Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP SP3 - real slow on Bonnie's Gateway PC


  • Please log in to reply
93 replies to this topic

#1 PieLam

PieLam

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:06:17 AM

Posted 06 September 2013 - 03:32 PM

Hi all,
 
Some of you may remember me, although it's been quite some time,  (a little over a year) once again, I'm working on my wife's cousin's (Bonnie) PC.  This time though, even though it's an older PC, it's not the same one (the original one is no longer), It's newer, but still old.  This time the very sick PC is a Gateway MN 510 running Win XP SP3.
 
I've had her PC almost 2 weeks now.  Although I've made some progress, it is still very sick. This PC is running very very slow.  For example, when I click the start button & then click the 'turn off' button, it takes close to, if not, 5 minutes for the 'turn off PC' window to show up.  Thankfully, I can switch to my PC via the KVM switch and play games, surf, etc...  Bonnie's PC SHOULD run decently, it's a 2.6 GHZ Intel P-IV with a skimpy, but adaqute (I would think) 512kb RAM.  I've tried getting support from Gateway's not-so-easy-to-use site...  When I entered the Model # (510), I wasn't able to confirm Bonnie's PC since the wrong PC image was presented.  That was 2 days ago.  Of course I left a message, so far, nothing but the sounds of crickets from them.  Oh well, so much for their supportI  I sorta figured as much anyway.   :tophat:    My opinion of them is reaffirmed...  If you own a Gateway PC, I'm sorry,   :bananas:    er, I mean to say I'm sure they're decent PCs, I just wouldn't expect superior support like you'd get from a superior company like HP...  Oops got off on a tangent there, sorry 'bout that.
 
> > > Back to Bonnie's PC...
I've done the following: 
I've run the following malware scanners/removers: 
 
  • adwcleanr,
  • anti-malware by malwrebytes,
  • antispywar by SUPER antispywar, 
  • HijackThis,
  • Rogue Killer.  
 
Over 1,000 infections were found & hopefully removed. I've also ran the following:
 
  • CCleaner
  • Decrapifier
  • Defraggler
  • Junkware Removal Tool
  • ntregopt
 
Also. I  used a MS utility ( forgot it's obscure name) to optimize Widows animation for performance.
 
All of that helped quite a bit, but her system is still painfully slow. While I was running some of the above, I received 2 or 3 warnings that the memory or virtual memory is low or running out (exact messages elude me).  When I looked in 'Task Manager', I couldn't determine anything obviously wrong.  So, I finally bit the bullet and decided to look at each running process, figuring that's where the problem is..So, I set out to look-up each process in the BleepinComputer database which was no easy task.  Again, KVM switch to the rescue.  I did find many suspicious looking processes. Some, I was able to stop, but there were several that I could not stop:
 
The following is a listing of processes that I could not stop:

 

  • CCSETMGR.EXE > cited that it was a Critical Process
  • Isass.exe > cited that it was a Critical Process
  • mcagent.exe > cited that it was unable to Terminate
  • mcciCMService.exe > cited that it was unable to Terminate
  • mcshield.exe > cited that it was unable to Terminate
  • McSvHost.exe > cited that it was unable to Terminate
  • mdm.exe > cited that it was unable to Terminate
  • mDNSResponder.exe > cited that it was unable to Terminate
  • mfeFire.exe > cited that it was unable to Terminate
  • mfevtps.exe > cited that it was unable to Terminate
  • PRISMXL.SYS > cited that it was unable to Terminate
  • SAScore.exe > cited that it was unable to Terminate
  • searchindexer.exe > cited that it was unable to Terminate
  • symlcsvc.exe > cited that it was unable to Terminate
 
As you can see, it's a pretty long list. I omitted the 3 or 4 processes that did stop.  The few that I was able to  stop, didn't seem to help nor hinder anything.  I haven't bothered to check if a reboot would change anything...  Seems unlikely that it would to me.
 
