Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP Home sp3; Dell I9200; Process "System" in overdrive


  • Please log in to reply
20 replies to this topic

#1 shley

shley

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 03 August 2013 - 09:56 PM

Hello

A while ago I posted in another thread an issue I was having with this Dell Inspiron 9200 laptop running XP Home edition. At that time I had not had all the updates from MS and now I do.

What I'm experiencing is a slow computer. First, it isn't always noticable. When it is noticiable and at its worse, the mouse actually freezes. When it isn't noticable and I use, for example, Process Explorer I can see the the process "System" taking 75-100% of resources when, in fact, that should be under the "System Idle Process". This happens regardless of what application is running.

I have Comodo and it is up-to-date. I have MS Essentials and it is also up-to-date. I run scans with Comodo often. One scan recently came back after 6 hours of scanning and indicated an abnormalty with the msconfig settings which it fixed (I really hate it when it won't tell you what exactly it is fixing).

I also have SUPERAntispyware and SpyBot (e.g., SD-Resident) I recently installed. I run both every other day. I also have a registry cleaner, too, which seems to help a lot with the slow problem at least for a minute.

I've also ran an App Corruption tool inside my registry cleaner and all apps are fine.

I am stumped as to what to check next. The other strange thing that is happening is that upon Start Up and getting to the desktop I get the system warning icon in the lower right corner indicating my Firewall is down and to click the balloon to fix it. But when I do click it and the MS Security Center opens and I click on the Firewall option at the bottom of the screen, a window comes up and says I can't go there and make changes. But the firewall problem ALWAYS goes away, too, after a minute or so. And that happens whether I'm connected to the Internet or not.

Any suggestions as to what to check?

I have a Autorun report to show - there are a few strange entries in it that I don't fully understand. It is an Auto Run Data file (*.arn), if interested.

Thanks

'Shley


Remember: Every bit of information has two options; either it is or it os not. But in the present a bit has three options and within that framework man has free will. . .

Edited by shley, 03 August 2013 - 10:14 PM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:59 AM

Posted 04 August 2013 - 04:55 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
        
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
          
  • Please do not attach logs or use code boxes, just copy and paste the text.
        
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
          
  • Please read every post completely before doing anything.
           
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
          
  • Please provide feedback about your experience as we go.
           
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
          


NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.



:step2:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.



:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.



:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 04 August 2013 - 01:48 PM

Before I go to (2) I want to post the (1) results since there was no option for "Cure" (I chose "Skip" on all four instances).
Let me know if I should go to (2) next. |
Thank you.
Here is the  "TDSSKiller.2.8.18.0_04.08.2013_14.41.29_log.txt:  file:

