,\

00,00,00,00,00,00,04,00,00,00,00,00,00,00,bb,59,a0,4a,00,01,51,80

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\1]

"KeyType"=dword:00000007

"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\

00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\

65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\

00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\

65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\

00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,\

65,00,74,00,4d,00,61,00,73,00,6b,00,4f,00,70,00,74,00,00,00,53,00,59,00,53,\

00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,\

6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,\

00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,61,00,\

6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,\

00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,65,00,74,00,4d,00,61,00,\

73,00,6b,00,4f,00,70,00,74,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15]

"KeyType"=dword:00000001

"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\

00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\

65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\

00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\

65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\

00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,\

69,00,6e,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\

00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\

65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\

00,63,00,70,00,49,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\

65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,69,\

00,6e,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\220]

"KeyType"=dword:00000003

"VendorType"=dword:00000001

"RegSendLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,\

72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,\

00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,\

54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,\

00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,\

65,00,73,00,5c,00,3f,00,5c,00,53,00,6f,00,48,00,52,00,65,00,71,00,75,00,65,\

00,73,00,74,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\3]

"KeyType"=dword:00000007

"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\

00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\

65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\

00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\

65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\

00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,\

75,00,6c,00,74,00,47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,53,00,59,\

00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\

43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,\

00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,\

61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,\

00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,\

47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\44]

"KeyType"=dword:00000001

"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\

00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\

65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\

00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\

65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\

00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\

63,00,70,00,4e,00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,4c,\

00,69,00,73,00,74,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,\

75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,\

00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,\

5c,00,4e,00,65,00,74,00,42,00,54,00,5c,00,41,00,64,00,61,00,70,00,74,00,65,\

00,72,00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,\

65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\46]

"KeyType"=dword:00000004

"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpNodeType"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\47]

"KeyType"=dword:00000001

"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpScopeID"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\6]

"KeyType"=dword:00000001

"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\

00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\

65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\

00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\

65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\

00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,65,00,\

53,00,65,00,72,00,76,00,65,00,72,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,\

00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,\

72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,\

00,65,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,\

61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,4e,\

00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\DhcpNetbiosOptions]

"KeyType"=dword:00000004

"OptionId"=dword:00000001

"VendorType"=dword:00000001

"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\

00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\

65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\

00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\

65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\

00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\

63,00,70,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,4f,00,70,00,74,00,69,\

00,6f,00,6e,00,73,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\

05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\

2c,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\

02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\

00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Enum]

"0"="Root\\LEGACY_DHCP\\0000"

"Count"=dword:00000001

"NextInstance"=dword:00000001

================================

Link to post
Share on other sites

Backup the Registry

  • Download ERUNT to your desktop
  • Double-click on the file to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt
  • Accept the defaults for running a backup
  • Erunt will then backup your registry

Create A Registry File

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.

Save it as "All Files" and name it Regfix.reg Please save it on your desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]

"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,41,00,66,00,64,00,\

00,00,4e,00,65,00,74,00,42,00,54,00,00,00,00,00

Make sure there are NO blank lines before Windows Registry Editor Version 5.00 and ONE blank line at the end/bottom

Double click on Regfix.reg and click Yes at the prompt

Reboot your machine.

Let me know if the boot time has got better.

Link to post
Share on other sites

Hi - Yes, this has helped. The desktop loads a lot quicker. The hard drive still sounds like it could use a defragging though, so I may do that later, but yest the start up performance has gotten better.

When you mentioned you thought Windows Defender is not worth keeping, is that because MBAM and WinPatrol provide better scanning/protection?

I still get the Windows Installer poping up looking to install an HP update every now and then.

Thanks.

Link to post
Share on other sites

Hi - It took me sometime to do some research on removing the installer prompt but I think I have figured it out. It was actually related to My Sonic which came with the PC and I have never used. So that seems good now.

One thing I noticed though is that when I go into Control Pannel and choose "Add and Remove Programs", I don't see a Remove button for hardly any of the programs. I had thought there was a Remove button for everything...am I mistaken, or was that ability compromised somehow - ability to delete programs via the Remove button in the Add and Remove Programs menu? Or aren't there Remove buttons for most everything ??

Link to post
Share on other sites

When you mentioned you thought Windows Defender is not worth keeping, is that because MBAM and WinPatrol provide better scanning/protection?

Correct :P

Or aren't there Remove buttons for most everything ??

It depends on the programs, quite often the uninstall link is now in Start >> All Programs >> *Program Name*

Are there any other problems ?

Link to post
Share on other sites

Hi - in regards to the no Remove buttons, I could swear that is the way I removed Windows Defender when I initially removed it before reinstalling it. I had wanted to remove it (based on the fact that I'd use MBAM and WinPatrol), but do not see that option in Control Mgr or in the Start>All Programs>Windows Defender. Besides this, I have not run into any other problems.

Again, I greatly appreciate your time and help with this!!!!

Link to post
Share on other sites

Hi - two hopefully last few things that I was hoping you could help with:

1) My clock never seemed to get adjusted back to how it was...so for example 3:00 PM EST shows as 15:00. I right clicked on the clock, tried Adjust Date/Time but everthing looks proper there, but when I try to sych to internet time (the time displayed is correct, just in a different format) it cannot synch. Not sure how to get it back to the 3:00 PM format

2) In doing a Microsoft Windows Update I get an error updating or accessing Software Update Microsoft .NET Framework. Any thoughts on that?

Thanks again !!!

Link to post
Share on other sites

1) try this

Control Panel >> Regional and Language Options >> Customize >> Time>> Time Format >> select the format you want

Awesome -that worked fine. Thanks !!!

2) you will need to aske on a tech forum about that.

Will do. Things are working well. I feel you can close this case. Thanks again for all of your time, patience, and help!!!!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.