As you may can tell, I've reached my limit.  I don't know what else I can do so I now seek your wise help, please.  

Edited by hamluis, 08 September 2013 - 05:27 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 SpywareDoc

SpywareDoc

  • Members
  • 674 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland, USA
  • Local time:07:17 AM

Posted 06 September 2013 - 03:45 PM

I'd bump it up to 2GB of RAM first. (XP's sweet spot).

 



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:17 AM

Posted 06 September 2013 - 05:05 PM

<<Bonnie's PC SHOULD run decently, it's a 2.6 GHZ Intel P-IV with a skimpy, but adaqute (I would think) 512kb RAM. >> 

 

Sorry...that's far from "adequate" on a aystem where the user expects to do more than browse the Web.  Add in the fact that any browser will utilize at least half of that when used...and it's easy to see that there isn't much memory left to do much of anything.

 

As a test...you can download Speccy...and then take a look at the Processes.  Look at the .exes listed for whatever browsers are installed and write down the maximum RAM used by each...then total it.  Then compare that to 512kb.  You won't find much, if any, left to do anything other than browse the Web.

 

Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 .

 

And a typical AV program will take up approximately 200-300kb of RAM.

 

And so on...for every program running.

 

Louis



#4 PieLam

PieLam
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:06:17 AM

Posted 08 September 2013 - 05:03 PM



<  

 
I really appreciate & value your reply,,, 
 
However, I think I need to clarify.  What I meant was when I thought 512k should be enough to run on a clean uninfected system. Especially since it's well over the minimum system requirements.
 
BTW, yes, I agree 512k is skimpy, Remember though, this is not MY PC.  I'd already suggested that she should install more RAM.  But her response cited a non-existing budget for that, unfortunately...
 
---------------------------------
 
Below is directly from MicroSoft's website:
 
 
The minimum hardware requirements for Windows XP Home Edition are:'s>
  • Pentium 233-megahertz (MHz) processor or faster (300 MHz is recommended)
  • At least 64 megabytes (MB) of RAM (128 MB is recommended)
  • At least 1.5 gigabytes (GB) of available space on the hard disk
  • CD-ROM or DVD-ROM drive
  • Keyboard and a Microsoft Mouse or some other compatible pointing device
  • Video adapter and monitor with Super VGA (800 x 600)or higher resolution
  • Sound card
  • Speakers or headphones

For more information about system requirements for Windows XP Home Edition, visit the following Microsoft Web site:
http://www.microsoft.com/windowsxp/home/evaluation/sysreqs.mspx
--------------------------
 
AAMOF, I attempted contacting Gateway in hopes to get the RAM specs.for Bonnie's system.  That way, I could've at least told her the costs.  But my 1st attempt at contacting Gateway(&^%RF*&) failed, I'll try again some other time.
 
I did run Speccy (impressive), below is the published URL results:
 
http://speccy.piriform.com/results/iaAassxrwE8j14k7lB2Ve4E
 
 
It seems redundant to run 2 virus scanners, but isn't it also a cause for concern?

 


Edited by PieLam, 08 September 2013 - 05:12 PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:17 AM

Posted 08 September 2013 - 05:26 PM

Well...the first thing that I would be concerned about...is I can't find any hits for "AVP Personal Security" or "AVP Inc", using Google.

 

Rather...I shoud have said I found no links indicating that either is a valid program designed to neutralize malware.

 

OTOH...i do find a connection between "AVP" and malware and "Personal Security 2011" and malware.

 

I consider these basic checks show-stoppers as far as thinking that this is anything other than a malware problem.  To check that out, I am  moving this topic to the Am I Infected forum (link to said forum in my signature).

 

Looking thru the processes per Speccy...I see both McAfee and Symantec processes running.  If the system is not infected...the two sets of files are probably enough to cause system problems, IMO.