14:41:29.0485 0688  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
14:41:29.0896 0688  ============================================================
14:41:29.0896 0688  Current date / time: 2013/08/04 14:41:29.0896
14:41:29.0896 0688  SystemInfo:
14:41:29.0896 0688 
14:41:29.0896 0688  OS Version: 5.1.2600 ServicePack: 3.0
14:41:29.0896 0688  Product type: Workstation
14:41:29.0896 0688  ComputerName: DELL-9200
14:41:29.0896 0688  UserName: Dell
14:41:29.0896 0688  Windows directory: C:\WINDOWS
14:41:29.0896 0688  System windows directory: C:\WINDOWS
14:41:29.0896 0688  Processor architecture: Intel x86
14:41:29.0896 0688  Number of processors: 1
14:41:29.0896 0688  Page size: 0x1000
14:41:29.0896 0688  Boot type: Normal boot
14:41:29.0896 0688  ============================================================
14:41:32.0950 0688  Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:41:32.0950 0688  ============================================================
14:41:32.0960 0688  \Device\Harddisk0\DR0:
14:41:32.0960 0688  MBR partitions:
14:41:32.0960 0688  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
14:41:32.0960 0688  ============================================================
14:41:32.0990 0688  C: <-> \Device\Harddisk0\DR0\Partition1
14:41:32.0990 0688  ============================================================
14:41:32.0990 0688  Initialize success
14:41:32.0990 0688  ============================================================
14:42:27.0959 1200  ============================================================
14:42:27.0959 1200  Scan started
14:42:27.0959 1200  Mode: Manual; SigCheck; TDLFS;
14:42:27.0959 1200  ============================================================
14:42:34.0048 1200  ================ Scan system memory ========================
14:42:34.0098 1200  System memory - ok
14:42:34.0108 1200  ================ Scan services =============================
14:42:34.0339 1200  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:42:35.0721 1200  !SASCORE - ok
14:42:35.0901 1200  Abiosdsk - ok
14:42:35.0911 1200  abp480n5 - ok
14:42:35.0971 1200  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:42:38.0875 1200  ACPI - ok
14:42:38.0975 1200  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:42:39.0516 1200  ACPIEC - ok
14:42:39.0516 1200  adpu160m - ok
14:42:39.0596 1200  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:42:40.0197 1200  aec - ok
14:42:40.0528 1200  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:42:40.0918 1200  AFD - ok
14:42:40.0958 1200  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:42:41.0429 1200  agp440 - ok
14:42:41.0439 1200  Aha154x - ok
14:42:41.0439 1200  aic78u2 - ok
14:42:41.0449 1200  aic78xx - ok
14:42:42.0420 1200  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:42:42.0911 1200  Alerter - ok
14:42:43.0231 1200  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:42:43.0602 1200  ALG - ok
14:42:43.0602 1200  AliIde - ok
14:42:43.0612 1200  amsint - ok
14:42:43.0702 1200  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:42:44.0603 1200  AppMgmt ( UnsignedFile.Multi.Generic ) - warning
14:42:44.0603 1200  AppMgmt - detected UnsignedFile.Multi.Generic (1)
14:42:44.0643 1200  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:42:45.0054 1200  Arp1394 - ok
14:42:45.0064 1200  asc - ok
14:42:45.0074 1200  asc3350p - ok
14:42:45.0084 1200  asc3550 - ok
14:42:45.0585 1200  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:42:46.0226 1200  aspnet_state - ok
14:42:46.0256 1200  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:42:46.0756 1200  AsyncMac - ok
14:42:46.0766 1200  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:42:47.0237 1200  atapi - ok
14:42:47.0237 1200  Atdisk - ok
14:42:47.0588 1200  [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:42:48.0679 1200  Ati HotKey Poller - ok
14:42:48.0799 1200  [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:42:50.0011 1200  ati2mtag - ok
14:42:50.0081 1200  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:42:50.0221 1200  Atmarpc - ok
14:42:50.0292 1200  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:42:50.0442 1200  AudioSrv - ok
14:42:50.0512 1200  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:42:50.0712 1200  audstub - ok
14:42:50.0742 1200  [ E727776A56A51B7E6B7C87C02EA8B405 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:42:50.0782 1200  bcm4sbxp - ok
14:42:50.0872 1200  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:42:51.0023 1200  Beep - ok
14:42:51.0103 1200  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:42:51.0553 1200  BITS - ok
14:42:51.0623 1200  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:42:51.0854 1200  Browser - ok
14:42:51.0874 1200  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:42:52.0014 1200  cbidf2k - ok
14:42:52.0014 1200  cd20xrnt - ok
14:42:52.0064 1200  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:42:52.0214 1200  Cdaudio - ok
14:42:52.0274 1200  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:42:52.0445 1200  Cdfs - ok
14:42:52.0505 1200  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:42:52.0655 1200  Cdrom - ok
14:42:52.0665 1200  Changer - ok
14:42:52.0675 1200  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:42:52.0835 1200  CiSvc - ok
14:42:52.0865 1200  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:42:52.0995 1200  ClipSrv - ok
14:42:53.0076 1200  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:53.0106 1200  clr_optimization_v2.0.50727_32 - ok
14:42:53.0176 1200  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:42:53.0236 1200  clr_optimization_v4.0.30319_32 - ok
14:42:53.0276 1200  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:42:53.0416 1200  CmBatt - ok
14:42:53.0797 1200  [ 3B854A0EEAFBFDF2C6430A43C360B91E ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
14:42:54.0147 1200  cmdAgent - ok
14:42:54.0167 1200  [ 5A3B2770EB1CF642986D7886C1C037EC ] cmderd          C:\WINDOWS\system32\DRIVERS\cmderd.sys
14:42:54.0367 1200  cmderd - ok
14:42:54.0427 1200  [ 69E1FFEB56856823B38ACDCB743E0F20 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
14:42:54.0968 1200  cmdGuard - ok
14:42:54.0978 1200  CmdIde - ok
14:42:54.0998 1200  [ 5FABA52953E40BDE1F2DBC35E549B63E ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
14:42:55.0018 1200  cmdvirth - ok
14:42:55.0038 1200  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:42:55.0209 1200  Compbatt - ok
14:42:55.0219 1200  COMSysApp - ok
14:42:55.0229 1200  Cpqarray - ok
14:42:55.0289 1200  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:42:55.0479 1200  CryptSvc - ok
14:42:55.0489 1200  dac2w2k - ok
14:42:55.0499 1200  dac960nt - ok
14:42:55.0569 1200  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:42:55.0729 1200  DcomLaunch - ok
14:42:55.0769 1200  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:42:56.0020 1200  Dhcp - ok
14:42:56.0030 1200  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:42:56.0270 1200  Disk - ok
14:42:56.0280 1200  dmadmin - ok
14:42:56.0340 1200  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:42:57.0372 1200  dmboot - ok
14:42:57.0702 1200  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:42:58.0313 1200  dmio - ok
14:42:58.0614 1200  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:42:59.0094 1200  dmload - ok
14:42:59.0375 1200  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:42:59.0925 1200  dmserver - ok
14:43:00.0236 1200  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:43:00.0717 1200  DMusic - ok
14:43:00.0777 1200  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:43:01.0117 1200  Dnscache - ok
14:43:01.0147 1200  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:43:24.0521 1200  Dot3svc - ok
14:43:24.0531 1200  dpti2o - ok
14:43:24.0581 1200  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:43:24.0801 1200  drmkaud - ok
14:43:24.0831 1200  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:43:25.0001 1200  EapHost - ok
14:43:25.0042 1200  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:43:25.0222 1200  ERSvc - ok
14:43:25.0252 1200  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
14:43:25.0472 1200  Eventlog - ok
14:43:25.0522 1200  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:43:25.0662 1200  EventSystem - ok
14:43:25.0712 1200  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:43:26.0203 1200  Fastfat - ok
14:43:26.0293 1200  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:43:26.0644 1200  FastUserSwitchingCompatibility - ok
14:43:26.0694 1200  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
14:43:27.0175 1200  Fdc - ok
14:43:27.0505 1200  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:43:28.0016 1200  Fips - ok
14:43:28.0046 1200  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:43:28.0877 1200  Flpydisk - ok
14:43:29.0238 1200  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:43:29.0688 1200  FltMgr - ok
14:43:29.0808 1200  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:43:29.0919 1200  FontCache3.0.0.0 - ok
14:43:29.0949 1200  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:43:30.0569 1200  Fs_Rec - ok
14:43:30.0600 1200  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:43:35.0527 1200  Ftdisk - ok
14:43:35.0657 1200  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:43:44.0950 1200  Gpc - ok
14:43:45.0231 1200  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:43:54.0384 1200  gupdate - ok
14:43:54.0554 1200  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:43:55.0045 1200  gupdatem - ok
14:43:55.0135 1200  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:43:55.0425 1200  helpsvc - ok
14:43:55.0435 1200  HidServ - ok
14:43:55.0485 1200  [ 52150B4AEC54956124B028D8830778C6 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
14:43:55.0515 1200  HitmanProScheduler - ok
14:43:55.0555 1200  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:43:55.0726 1200  hkmsvc - ok
14:43:55.0736 1200  hpn - ok
14:43:55.0816 1200  [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:43:55.0986 1200  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:43:55.0986 1200  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:43:56.0006 1200  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:43:56.0096 1200  HPZid412 - ok
14:43:56.0126 1200  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:43:56.0156 1200  HPZipr12 - ok
14:43:56.0176 1200  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:43:56.0216 1200  HPZius12 - ok
