Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


McAfee Firewall off, reports on to Windows

  • Please log in to reply
1 reply to this topic

#1 jebinpa


  • Members
  • 1 posts
  • Gender:Male
  • Location:Ohio
  • Local time:04:59 PM

Posted 17 July 2013 - 11:40 PM

Windows XP, McAfee firewall is off, but shows on on McAfee security Center and Windows Security.  Also take forever to load MSN.com, other item in uTorrent icon in system tray is "blank", but can be hovered.


I have been reading multiple threads from different sites on this subject, seems to be widespread and different causes.


Attempted to use recommendations on McAfee support site and ran McAfee Virtual Technician, which found nothing.


Initially ran Tuneup Utilities 2013 to clean up system.

Then ran rkill in safe mode and followed up with Malware Anti-Malware which removed 50 items.


Ran rkill again in normal mode, attaching log.


Currently running Maleware Anti-Rootkit, which is taking forever.


If I jumped the gun, I apoligize, but your forums were down on the list.


Rkill 2.5.5 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:

Program started at: 07/17/2013 11:31:12 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\windows\system\hpsysdrv.exe (PID: 1752) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:       localhost

Program finished at: 07/17/2013 11:33:26 PM
Execution time: 0 hours(s), 2 minute(s), and 14 seconds(s)


Also I keep getting pop-ups to update Flash player, which I believe was the intial culprit



Edited by jebinpa, 18 July 2013 - 03:28 PM.

BC AdBot (Login to Remove)


#2 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:06:59 AM

Posted 20 July 2013 - 12:35 AM

< < Also I keep getting pop-ups to update Flash player, which I believe was the intial culprit > >
There is a current minor update to this program, and if you do not want to do it via the notice, go via Adobe site


Uninstall uTorrent as this can always be a major problem -

Where was TuneUp Utilities 2013 | Speed Up and Optimize Your PC installed from ? < Remove it and any other Registry Cleaner / Speed Up My PC program(s), as they cause more problems than they ever fix ! !


From your Rkill scan -
hpsysdrv.exe : This is a valid program, but it is up to you whether or not you want it to run on startup. (HP Printer usually)
Non-system processes like hpsysdrv.exe originate from software you installed on your system. Since most applications store data in your system's registry, it is likely that your registry has suffered fragmentation and accumulated invalid entries which can affect your PC's performance.

This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users