 

Louis



#6 PieLam

PieLam
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:06:17 AM

Posted 09 September 2013 - 08:31 AM

I'd bump it up to 2GB of RAM first. (XP's sweet spot).

 

 

As indicated elsewhere, I agree, Thanx.



#7 PieLam

PieLam
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:06:17 AM

Posted 09 September 2013 - 08:55 AM

Well...the first thing that I would be concerned about...is I can't find any hits for "AVP Personal Security" or "AVP Inc", using Google.

 

Rather...I shoud have said I found no links indicating that either is a valid program designed to neutralize malware.

 

OTOH...i do find a connection between "AVP" and malware and "Personal Security 2011" and malware.

 

I consider these basic checks show-stoppers as far as thinking that this is anything other than a malware problem.  To check that out, I am  moving this topic to the Am I Infected forum (link to said forum in my signature).

 

Looking thru the processes per Speccy...I see both McAfee and Symantec processes running.  If the system is not infected...the two sets of files are probably enough to cause system problems, IMO.

 

Louis

 

I knew AVP was a name I never heard of...  Sounds like a good candidate for removal to me...

 

Bonnie's PC was given to her by a previous owner, her cousin's husband, however.  Of course, whatever was on it then (good or bad) is basically still on it...

 

Yes, it's been my experience, too, that  a 2nd AV program running causes problems.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 16 September 2013 - 09:31 PM

Hello please also do these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

  • Do not reboot the computer, you will need to run the application again.
  • [/list]

    Open MBAM ( malwarebytes) and select update. Then run a Full scan and post that scan log.
    The log is automatically saved and can be viewed by clicking the Logs tab.


    ADW Cleaner

    Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



  • Download TDSSKiller and save it to your desktop.
    [list]
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 PieLam

PieLam
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:06:17 AM

Posted 17 September 2013 - 05:27 PM

I really appreciate your expertise & time with this!  
 
I'll do my best to follow your steps as best as I can.  However, I want to know if it's OK to place files in folders that I've created, instead of placing them on the desktop.  I sorta have this thing about placing random stuff on my desktop.  But if that's the way it *has* to be, then, I'll accommodate.
 
It seems to me that I've done quite a bit so far, obviously, though, not near enough.   :lmao:
 
I D/L & ran MiniToolBox with no problems.  Here's its log:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Pie (administrator) on 17-09-2013 at 12:22:09
Running from "C:\Documents and Settings\Pie\My Documents\Downloads\Tools 


13-08-22\Malware\boopme\Mini Tool Box"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
************************************************************


***************


========================= Flush DNS: 


===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: 


============================== 


Proxy is not enabled.
No Proxy Server is set.


"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: 


================================


Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)




# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip




# Interface IP Configuration for "Local Area Connection"


set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp




popd
# End of interface IP configuration




Windows IP Configuration        Host Name . . . . . . . . . . . . : BONNIE_PC        Primary 


Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Broadcast        IP Routing 


Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix 


Search List. . . . . . : hsd1.tn.comcast.net.Ethernet adapter Local Area Connection:   


     Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.        Description . . . . . . 


. . . . . : Intel® PRO/100 VE Network Connection        Physical Address. . . . . . . . . : 


00-0C-F1-85-B6-12        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration 


Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.126        Subnet Mask 


. . . . . . . . . . . : 255.255.255.0        IP Address. . . . . . . . . . . . : 


fe80::20c:f1ff:fe85:b612%4        Default Gateway . . . . . . . . . : 192.168.1.1        


DHCP Server . . . . . . . . . . . : 192.168.1.1        DNS Servers . . . . . . . . . . . : 


75.75.75.75                                            75.75.76.76                                            


192.168.1.1                                            fec0:0:0:ffff::1%1                                           


 fec0:0:0:ffff::2%1                                            fec0:0:0:ffff::3%1        Lease 


Obtained. . . . . . . . . . : Tuesday, September 17, 2013 9:45:57 AM        Lease 


Expires . . . . . . . . . . : Wednesday, September 18, 2013 9:45:57 AMTunnel adapter 


Teredo Tunneling Pseudo-Interface:        Connection-specific DNS Suffix  . :         


Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface        Physical 


Address. . . . . . . . . : 00-00-FB-EA-B4-BE-CE-FC        Dhcp Enabled. . . . . . . . . . . : No   


     IP Address. . . . . . . . . . . . : 2001:0:4137:9e76:0:fbea:b4be:cefc        IP Address. 