14:43:56.0276 1200  [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH        C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
14:43:56.0417 1200  HSFHWICH - ok
14:43:56.0477 1200  [ B2DFC168D6F7512FAEA085253C5A37AD ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:43:56.0777 1200  HSF_DP - ok
14:43:56.0867 1200  [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
14:43:57.0038 1200  HSF_DPV - ok
14:43:57.0098 1200  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:43:57.0168 1200  HTTP - ok
14:43:57.0208 1200  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:43:57.0368 1200  HTTPFilter - ok
14:43:57.0378 1200  i2omp - ok
14:43:57.0438 1200  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:43:57.0588 1200  i8042prt - ok
14:43:57.0688 1200  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:43:57.0819 1200  idsvc - ok
14:43:57.0829 1200  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:43:57.0989 1200  Imapi - ok
14:43:58.0059 1200  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:43:58.0219 1200  ImapiService - ok
14:43:58.0239 1200  ini910u - ok
14:43:58.0279 1200  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:43:58.0409 1200  IntelIde - ok
14:43:58.0480 1200  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:43:58.0620 1200  intelppm - ok
14:43:58.0650 1200  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:43:58.0820 1200  Ip6Fw - ok
14:43:58.0850 1200  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:43:58.0980 1200  IpFilterDriver - ok
14:43:58.0990 1200  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:43:59.0161 1200  IpInIp - ok
14:43:59.0201 1200  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:43:59.0371 1200  IpNat - ok
14:43:59.0421 1200  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:43:59.0601 1200  IPSec - ok
14:43:59.0641 1200  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:43:59.0721 1200  IRENUM - ok
14:43:59.0731 1200  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:43:59.0892 1200  isapnp - ok
14:44:00.0052 1200  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:44:00.0422 1200  JavaQuickStarterService - ok
14:44:00.0482 1200  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:44:00.0643 1200  Kbdclass - ok
14:44:00.0693 1200  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:44:00.0833 1200  kmixer - ok
14:44:00.0873 1200  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:44:00.0943 1200  KSecDD - ok
14:44:00.0993 1200  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:44:01.0183 1200  LanmanServer - ok
14:44:01.0244 1200  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:44:01.0304 1200  lanmanworkstation - ok
14:44:01.0314 1200  lbrtfdc - ok
14:44:01.0374 1200  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:44:01.0544 1200  LmHosts - ok
14:44:01.0614 1200  [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc          C:\Program Files\Microsoft Fix it Center\Matsvc.exe
14:44:01.0854 1200  MatSvc - ok
14:44:01.0905 1200  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:44:01.0985 1200  mdmxsdk - ok
14:44:02.0015 1200  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:44:02.0185 1200  Messenger - ok
14:44:02.0295 1200  Microsoft SharePoint Workspace Audit Service - ok
14:44:02.0335 1200  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:44:02.0495 1200  mnmdd - ok
14:44:02.0535 1200  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:44:02.0696 1200  mnmsrvc - ok
14:44:02.0746 1200  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:44:02.0886 1200  Modem - ok
14:44:02.0906 1200  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:44:03.0066 1200  Mouclass - ok
14:44:03.0116 1200  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:44:03.0297 1200  MountMgr - ok
14:44:03.0357 1200  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:44:03.0387 1200  MozillaMaintenance - ok
14:44:03.0437 1200  [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:44:03.0627 1200  MpFilter - ok
14:44:03.0797 1200  [ A69630D039C38018689190234F866D77 ] MpKsl5836975b   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C3CAC4E-AB36-4070-8405-9B0F9E279501}\MpKsl5836975b.sys
14:44:03.0817 1200  MpKsl5836975b - ok
14:44:03.0827 1200  mraid35x - ok
14:44:03.0847 1200  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:44:03.0998 1200  MRxDAV - ok
14:44:04.0068 1200  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:44:04.0148 1200  MRxSmb - ok
14:44:04.0248 1200  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:44:04.0438 1200  MSDTC - ok
14:44:04.0468 1200  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:44:04.0618 1200  Msfs - ok
14:44:04.0628 1200  MSIServer - ok
14:44:04.0668 1200  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:44:04.0809 1200  MSKSSRV - ok
14:44:04.0909 1200  [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:44:05.0099 1200  MsMpSvc - ok
14:44:05.0139 1200  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:44:05.0269 1200  MSPCLOCK - ok
14:44:05.0299 1200  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:44:05.0460 1200  MSPQM - ok
14:44:05.0510 1200  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:44:05.0650 1200  mssmbios - ok
14:44:05.0680 1200  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:44:05.0900 1200  Mup - ok
14:44:05.0930 1200  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:44:06.0101 1200  napagent - ok
14:44:06.0141 1200  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:44:06.0311 1200  NDIS - ok
14:44:06.0351 1200  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:44:06.0391 1200  NdisTapi - ok
14:44:06.0441 1200  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:44:06.0581 1200  Ndisuio - ok
14:44:06.0591 1200  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:44:06.0762 1200  NdisWan - ok
14:44:06.0792 1200  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:44:06.0972 1200  NDProxy - ok
14:44:07.0022 1200  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:44:07.0162 1200  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:44:07.0162 1200  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:44:07.0182 1200  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:44:07.0342 1200  NetBIOS - ok
14:44:07.0382 1200  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:44:07.0523 1200  NetBT - ok
14:44:07.0573 1200  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:44:07.0723 1200  NetDDE - ok
14:44:07.0733 1200  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:44:07.0873 1200  NetDDEdsdm - ok
14:44:07.0913 1200  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:44:08.0063 1200  Netlogon - ok
14:44:08.0133 1200  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
14:44:08.0314 1200  Netman - ok
14:44:08.0384 1200  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:44:08.0424 1200  NetTcpPortSharing - ok
14:44:08.0464 1200  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:44:08.0634 1200  NIC1394 - ok
14:44:08.0694 1200  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:44:08.0744 1200  Nla - ok
14:44:08.0774 1200  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:44:08.0935 1200  Npfs - ok
14:44:08.0995 1200  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:44:09.0165 1200  Ntfs - ok
14:44:09.0175 1200  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:44:09.0325 1200  NtLmSsp - ok
14:44:09.0375 1200  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:44:09.0606 1200  NtmsSvc - ok
14:44:09.0636 1200  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:44:09.0776 1200  Null - ok
14:44:09.0826 1200  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:44:09.0976 1200  NwlnkFlt - ok
14:44:09.0986 1200  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:44:10.0146 1200  NwlnkFwd - ok
14:44:10.0156 1200  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:44:10.0317 1200  ohci1394 - ok
14:44:10.0457 1200  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:44:10.0627 1200  ose - ok
14:44:10.0968 1200  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:44:11.0468 1200  osppsvc - ok
14:44:11.0498 1200  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
14:44:11.0669 1200  Parport - ok
14:44:11.0679 1200  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:44:11.0819 1200  PartMgr - ok
14:44:11.0859 1200  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:44:12.0009 1200  ParVdm - ok
14:44:12.0039 1200  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:44:12.0189 1200  PCI - ok
14:44:12.0199 1200  PCIDump - ok
14:44:12.0209 1200  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
14:44:12.0360 1200  PCIIde - ok
14:44:12.0380 1200  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:44:12.0540 1200  Pcmcia - ok
14:44:12.0550 1200  PDCOMP - ok
14:44:12.0560 1200  PDFRAME - ok
14:44:12.0570 1200  PDRELI - ok
14:44:12.0580 1200  PDRFRAME - ok
14:44:12.0590 1200  perc2 - ok
14:44:12.0600 1200  perc2hib - ok
14:44:12.0660 1200  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:44:12.0680 1200  PlugPlay - ok
14:44:12.0740 1200  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:44:12.0860 1200  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:44:12.0860 1200  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:44:12.0870 1200  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:44:13.0021 1200  PolicyAgent - ok
14:44:13.0041 1200  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:44:13.0211 1200  PptpMiniport - ok
14:44:13.0221 1200  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:44:13.0361 1200  ProtectedStorage - ok
14:44:13.0381 1200  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:44:13.0541 1200  PSched - ok
14:44:13.0551 1200  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:44:13.0701 1200  Ptilink - ok
14:44:13.0711 1200  ql1080 - ok
14:44:13.0722 1200  Ql10wnt - ok
14:44:13.0732 1200  ql12160 - ok
14:44:13.0742 1200  ql1240 - ok
14:44:13.0752 1200  ql1280 - ok
14:44:13.0762 1200  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:44:13.0902 1200  RasAcd - ok
14:44:13.0932 1200  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:44:14.0112 1200  RasAuto - ok
14:44:14.0152 1200  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:44:14.0332 1200  Rasl2tp - ok
14:44:14.0372 1200  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:44:14.0523 1200  RasMan - ok
14:44:14.0533 1200  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:44:14.0693 1200  RasPppoe - ok
