Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Want some help checking my security settings are good, thanks


  • Please log in to reply
17 replies to this topic

#1 rp88

rp88

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:01 PM

Posted 02 April 2015 - 03:24 PM

I have bought a new computer, an HP 15 Notebook PC 15-r218na http://www8.hp.com/uk/en/products/laptops/product-detail.html?oid=7694202#!tab=features and have spent the last few days setting it up. I've got rid of the bloat, put on an antivirus, installed a better choice of browsers, put on all the programs I like and set windows' settings to the states I prefer. With this all done I would like to check that my system has the right settings for remaining secure and also being able to be restored to an earlier state (as in the state it is in today) in the event of problems. I have downloaded the latest versions of FSS, Minitoolbox, SecurityCheck, speccy and CCleaner and have been able to make some logs ad lists relating to the current settings. I wondered if someone could please look through these and see if everything looks ok, in regards to:

Not having any hugely vulnerable software installed
Not having un-necessary programs running at startup and wsting spce in the background
Having layers of security which work
Being up-to-date with security updates
Having the right sorts of recovery media made should disaster strike
Not having any current sstem errors of the type which are worrying
Not having anything clearly wrong with the setup

I have attached the logs below, but taken out some very private information whih gets included in file path names and such, I have marked where bits have been removed for privacy. I also removed some numbers which I suspected might be private to me (lke serial numbers and product keys), I have marked where I did this too.

FSS log is first

Farbar Service Scanner Version: 17-01-2015
Ran by (my user name) (administrator) on 02-04-2015 at 21:27:54
Running from "C:\Users\(my user name)\Downloads"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


Then Minitoolbox log

MiniToolBox by Farbar Version: 09-03-2015
Ran by (my user name) (administrator) on 02-04-2015 at 21:28:21
Running from "C:\Users\(my user name)\Downloads"
Microsoft Windows 8.1 (X64)
Model: HP 15 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Realtek RTL8723BE 802.11 b/g/n Wi-Fi Adapter = WiFi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : (my name)
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 2C-33-7A-8C-45-9F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8723BE 802.11 b/g/n Wi-Fi Adapter
Physical Address. . . . . . . . . : 2C-33-7A-8C-45-9F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : (my home address)
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : D0-BF-9C-1C-BE-25
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
7...2c 33 7a 8c 45 9f ......Microsoft Wi-Fi Direct Virtual Adapter
6...2c 33 7a 8c 45 9f ......Realtek RTL8723BE 802.11 b/g/n Wi-Fi Adapter
3...d0 bf 9c 1c be 25 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/02/2015 07:22:29 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

Error: (04/02/2015 07:22:29 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

Error: (04/02/2015 04:54:19 PM) (Source: Perflib) (User: )
Description: ASP.NET_2.0.50727

Error: (04/02/2015 04:54:19 PM) (Source: Perflib) (User: )
Description: ASP.NET_2.0.507278

Error: (04/01/2015 08:49:33 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed ((This number might be private, I don't know)) for template Id {(as might this number)}

Error: (04/01/2015 08:49:33 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
((and perhaps this one))

Error: (04/01/2015 08:14:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(perhaps this number too).manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(and maybe this one).manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(and maybe this one).manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(number might be private).manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_(number might be private).manifest.

Error: (04/01/2015 08:04:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(possibly private number).manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(possibly private number).manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(possibly pivate number).manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(possibly private number).manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_(possibly private number).manifest.

Error: (04/01/2015 05:46:24 PM) (Source: HP Registration Service) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: (possibly private number)) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)

Error: (04/01/2015 05:46:23 PM) (Source: HP Registration Service) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: (possibly private number)) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
at HPMetrics.ScheduleTask.DeleteTask(String TaskName)


System errors:
=============
Error: (04/02/2015 00:43:18 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume F: were aborted because volume F:, which contains shadow copy storage for this shadow copy, was force dismounted.

Error: (04/01/2015 11:31:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/01/2015 11:31:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/01/2015 11:31:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/01/2015 11:31:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

Error: (04/01/2015 11:31:01 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/01/2015 11:31:01 PM) (Source: Service Control Manager) (User: )
Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/01/2015 11:31:01 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (04/01/2015 11:31:01 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/01/2015 11:31:01 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/02/2015 07:22:29 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (04/02/2015 07:22:29 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (04/02/2015 04:54:19 PM) (Source: Perflib)(User: )
Description: ASP.NET_2.0.50727

Error: (04/02/2015 04:54:19 PM) (Source: Perflib)(User: )
Description: ASP.NET_2.0.507278

Error: (04/01/2015 08:49:33 PM) (Source: Software Protection Platform Service)(User: )
Description: (possibly private number)