. . . . . . . . . . . : fe80::ffff:ffff:fffd%5        Default Gateway . . . . . . . . . : ::        


NetBIOS over Tcpip. . . . . . . . : DisabledTunnel adapter Automatic Tunneling 


Pseudo-Interface:        Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.        


Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface        Physical 


Address. . . . . . . . . : C0-A8-01-7E        Dhcp Enabled. . . . . . . . . . . : No        IP 


Address. . . . . . . . . . . . : fe80::5efe:192.168.1.126%2        Default Gateway . . . . . . 


. . . :         DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1                                            


fec0:0:0:ffff::2%1                                            fec0:0:0:ffff::3%1        NetBIOS over 


Tcpip. . . . . . . . : DisabledServer:  cdns01.comcast.net
Address:  75.75.75.75


Name:    google.com
Addresses:  74.125.225.165, 74.125.225.167, 74.125.225.168, 


74.125.225.162
 74.125.225.164, 74.125.225.166, 74.125.225.161, 74.125.225.169, 


74.125.225.163
 74.125.225.160, 74.125.225.174


Pinging google.com [74.125.225.199] with 32 bytes of data:Reply from 


74.125.225.199: bytes=32 time=58ms TTL=47Reply from 74.125.225.199: 


bytes=32 time=59ms TTL=47Ping statistics for 74.125.225.199:    Packets: Sent 


= 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-


seconds:    Minimum = 58ms, Maximum = 59ms, Average = 58msServer:  


cdns01.comcast.net
Address:  75.75.75.75


Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:Reply from 


206.190.36.45: bytes=32 time=147ms TTL=48Reply from 206.190.36.45: 


bytes=32 time=61ms TTL=48Ping statistics for 206.190.36.45:    Packets: Sent = 


2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:  


  Minimum = 61ms, Maximum = 147ms, Average = 104msPinging 127.0.0.1 with 


32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 


127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: 


Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-


seconds:    Minimum = 0ms, Maximum = 0ms, Average = 


0ms=========================================================


==================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c f1 85 b6 12 


...... Intel® PRO/100 VE Network Connection
============================================================


===============
============================================================


===============
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.126  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0    192.168.1.126   192.168.1.126  20
    192.168.1.126  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255    192.168.1.126   192.168.1.126  20
        224.0.0.0        240.0.0.0    192.168.1.126   192.168.1.126  20
  255.255.255.255  255.255.255.255    192.168.1.126   192.168.1.126  1
Default Gateway:       192.168.1.1
============================================================


===============
Persistent Routes:
  None
========================= Winsock entries 


=====================================


Catalog5 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINNT\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINNT\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\WINNT\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"


Catalog5 07 C:\WINNT\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"


Catalog9 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 10 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)


========================= Event log errors: 


===============================


Application errors:
==================
Error: (09/17/2013 11:29:04 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:29:04 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:29:04 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:29:04 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:29:02 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:28:58 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:28:56 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:28:54 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:28:52 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.


Error: (09/17/2013 11:28:51 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number 


from: 


<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus


tedr/en/authrootseq.txt> with error: The specified server cannot perform the 


requested operation.




System errors:
=============
Error: (09/17/2013 11:30:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {211EBA3A-EA5A-496B-A021-5C6BEB365E4C} did not 


register with DCOM within the required timeout.


Error: (09/17/2013 09:46:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not 


register with DCOM within the required timeout.