14:44:14.0703 1200  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:44:14.0843 1200  Raspti - ok
14:44:14.0883 1200  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:44:15.0043 1200  Rdbss - ok
14:44:15.0103 1200  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:44:15.0244 1200  RDPCDD - ok
14:44:15.0294 1200  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:44:15.0494 1200  RDPWD - ok
14:44:15.0524 1200  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:44:15.0674 1200  RDSessMgr - ok
14:44:15.0724 1200  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:44:15.0895 1200  redbook - ok
14:44:15.0925 1200  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:44:16.0075 1200  RemoteAccess - ok
14:44:16.0115 1200  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:44:16.0255 1200  RpcLocator - ok
14:44:16.0305 1200  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:44:16.0345 1200  RpcSs - ok
14:44:16.0395 1200  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:44:16.0536 1200  RSVP - ok
14:44:16.0546 1200  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:44:16.0696 1200  SamSs - ok
14:44:16.0736 1200  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:44:16.0756 1200  SASDIFSV - ok
14:44:16.0786 1200  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:44:16.0806 1200  SASKUTIL - ok
14:44:16.0846 1200  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:44:17.0006 1200  SCardSvr - ok
14:44:17.0056 1200  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:44:17.0227 1200  Schedule - ok
14:44:17.0257 1200  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:44:17.0517 1200  sdbus - ok
14:44:17.0547 1200  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:44:17.0627 1200  Secdrv - ok
14:44:17.0677 1200  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:44:17.0827 1200  seclogon - ok
14:44:17.0837 1200  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
14:44:17.0998 1200  SENS - ok
14:44:18.0038 1200  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
14:44:18.0208 1200  Serial - ok
14:44:18.0278 1200  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:44:18.0438 1200  sffdisk - ok
14:44:18.0468 1200  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:44:18.0639 1200  sffp_sd - ok
14:44:18.0669 1200  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:44:18.0829 1200  Sfloppy - ok
14:44:18.0879 1200  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:44:19.0049 1200  SharedAccess - ok
14:44:19.0089 1200  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:44:19.0109 1200  ShellHWDetection - ok
14:44:19.0119 1200  Simbad - ok
14:44:19.0139 1200  Sparrow - ok
14:44:19.0189 1200  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:44:19.0330 1200  splitter - ok
14:44:19.0350 1200  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:44:19.0530 1200  Spooler - ok
14:44:19.0580 1200  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:44:19.0670 1200  sr - ok
14:44:19.0710 1200  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:44:19.0780 1200  srservice - ok
14:44:19.0860 1200  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:44:19.0950 1200  Srv - ok
14:44:19.0970 1200  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:44:20.0051 1200  SSDPSRV - ok
14:44:20.0121 1200  [ 305CC42945A713347F978D78566113F3 ] STAC97          C:\WINDOWS\system32\drivers\STAC97.sys
14:44:20.0211 1200  STAC97 - ok
14:44:20.0281 1200  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:44:20.0491 1200  stisvc - ok
14:44:20.0531 1200  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:44:20.0692 1200  swenum - ok
14:44:20.0732 1200  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:44:20.0892 1200  swmidi - ok
14:44:20.0912 1200  SwPrv - ok
14:44:20.0922 1200  symc810 - ok
14:44:20.0932 1200  symc8xx - ok
14:44:20.0942 1200  sym_hi - ok
14:44:20.0952 1200  sym_u3 - ok
14:44:20.0992 1200  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:44:21.0152 1200  sysaudio - ok
14:44:21.0192 1200  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:44:21.0342 1200  SysmonLog - ok
14:44:21.0383 1200  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:44:21.0543 1200  TapiSrv - ok
14:44:21.0603 1200  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:44:21.0663 1200  Tcpip - ok
14:44:21.0693 1200  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:44:21.0853 1200  TDPIPE - ok
14:44:21.0883 1200  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:44:22.0053 1200  TDTCP - ok
14:44:22.0104 1200  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:44:22.0614 1200  TermDD - ok
14:44:22.0664 1200  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
14:44:22.0805 1200  TermService - ok
14:44:22.0855 1200  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:44:22.0875 1200  Themes - ok
14:44:22.0895 1200  TosIde - ok
14:44:22.0935 1200  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:44:23.0105 1200  TrkWks - ok
14:44:23.0155 1200  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:44:23.0285 1200  Udfs - ok
14:44:23.0305 1200  ultra - ok
14:44:23.0375 1200  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:44:23.0576 1200  Update - ok
14:44:23.0616 1200  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:44:23.0706 1200  upnphost - ok
14:44:23.0726 1200  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
14:44:23.0866 1200  UPS - ok
14:44:23.0906 1200  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:44:24.0046 1200  usbccgp - ok
14:44:24.0076 1200  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:44:24.0247 1200  usbehci - ok
14:44:24.0257 1200  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:44:24.0407 1200  usbhub - ok
14:44:24.0417 1200  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:44:24.0587 1200  usbprint - ok
14:44:24.0627 1200  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:44:24.0787 1200  usbscan - ok
14:44:24.0827 1200  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:44:24.0978 1200  USBSTOR - ok
14:44:25.0038 1200  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:44:25.0198 1200  usbuhci - ok
14:44:25.0218 1200  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:44:25.0368 1200  VgaSave - ok
14:44:25.0378 1200  ViaIde - ok
14:44:25.0438 1200  [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53       C:\WINDOWS\system32\DRIVERS\vsflt53.sys
14:44:25.0639 1200  vidsflt53 - ok
14:44:25.0659 1200  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:44:25.0819 1200  VolSnap - ok
14:44:25.0859 1200  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:44:25.0969 1200  VSS - ok
14:44:26.0119 1200  [ D6006DE6A6ED423D8016A03BC50CBE6B ] w29n51          C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:44:26.0400 1200  w29n51 - ok
14:44:26.0470 1200  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:44:26.0630 1200  W32Time - ok
14:44:26.0680 1200  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:44:26.0830 1200  Wanarp - ok
14:44:26.0840 1200  WDICA - ok
14:44:26.0860 1200  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:44:27.0001 1200  wdmaud - ok
14:44:27.0021 1200  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:44:27.0351 1200  WebClient - ok
14:44:27.0461 1200  [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:44:27.0712 1200  winachsf - ok
14:44:27.0822 1200  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:44:27.0972 1200  winmgmt - ok
14:44:28.0072 1200  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
14:44:28.0292 1200  WinRM - ok
14:44:28.0343 1200  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:44:28.0443 1200  WmdmPmSN - ok
14:44:28.0493 1200  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:44:28.0653 1200  WmiApSrv - ok
14:44:28.0763 1200  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:44:29.0224 1200  WMPNetworkSvc - ok
14:44:29.0394 1200  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:44:29.0674 1200  WPFFontCache_v0400 - ok
14:44:29.0725 1200  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:44:29.0865 1200  WS2IFSL - ok
14:44:29.0925 1200  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:44:30.0105 1200  wscsvc - ok
14:44:30.0115 1200  WSearch - ok
14:44:30.0185 1200  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:44:30.0345 1200  wuauserv - ok
14:44:30.0395 1200  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:44:30.0536 1200  WudfPf - ok
14:44:30.0556 1200  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:44:30.0646 1200  WudfRd - ok
14:44:30.0676 1200  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:44:30.0726 1200  WudfSvc - ok
14:44:30.0786 1200  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:44:30.0936 1200  WZCSVC - ok
14:44:30.0966 1200  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:44:31.0197 1200  xmlprov - ok
14:44:31.0217 1200  ================ Scan global ===============================
14:44:31.0277 1200  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:44:31.0347 1200  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:44:31.0567 1200  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:44:31.0587 1200  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:44:31.0597 1200  [Global] - ok
14:44:31.0597 1200  ================ Scan MBR ==================================
14:44:31.0627 1200  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:44:31.0938 1200  \Device\Harddisk0\DR0 - ok
14:44:31.0938 1200  ================ Scan VBR ==================================
14:44:31.0938 1200  [ 38190B23EB5CCC42F936D142CB00952E ] \Device\Harddisk0\DR0\Partition1
14:44:31.0948 1200  \Device\Harddisk0\DR0\Partition1 - ok
14:44:31.0948 1200  ============================================================
14:44:31.0948 1200  Scan finished
14:44:31.0948 1200  ============================================================
14:44:32.0058 0336  Detected object count: 4
14:44:32.0058 0336  Actual detected object count: 4
14:45:15.0270 0336  AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:15.0270 0336  AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:15.0270 0336  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:15.0270 0336  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:15.0290 0336  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:15.0290 0336  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:15.0290 0336  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:15.0290 0336  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:59 AM