Error: (09/11/2013 06:53:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not 


register with DCOM within the required timeout.


Error: (09/11/2013 06:50:58 PM) (Source: DCOM) (User: BONNIE_PC)
Description: The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not 


register with DCOM within the required timeout.


Error: (09/11/2013 06:50:14 PM) (Source: DCOM) (User: BONNIE_PC)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not 


register with DCOM within the required timeout.


Error: (09/11/2013 00:14:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not 


register with DCOM within the required timeout.


Error: (09/11/2013 11:59:51 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not 


register with DCOM within the required timeout.


Error: (09/11/2013 11:57:40 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service 


EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Error: (09/11/2013 11:32:41 AM) (Source: DCOM) (User: BONNIE_PC)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with 


arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Error: (09/11/2013 11:28:17 AM) (Source: DCOM) (User: BONNIE_PC)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with 


arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}




Microsoft Office Sessions:
=========================
Error: (09/17/2013 11:29:04 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:29:04 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:29:04 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:29:04 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:29:02 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:28:58 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:28:56 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:28:54 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:28:52 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.


Error: (09/17/2013 11:28:51 AM) (Source: crypt32)(User: )
Description: 


http://www.download.windowsupdate.com/msdownload/update/v3/static/trust


edr/en/authrootseq.txtThe specified server cannot perform the requested 


operation.




=========================== Installed Programs 


============================


Acrobat.com (Version: 1.6.65)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11 (Version: 11)
Apple Application Support (Version: 2.3.4)
AT&T Self Support Tool
AT&T Toolbar
AT&T Wireless Connection Tool
ATT-PRT22
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Creative Jukebox Driver
Critical Update for Windows Media Player 11 (KB959772)
DigitImg (Version: 2.00.0000)
DivX Version Checker (Version: 7.1.0.9)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
Gateway Drivers and Applications Recovery
Gateway User's Guide
Google Chrome (Version: 29.0.1547.66)
Google Update Helper (Version: 1.3.21.153)
hp instant support (Version: 5.0.2.4.asst_classic.asst_install)
HP Memories Disc (Version: 1.0.4.805)
HP Photo and Imaging 1.2 - Scanjet 4570c Series (Version: 1.2.0000)
HP Update (Version: 5.002.001.004)
HPSSupply (Version: 100.0.172.000)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
iTunes (Version: 11.0.4.4)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
Java™ 6 Update 22 (Version: 6.0.220)
KODAK EASYSHARE Gallery Upload ActiveX Control
McAfee SecurityCenter (Version: 11.6.511)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2 (Version: 9.00.2720)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Silverlight (Version: 4.0.51204.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 


8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual Keyboard (Version: 9.2.0414)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works (Version: 07.03.0719)
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 7.0.0.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
MyInvoices & Estimates Deluxe (Version: 6.0.0.0)
Nancy Drew: Secret of the Scarlet Hand
neroxml (Version: 1.0.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series (Version: 2.0)
PrintMaster 16 (Version: 16.00.0000)
PS7600 (Version: 1.00.0000)
PSShortcuts (Version: 1.00.0000)
PSUsage (Version: 1.20.0000)
Quicken Will Writer 2001
QuickTime (Version: 7.74.80.86)
QWW2001 Registration
Shared C Run-time for x86 (Version: 10.0.0)
ShareIns (Version: 1.00.0000)
Shop for HP Supplies (Version: 10.0)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB969497) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VantagePoint (Version: 1.41.0000)
WebFldrs XP (Version: 9.50.6513)
WillWriter Companion
Windows Desktop Search 3.01 (Version: 03.01.6000.72)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
Wireless USB Card (Version: 6.0.1)
XML Paper Specification Shared Components Pack 1.0


========================= Devices: 


================================


Name: SoundMAX Integrated Digital Audio
Description: SoundMAX Integrated Digital Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Analog Devices, Inc.
Service: smwdm
Problem: : A driver (service) for this device has been disabled. An alternate driver 


may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to 


install the driver again. If this does not work, you might have to change the device 


start type parameter in the registry.




========================= Memory info: 


===================================


Percentage of memory in use: 75%
Total physical RAM: 494.73 MB
Available physical RAM: 121.29 MB
Total Pagefile: 1154.62 MB
Available Pagefile: 661.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.99 MB


========================= Partitions: 


=====================================


2 Drive c: (150g) (Fixed) (Total:149 GB) (Free:87.95 GB) NTFS
3 Drive d: (G8WAY Restore) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
5 Drive g: (CRS 16G RBR) (Removable) (Total:15.11 GB) (Free:15.07 GB) FAT32


========================= Users: 


========================================


User accounts for \\BONNIE_PC


Administrator            ASPNET                   Guest                    
HelpAssistant            Pie                      SUPPORT_388945a0         
Terry Cottingham         




**** End of log ****

 

 
When I tried to run RKILL.COM & RKILL.EXE from LINK1 & LINK2 (respectively) they both seem to have encountered the same problem.  They both began with a b&w DOS window, just as you described, then after a few seconds, went to a full black screen, shortly after that, the BSOD appeared.  After the BSOD finished writing the mem dump, the machine rebooted.  Both files behaved exactly the same way...
 
Should I continue with MBAM & the rest?  I stopped doing anything else after the RKILL attempt..  Let me know if that was right or not...
 

PS

Both RKILL logs were empty.


Edited by PieLam, 17 September 2013 - 05:32 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 17 September 2013 - 08:02 PM

OK, you can put them I folders but I feel it may just take longer to start them.

Ok we'll skip Rkill for now and move on.

In Control Panel .Add/Remove ...uninstall.. Java™ 6 Update 22 (Version: 6.0.220)


Your Winsock is corrupt
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
This may also fix the internet.


Do you have the Rogue Killer log to post?

Do NOT run CCleaners Registry tools.


Move on to ADWCleaner and TDSSKiller

Edited by boopme, 17 September 2013 - 08:04 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 PieLam

PieLam
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:06:17 AM

Posted 18 September 2013 - 02:23 PM

 
 
OK.  Thanks for the desktop thing.  I know it's more trouble, more tedious, etc... for most people, it's still my preferred way of doing things.  I know, this probably borders on OCD,  I'm borderline OCD anyway.   :bounce:    Thanks again!
 
I still have the RKILL.EXE(the LINK2 one) LOG (below)  I don't have the one from RKILL.COM(the LINK1 one) though, if need be, I can re-run RKILL.COM to re-create the log.  I know you decided to back burner them for now, just let me know...
 
Just FYI, I'm impressed with the way Bonnie's PC has responded so far!  It's still not @100%, but the difference between now & before is amazing!  The winsock reset has had the most impact so far. :lmao:
 
I'll also paste the log from ADWclean (ADWclean log.txt)
 
I ran TDSSkill...  No threats found.  Good news?
 

 

==============================================================

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html


Program started at: 09/17/2013 02:12:47 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3


Checking for Windows services to stop:

=================================================================

There was nothing else in the file...

 

Below is (ADWclean log.txt)

=================================================================

# AdwCleaner v3.004 - Report created 18/09/2013 at 12:15:39
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Pie - BONNIE_PC
# Running from : C:\Documents and Settings\Pie\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\Terry Cottingham\Application Data\Mozilla\Firefox\Profiles\y6496si9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Documents and Settings\Pie\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5466 octets] - [11/09/2013 07:52:36]
AdwCleaner[R1].txt - [1271 octets] - [18/09/2013 11:31:35]
AdwCleaner[S0].txt - [5663 octets] - [11/09/2013 08:04:02]
AdwCleaner[S1].txt - [1198 octets] - [18/09/2013 12:15:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1258 octets] ##########
 

 

=================================================================

 



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 18 September 2013 - 08:29 PM

CCSETMGR.EXE is a leftover from Norton AV. Use the Norton Removal Tool here to remove any Norton / Symantec entries that may have been left over after uninstalling.