Posted 04 August 2013 - 01:54 PM

Hi. Please continue


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 04 August 2013 - 02:00 PM

'B' Report here and I'm moving to 'C':

# AdwCleaner v2.306 - Logfile created 08/04/2013 at 14:58:51
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dell - DELL-9200
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dell\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\prefs.js

Found : user_pref("extensions.mmsearch.mmsearch-freesearchengines", "4050f_vWeb Search Pro - Search Enginesf[...]
Found : user_pref("extensions.mmsearch.mmsearch-freesearchgroups", "businf_vBusinessf_vchrome://websearchpro[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1226 octets] - [28/07/2013 12:12:47]
AdwCleaner[R2].txt - [1226 octets] - [04/08/2013 14:58:51]
AdwCleaner[S1].txt - [1290 octets] - [28/07/2013 12:14:24]

########## EOF - C:\AdwCleaner[R2].txt - [1346 octets] ##########


Edited by shley, 04 August 2013 - 02:01 PM.


#6 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 04 August 2013 - 02:31 PM

'C' Report listed below (I really dislike Yahoo.com; not sure why that domain was picked to check?) and I'm moving on to 'D'. One note to state was that during Farbar the computer was slow to react - mouse froze several times. I needed to 'approve' a HIPS warning window from Comodo several times.
Report:
 

Farbar Service Scanner Version: 26-07-2013
Ran by Dell (administrator) on 04-08-2013 at 15:11:50
Running from "C:\Documents and Settings\Dell\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs: "%SystemRoot%\system32\svchost.exe -k rpcss".

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:59 AM

Posted 04 August 2013 - 02:48 PM

Hi

 

:step1:

 

We need start a service

  • Click the StartBtn.gif button.
  • Click Run.
  • In the search box type "services.msc" without the quotes, then press enter. A window named "Services" should open.
  • Click the on the header of the column "Name" until the small triangle has it's tip facing upwards (like: ^ )
  • Scroll down the names until you find the service named "RpcSs"
  • Right click on this, then click "Start"

 

:step2:

 

Rerun farbar service scanner, and post the new log in your next reply.

 

 

:step3:

 

How is the computer running now?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 04 August 2013 - 03:08 PM

Here is the report for 'D'. I am not so sure but I wish I had disabled Comodo completely before running 'C' and 'D'. I had a lot of Alerts and the weird thing is that an alert (HIPS Alert) would pop up stating the app wanted to access 'Notepad' but when I tried to Allow that the system just froze. Then all of a sudden that Alert would be replaced with another Alert stating something with more substance like the app needed to access a COM. The second alerts I was able to Allow but I'm not sure if everything went through or was allowed. How might this affect a report generation if components were blocked? I tried to see inside Comodo list's and I could take a screenshot and post two .jpg's OR do you think I should re-run 'C' and 'D' with Comodo turned off??

Also, I haven't chosen to fix anything in these app's, only report back to you.

I'll move on to what you posted above now.
Then I need to go volunteer for an org that supports homeless children but will check back later tonight...

Report 'D':
 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Dell (administrator) on 04-08-2013 at 15:38:23
Running from "C:\Documents and Settings\Dell\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : dell-9200

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : ZoomTown.com

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . : ZoomTown.com

        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

        Physical Address. . . . . . . . . : 00-11-43-6B-B2-58

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.200.23

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.200.1

        DHCP Server . . . . . . . . . . . : 192.168.200.1

        DNS Servers . . . . . . . . . . . : 192.168.200.1

        Lease Obtained. . . . . . . . . . : Sunday, August 04, 2013 1:07:45 PM

        Lease Expires . . . . . . . . . . : Monday, August 05, 2013 1:07:45 PM

 

Ethernet adapter Wireless Network Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

        Physical Address. . . . . . . . . : 00-0E-35-EA-DD-1E

Server:  dslrouter.ZoomTown.com
Address:  192.168.200.1

Name:    google.com
Addresses:  74.125.228.37, 74.125.228.32, 74.125.228.36, 74.125.228.34
   74.125.228.33, 74.125.228.38, 74.125.228.39, 74.125.228.40, 74.125.228.41
   74.125.228.35, 74.125.228.46

 

Pinging google.com [74.125.228.46] with 32 bytes of data:

 

Reply from 74.125.228.46: bytes=32 time=35ms TTL=56

Reply from 74.125.228.46: bytes=32 time=35ms TTL=56

 

Ping statistics for 74.125.228.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 35ms, Maximum = 35ms, Average = 35ms

Server:  dslrouter.ZoomTown.com
Address:  192.168.200.1

Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Reply from 98.138.253.109: bytes=32 time=98ms TTL=52

Reply from 98.138.253.109: bytes=32 time=92ms TTL=52

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 92ms, Maximum = 98ms, Average = 95ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 43 6b b2 58 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 0e 35 ea dd 1e ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.200.1  192.168.200.23   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
    192.168.200.0    255.255.255.0   192.168.200.23  192.168.200.23   20
   192.168.200.23  255.255.255.255        127.0.0.1       127.0.0.1   20
  192.168.200.255  255.255.255.255   192.168.200.23  192.168.200.23   20
        224.0.0.0        240.0.0.0   192.168.200.23  192.168.200.23   20
  255.255.255.255  255.255.255.255   192.168.200.23  192.168.200.23   1
  255.255.255.255  255.255.255.255   192.168.200.23               3   1
Default Gateway:     192.168.200.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/04/2013 01:08:53 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (08/04/2013 01:08:53 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (08/04/2013 01:08:53 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.   (0x80070490)

Error: (08/04/2013 01:08:36 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (08/04/2013 01:08:36 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 0x%08x (0xc0041800 - The content index cannot be read.  )

Error: (08/04/2013 01:08:36 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (08/04/2013 01:08:36 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 The content index cannot be read.   (0xc0041800)

Error: (08/04/2013 01:08:36 PM) (Source: ESENT) (User: )
Description: Windows (444) Windows: Error -1811 occurred while opening logfile C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS00FC0.log.

Error: (08/04/2013 01:13:40 AM) (Source: Application Error) (User: )
Description: Faulting application teatimer.exe, version 1.6.6.32, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [teatimer.exe!ws!]

Error: (08/04/2013 00:09:34 AM) (Source: Application Error) (User: )
Description: Fault bucket -993039781.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

System errors:
=============
Error: (08/04/2013 01:14:36 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (08/04/2013 01:13:13 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (08/04/2013 01:13:06 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (08/04/2013 01:08:59 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

Error: (08/04/2013 01:17:49 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (08/03/2013 09:31:40 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (08/03/2013 09:31:40 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (08/03/2013 06:40:52 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.200.54 for the Network Card with network address 000E35EADD1E has been
denied by the DHCP server 192.168.201.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/02/2013 03:29:32 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.155.1299.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.3.0215.00

 Source Path: 4.3.0215.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (08/02/2013 03:12:46 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.200.54 for the Network Card with network address 000E35EADD1E has been
denied by the DHCP server 192.168.201.1 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================
Error: (08/04/2013 01:08:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (08/04/2013 01:08:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (08/04/2013 01:08:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.   (0x80070490)
Search.TripoliIndexer

Error: (08/04/2013 01:08:36 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)
Search.JetPropStore

Error: (08/04/2013 01:08:36 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 0x%08x (0xc0041800 - The content index cannot be read.  )

Error: (08/04/2013 01:08:36 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (08/04/2013 01:08:36 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index cannot be read.   (0xc0041800)
JET_errMissingLogFile, Current log file missing??????ù???í?]???í???S?íA?í?]?????????????????????????????????????????????????????????????????????S??????????????????????????R????????????p????????????p?????????????????????????S?????P??????????????????P????????????í?O???¦?¥?í???í?í?S???£

Error: (08/04/2013 01:08:36 PM) (Source: ESENT)(User: )
Description: Windows444Windows: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS00FC0.log-1811

Error: (08/04/2013 01:13:40 AM) (Source: Application Error)(User: )
Description: teatimer.exe1.6.6.32kernel32.dll5.1.2600.629300012fd3

Error: (08/04/2013 00:09:34 AM) (Source: Application Error)(User: )
Description: -993039781