 

Mdm.exe

 

 

These are  all McAfee and you need them to run your AV. Google the rest and see what they are.

  • mcagent.exe > cited that it was unable to Terminate
  • mcciCMService.exe > cited that it was unable to Terminate
  • mcshield.exe > cited that it was unable to Terminate
  • McSvHost.exe > cited that it was unable to Terminate
  • mdm.exe > cited that it was unable to Terminate
  • mDNSResponder.exe > cited that it was unable to Terminate
  • mfeFire.exe > cited that it was unable to Terminate

 

Those are just different links to the same RKILL tool.

 

Uninstall these...

J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
Java™ 6 Update 22 (Version: 6.0.220)

 

Reboot

 

 

You did not post a complete rkill log if it ran properly.

 

Try it again after ESET

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

[/*]
[/LIST]


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 PieLam

PieLam
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:06:17 AM

Posted 19 September 2013 - 01:10 PM

CCSETMGR.EXE is a leftover from Norton AV. Use the Norton Removal Tool here to remove any Norton / Symantec entries that may have been left over after uninstalling.

 

 

 

The results of the Norton Removal Tool Link:
----------------------------------------------

This document is currently unavailable
The document you are looking for is currently unavailable. This can happen for 


various reasons:

You may have typed or clicked an incorrect link. Please make sure that you have typed in or copied the link correctly.The content you are looking for was for an older product, and has been removed. 

You may be able to update to the newest version of your Norton product for free. 
Go to the Norton Update Center to see if you are eligible to get the latest version.
If you are not eligible for a free update, you can purchase an upgrade from Norton Online Store.
The content you are looking for just may not be available. To find solutions, use the search box at the top of this page.

----------------------------------------------

 
So, I did a search for "CCSETMGR.EXE" & got this:
 
 
----------------------------------------------
 
No Results Found for "CCSETMGR.EXE"
Our search engine was unable to find any pages related to "CCSETMGR.EXE".
----------------------------------------------
 
With the same search in their forums this time, I thought I'd found a solution, but the solution yielded the same "This document is currently unavailable" results...  I read a few more posts, but stopped after not seeing anything worthy of looking into...I then decided to search for "Norton Removal Tool" which yielded the following:
 
 
----------------------------------------------
Download Norton Removal Tool
The steps to download and run the Norton Removal Tool differ depending on whatproduct you have.
Choose your product:

I have a Norton product that was purchased from my service provider
I have Norton AntiVirus, Norton Internet Security, or Norton 360
I have Norton Security Suite or Norton Business Suite
I have Norton Ghost or Norton Save & Restore
I have pcAnywhere or WinFax


This solution was previously published as KB 2001111912274039.
----------------------------------------------
 
At this point I'm not sure what to do...  I was going to take a guess using option 2 (I have Norton AntiVirus, Norton Internet Security, or Norton 360,) but I didn't for fear of screwing-up something...  What should I do?
 
PS
On rkill, I detected that there are slight differences.  Maybe just cosmetic log differences??? 
Remember too, though, both had empty logs & didn't run right (both had BSODs.)
Still Re-Run?


#14 PieLam

PieLam
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:06:17 AM

Posted 19 September 2013 - 07:06 PM

boopme, on 18 Sept 2013 - 8:29 PM, said:
Mdm.exe

Oops.  Sorry, I didn't realize that  was a link for me to click on till later!  <<BIG DUH>>  Please excuse the ignorance that I sometimes get....  

 
These are  all McAfee and you need them to run your AV. Google the rest and see what they are.

BTW, I stopped doing more steps from your previous message because of the Norton thing.  But, I figured, I could at least do the step of searching for the below processes.  I'll complete the rest of the steps after we're clear on the Norton thing.
 