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_Help (Version: 1.00.0000)
7-Zip 9.20
Adobe AIR (Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
ATI Display Driver (Version: 8.162-050803a2-025875C-Dell)
Auslogics Disk Defrag (Version: 3.6)
AVG PC Tuneup (Version: 10.0.0.27)
AVS Audio Converter 7 (Version: 7.0.6.519)
AVS Audio Editor 7.1 (Version: 7.1.6.484)
AVS Audio Recorder version 4.0 (Version: 4.0.1.21)
AVS Cover Editor 2.0.1.3 (Version: 2.0.1.3)
AVS Disc Creator 5 (Version: 5.0.7.521)
AVS Document Converter 2.2.6 (Version: 2.2.6.220)
AVS DVD Copy 4.1.2.283 (Version: 4.1.2.283)
AVS Image Converter 2.3.3.249 (Version: 2.3.3.249)
AVS Media Player 4.1.11.100 (Version: 4.1.11.100)
AVS Photo Editor (Version: 2.0.9.129)
AVS Registry Cleaner 2.2.3.237 (Version: 2.2.3.237)
AVS Ringtone Maker version 1.6 (Version: 1.6.1.140)
AVS Video Converter 8 (Version: 8.3.3.535)
AVS Video Editor 6 (Version: 6.3.3.235)
AVS Video Recorder 2.5 (Version: 2.5.4.84)
AVS Video ReMaker 4.1.4.150 (Version: 4.1.4.150)
BPD_HPSU (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
calibre (Version: 0.9.41)
CCleaner (Version: 4.04)
COMODO Antivirus (Version: 6.2.23257.2860)
Conexant D110 MDC V.92 Modem
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell System Detect (Version: 5.0.2.57)
Dell System Detect Bootstrapper (Version: 1.1.0.15)
DocProc (Version: 11.0.0.0)
DocProcQFolder (Version: 1.00.0000)
EndNote X5 (Version: 15.0.1.5774)
Evernote v. 4.6.7 (Version: 4.6.7.8409)
Everything 1.2.1.371
Fax (Version: 100.0.187.000)
Folder Size 2.9.0.0 (Version: 2.9.0.0)
Google Chrome (Version: 28.0.1500.95)
Google Drive (Version: 1.10.4769.632)
Google Update Helper (Version: 1.3.21.153)
HitmanPro 3.7 (Version: 3.7.6.201)
HP Officejet J4500 Series (Version: 1.0)
J4500 (Version: 50.0.165.000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8117.416)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Dell (Version: 3.3.6280.92)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
OpenOffice 4.0.0 (Version: 4.00.9702)
Personal Ancestral File 5
ProductContext (Version: 50.0.165.000)
ResearchSoft Direct Export Helper
Scan (Version: 10.1.0.0)
SeaTools for Windows (Version: 1.2.0.7)
Segoe UI (Version: 14.0.4327.805)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 100.0.170.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
VLC media player 2.0.7 (Version: 2.0.7)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2047.23 MB
Available physical RAM: 1107.24 MB
Total Pagefile: 3433.59 MB
Available Pagefile: 2425.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.52 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.89 GB) (Free:31.43 GB) NTFS
2 Drive d: (MyDisc) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:3.69 GB) (Free:2.01 GB) FAT32

========================= Users: ========================================

User accounts for \\DELL-9200

Administrator            ASPNET                   Dell                    
Guest                    HelpAssistant            SUPPORT_388945a0        

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

31-07-2013 21:53:57 Removed Adobe Acrobat 9 Pro.
01-08-2013 01:55:09 Software Distribution Service 3.0
01-08-2013 02:43:12 Software Distribution Service 3.0
01-08-2013 03:06:03 Software Distribution Service 3.0
01-08-2013 04:01:36 Software Distribution Service 3.0
01-08-2013 05:19:49 Backup_2013_08_01
01-08-2013 15:39:58 Software Distribution Service 3.0
02-08-2013 00:02:55 Removed Acronis True Image
03-08-2013 17:09:59 Software Distribution Service 3.0
03-08-2013 18:12:38 Backup_2013_08_03
04-08-2013 17:19:41 Software Distribution Service 3.0

**** End of log ****



#9 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 04 August 2013 - 03:16 PM

I have no service called RpcSs.
All I have are these (text file delimited):