 
Most of these processes are from McAfee Internet Security software, like you thought. (Not real surprised to find that out )
 
FYI, I'm pretty sure it's OK, but just so you'll know, I used BING.  Nothing against Google, I just tried Bing once a while back. Now it's my default search engine & I've gotten more used to using it...
 
These are the files that I searched and some descriptions:
 
 
Mdm.exe
Mdm.exe is the Machine Debug Manager, which is used by the Windows NT Option Pack and Microsoft Developer Studio to provide application debugging. When Script Debugging is enabled for Internet Explorer 4.0, the debug manager is initialized whenever Internet Explorer 4.0 is started. The Machine Debug Manager runs as a service and is loaded when your computer starts. If you do not use your computer for debugging purposes, you can safely turn this off.
 
I'm pretty sure Bonnie's not doing any debugging.  OK to just delete?
 
 
mcagent.exe
Description: The file mcagent.exe is located in a sub-folder of "C:\Program Files" or sometimes in a sub folder of the "My Files" folder (normally C:\Program Files\mcafee.com\agent\). Known file sizes on Windows 7/XP are 303,104 bytes (53% of all occurrences), 582,992 bytes and 20 more variants. There is an icon for this program on the taskbar next to the clock. The program has a visible window. The file is not a Windows system file. Mcagent.exe is able to record inputs and monitor applications. Therefore the technical security rating is 14% dangerous, however also read the users reviews.You can uninstall the program using the Control Panel ? Add/Remove programs ? McAfee, Inc. or AWStats.
 
The last time I tried removing McAfee, it asked me if I was sure. It also informed me that my subscription was still valid.  So, I canceled the uninstall.  Guess it'd be prudent to call Bonnie about this, huh?
 
 
 
mcciCMService.exe
Motive.com Communications McciCMService.
Is mccicmservice.exe safe?   This mccicmservice.exe file is safe and should not be considered threat to your computer.


Overall threat: No
Spyware: No
Trojan: No
Virus: No
 
Seems docile enough.  You agree?
 
 
mcshield.exe
"mcshield.exe" is the McAfee On-Access Antivirus Scanner from Network Associates, Inc. It monitors your computer's processes, files and registry to 
attempt to detect and prevent virus infection.  
 
Call Bonnie, huh? 
 
 
McSvHost.exe
The process known as McAfee Service Host belongs to software McAfee Shared Service Host or McAfee Integrated Security Platform or McAfee SiteAdvisor Service, McAfee Personal Firewall Service, McAfee Services, McAfee VirusScan An or McAfee Personal Firewall Service, McAfee Services, McAfee VirusScan 
Announcer, McAfee Network Agent by McAfee (www.mcafee.com).
Another McAfee product.
 
 
mDNSResponder.exe
The process mdnsresponder.exe is a component of the Apple Service, which is identified with the Bonjour for Windows software application initially utilized by iTunes because of its music sharing functionality. The mdnsresponder.exe process is a native element of the Mac OS X operating system and is associated with the MDNSNSP.DLL, which was ported for the Microsoft Windows Operating System environment.
I'm not sure, but I figure all the Apple stuff got installed because of some Apple product like an iPod, iPhone, etc... Again. call Bonnie, huh? 
 
mfeFire.exe
essential part of the McAfee firewall plus or Internet Security software This program is not important for your system process, but should not be terminated unless suspected to be causing problems.
Another McAfee product.
 

 

The End -- For now...


Edited by PieLam, 19 September 2013 - 07:10 PM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 20 September 2013 - 08:18 PM

Mdm.exe, The Machine Debug Manager runs as a service

Services are NEVER deleted.

You can disable.

 

How to Disable Unnecessary Services in Windows XP

 

mcciCMService.exe has to stay.

As do all the McAffee's unless you want uninstall McAfee and then install a new AV application.

 

The Iphone stuff is needed if they use those apps.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users