cSsName Description Status   Startup Type Log On As
.NET Runtime Optimization Service v2.0.50727_X86 Microsoft .NET Framework NGEN  Disabled Local System
Alerter Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.  Disabled Local Service
Application Layer Gateway Service Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Started Manual Local Service
Application Management Provides software installation services such as Assign, Publish, and Remove.  Manual Local System
ASP.NET State Service Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Network Service
Ati HotKey Poller  Started Automatic Local System
Automatic Updates Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Started Automatic Local System
BITS Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. Started Automatic Local System
ClipBook Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
COM+ Event System Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Started Manual Local System
COM+ System Application Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
COMODO Internet Security Helper Service COMODO Internet Security Helper Service Started Automatic Local System
COMODO Virtual Service Manager   Manual Local System
Computer Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.  Automatic Local System
CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
DCOM Server Process Launcher Provides launch functionality for DCOM services. Started Automatic Local System
DHCP Client Manages network configuration by registering and updating IP addresses and DNS names. Started Automatic Local System
Distributed Link Tracking Client Maintains links between NTFS files within a computer or across computers in a network domain. Started Automatic Local System
Distributed Transaction Coordinator Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.   Manual Network Service
DNS Client Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Network Service
Error Reporting Service Allows error reporting for services and applictions running in non-standard environments. Started Automatic Local System
Event Log Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Started Automatic Local System
Extensible Authentication Protocol Service Provides windows clients Extensible Authentication Protocol Service  Manual Local System
Fast User Switching Compatibility Provides management for applications that require assistance in a multiple user environment. Started Manual Local System
Google Update Service (gupdate) Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.  Automatic Local System
Google Update Service (gupdatem) Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.  Manual Local System
Health Key and Certificate Management Service Manages health certificates and keys (used by NAP)  Manual Local System
Help and Support Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
HitmanPro Scheduler HitmanPro Scheduler controls scheduled scans Started Automatic Local System
hpqcxs08   Manual Local System
HTTP SSL This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
Human Interface Device Access Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.  Disabled Local System
IMAPI CD-Burning COM Service Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
Indexing Service Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.  Manual Local System
IPSEC Services Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Started Automatic Local System
Java Quick Starter Prefetches JRE files for faster startup of Java applets and applications Started Automatic Local System
Logical Disk Manager Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
Logical Disk Manager Administrative Service Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.  Manual Local System
Messenger Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.  Disabled Local System
Microsoft .NET Framework NGEN v4.0.30319_X86 Microsoft .NET Framework NGEN Started Automatic Local System
Microsoft Antimalware Service Helps protect users from malware and other potentially unwanted software Started Automatic Local System
Microsoft Automated Troubleshooting Service Microsoft Automated Troubleshooting Service  Manual Network Service
Microsoft SharePoint Workspace Audit Service   Manual Local Service
Mozilla Maintenance Service The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.  Manual Local System
MS Software Shadow Copy Provider Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
Net Driver HPZ12  Started Automatic Local Service
Net Logon Supports pass-through authentication of account logon events for computers in a domain.  Manual Local System
Net.Tcp Port Sharing Service Provides ability to share TCP ports over the net.tcp protocol.  Disabled Local Service
NetMeeting Remote Desktop Sharing Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
Network Access Protection Agent Allows windows clients to participate in Network Access Protection  Manual Local System
Network Connections Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Started Manual Local System
Network DDE Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.  Disabled Local System
Network DDE DSDM Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.   Disabled Local System
Network Location Awareness (NLA) Collects and stores network configuration and location information, and notifies applications when this information changes. Started Manual Local System
Network Provisioning Service Manages XML configuration files on a domain basis for automatic network provisioning.  Manual Local System
NT LM Security Support Provider Provides security to remote procedure call (RPC) programs that use transports other than named pipes.  Manual Local System
Office  Source Engine Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.  Manual Local System
Office Software Protection Platform Office Software Protection Platform Service (unlocalized description)  Manual Network Service
Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Network Service
Plug and Play Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Started Automatic Local System
Pml Driver HPZ12  Started Automatic Local Service
Portable Media Serial Number Service Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.  Manual Local System
Print Spooler Loads files to memory for later printing. Started Automatic Local System
Protected Storage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Started Automatic Local System
QoS RSVP Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.  Manual Local System
Remote Access Auto Connection Manager Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.  Manual Local System
Remote Access Connection Manager Creates a network connection. Started Manual Local System
Remote Desktop Help Session Manager Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.  Manual Local System
Remote Procedure Call (RPC) Provides the endpoint mapper and other miscellaneous RPC services. Started Automatic Network Service
Remote Procedure Call (RPC) Locator Manages the RPC name service database.  Manual Network Service
Removable Storage   Manual Local System
Routing and Remote Access Offers routing services to businesses in local area and wide area network environments.  Disabled Local System
SAS Core Service SUPERAntiSpyware Core Service Started Automatic Local System
Secondary Logon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Security Accounts Manager Stores security information for local user accounts. Started Automatic Local System
Security Center Monitors system security settings and configurations. Started Automatic Local System
Server Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Shell Hardware Detection Provides notifications for AutoPlay hardware events. Started Automatic Local System
Smart Card Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local Service
SSDP Discovery Service Enables discovery of UPnP devices on your home network. Started Manual Local Service
System Event Notification Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events. Started Automatic Local System
System Restore Service Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Started Automatic Local System
Task Scheduler Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
TCP/IP NetBIOS Helper Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Started Automatic Local Service
Telephony Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Started Manual Local System
Terminal Services Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Started Manual Local System
Themes Provides user experience theme management. Started Automatic Local System
Uninterruptible Power Supply Manages an uninterruptible power supply (UPS) connected to the computer.  Manual Local Service
Universal Plug and Play Device Host Provides support to host Universal Plug and Play devices.  Manual Local Service
Volume Shadow Copy Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
Windows Audio Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Windows CardSpace Securely enables the creation, management, and disclosure of digital identities.  Manual Local System
Windows Driver Foundation - User-mode Driver Framework Manages user-mode driver host processes  Manual Local System
Windows Firewall/Internet Connection Sharing (ICS) Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Started Automatic Local System
Windows Image Acquisition (WIA) Provides image acquisition services for scanners and cameras. Started Automatic Local System
Windows Installer Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.  Manual Local System
Windows Management Instrumentation Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Windows Media Player Network Sharing Service Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play  Manual Network Service
Windows Presentation Foundation Font Cache 3.0.0.0 Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.  Manual Local Service
Windows Presentation Foundation Font Cache 4.0.0.0 Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.  Manual Local Service
Windows Remote Management (WS-Management) Allows access to management information from local and remote machines.  Manual Network Service
Windows Search Provides content indexing and property caching for file, email and other content (via extensibility APIs).  The service responds to file and email notifications to index modified content.  If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search. Started Automatic Local System
Windows Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 Started Automatic Local System
Wired AutoConfig This service performs IEEE 802.1X authentication on Ethernet interfaces  Manual Local System
Wireless Zero Configuration Provides automatic configuration for the 802.11 adapters Started Automatic Local System
WMI Performance Adapter Provides performance library information from WMI HiPerf providers.  Manual Local System
Workstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
 



#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:59 AM

Posted 04 August 2013 - 04:15 PM

Ok it seems that service has been started now anyway from the log you gave.

 

Please do the following next:

:step1:

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.
 

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step2:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.



  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step3:



  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


:step4:

How is the computer running now?

 

 

 

 


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 04 August 2013 - 09:15 PM

It is scanning with MBAM right now. What I don't get is why I have a Drive 'E' ? When I switched over to this larger HD (using Acroinis True Image because this HD is a Western Digital) I lost my partitioned 'recovery' drive. Now I have this mysterious 'E' drive (there is no flash drive connected when it shows up). Is this related, perhaps, to the .NET Framework 4.0 Client I have? And that was another thing: I don't know why updates wanted that. I had to go back and find .NET 4.0 (regular) myself. I wish I had my recovery partition. I still have the other HD with it..... 



#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:59 AM

Posted 05 August 2013 - 06:05 AM

Ok. Please post the MBAM, ESET and Adwcleaner delete logs when ready.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 05 August 2013 - 08:30 AM

MBAM Log:
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.05.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dell :: DELL-9200 [administrator]

8/4/2013 10:06:49 PM
mbam-log-2013-08-04 (22-06-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257327
Time elapsed: 1 hour(s), 52 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#14 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 05 August 2013 - 09:36 AM

ESET Online Scanner is running and in progress. It does seem like it will take a while. I'll post as I get the results. Thanks for your help. I meant to also say that for the first time in a long time my Firewall was not disabled upon start-up last night!
Is there any reason why I don't see the RpcSs service? I see several starting with 'R' like "Remote..." but when you do a [CNTRL-F] to search that process you won't find it (?).
Thanks. Reports to follow...
 



#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:59 AM

Posted 05 August 2013 - 01:03 PM

I meant to also say that for the first time in a long time my Firewall was not disabled upon start-up last night!

Great :)

 

 

Is there any reason why I don't see the RpcSs service?

That is due to it being named differently in services.msc than the name I gave - my mistake.

 

Let us have the ESET log when it's ready.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users