Error: (04/01/2015 08:49:33 PM) (Source: Software Protection Platform Service)(User: )
Description: (possibly private number)(0x00000000, 20:49:33:026 -
https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)
(possibly private number)(0x00000000, 20:49:33:026)
(possibly private number)(0x00000000, 20:49:33:026 -
https://validation-v2.sls.microsoft.com)
(possibly private number)(0x00000000, 20:49:33:026 - 0)
(possibly private number)(0x00000000, 20:49:33:026 -
https://validation-v2.sls.microsoft.com)
(possibly private number)(0x00000000, 20:49:33:026 - 1, <NULL>, <NULL>, <NULL>)
(possibly private number)((possibly private number), 20:49:33:026 - 0, 1)
(possibly private number)((possibly private number), 20:49:33:026 - 0,
https://validation-v2.sls.microsoft.com, <N/A>, <N/A>)
(possibly private number)(0x00000000, 20:49:33:026 - 0)
(possibly private number)((possibly private number), 20:49:33:042 - SOAPAction: "
http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{(possibly private number)}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>(possibly private numebr)</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16497;ServiceVersion=6.3.9600.16497;AvailablePID2s=(string of potentially private numbers);TemplateId={(possibly private number)};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
(possibly private number)((possibly private number), 20:49:33:042 - <NULL>)
(possibly private number)((possibly private number), 20:49:33:042)

Error: (04/01/2015 08:14:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(possibly private number).manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_(possibly private number).manifestC:\Users\(my user name)\Installers1\antivirus and security installers and exes\esetsmartinstaller_enu.exe

Error: (04/01/2015 08:04:47 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_(possibly private number).manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_(possibly private number).manifestC:\Users\(my user name)\Installers1\antivirus and security installers and exes\esetsmartinstaller_enu.exe

Error: (04/01/2015 05:46:24 PM) (Source: HP Registration Service)(User: )
Description: The system cannot find the file specified. (Exception from HRESULT: (possibly private number)) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)

Error: (04/01/2015 05:46:23 PM) (Source: HP Registration Service)(User: )
Description: The system cannot find the file specified. (Exception from HRESULT: (possibly private number)) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
at HPMetrics.ScheduleTask.DeleteTask(String TaskName)



=========================== Installed Programs ============================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Blender (HKLM\...\Blender) (Version: 2.65a-release - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP PC Hardware Diagnostics UEFI (x32 Version: 5.6.1.0 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 1.2.1510 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{1E7F409E-E35A-4DF8-BF5C-FE34B74B640E}) (Version: 7.6.31.30 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F12B17AB-FCDA-4380-9D35-E3F871BF1093}) (Version: 1.2.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Chipset Device Software (Version: 10.0.21 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.21 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (Version: 10.0.28.1006 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 13.2.0.1016 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.35.133.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 en-GB)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.20 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 8107.39 MB
Available physical RAM: 6406.74 MB
Total Pagefile: 10027.39 MB
Available Pagefile: 8321.42 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.65 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:907.27 GB) (Free:865.64 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:23.23 GB) (Free:2.58 GB) NTFS

========================= Users: ========================================

User accounts for \\(my name)

Administrator Guest (my user name)

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

01-04-2015 17:42:46 Removed 7-Zip 9.20 (x64 edition)
02-04-2015 00:59:57 Windows Backup
02-04-2015 12:50:29 Windows Backup

**** End of log ****


Then the Security Check log

Results of screen317's Security Check version 0.99.99
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (37.0)
Google Chrome (41.0.2272.118)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 
Then a list of running services found from speccy
 
Services
            Running    Andrea RT Filters Service
            Running    Application Host Helper Service
            Running    Application Information
            Running    Avast Antivirus
            Running    Background Intelligent Transfer Service
            Running    Background Tasks Infrastructure Service
            Running    Base Filtering Engine
            Running    BTDevManager
            Running    COM+ Event System
            Running    Cryptographic Services
            Running    DCOM Server Process Launcher
            Running    DHCP Client
            Running    Diagnostic Policy Service
            Running    Diagnostic Service Host
            Running    Distributed Link Tracking Client
            Running    DNS Client
            Running    HP Support Assistant Service
            Running    HPWMISVC
            Running    IKE and AuthIP IPsec Keying Modules
            Running    Intel Dynamic Application Loader Host Interface Service
            Running    Intel HD Graphics Control Panel Service
            Running    Intel Management and Security Application Local Management Service
            Running    Intel Rapid Storage Technology
            Running    Intel ME Service
            Running    IP Helper
            Running    Local Session Manager
            Running    Multimedia Class Scheduler
            Running    Network Connection Broker
            Running    Network List Service
            Running    Network Location Awareness
            Running    Network Store Interface Service
            Running    Plug and Play
            Running    Power
            Running    Print Spooler
            Running    Program Compatibility Assistant Service
            Running    Realtek Audio Service
            Running    Remote Access Connection Manager
            Running    Remote Procedure Call (RPC)
            Running    RPC Endpoint Mapper
            Running    Secure Socket Tunneling Protocol Service
            Running    Security Accounts Manager
            Running    Security Center
            Running    Server
            Running    Shell Hardware Detection
            Running    SSDP Discovery
            Running    Superfetch
            Running    SynTPEnh Caller Service
            Running    System Event Notification Service
            Running    System Events Broker
            Running    Task Scheduler
            Running    Telephony
            Running    Themes
            Running    Time Broker
            Running    User Profile Service
            Running    Windows Audio
            Running    Windows Audio Endpoint Builder
            Running    Windows Connection Manager
            Running    Windows Event Log
            Running    Windows Firewall
            Running    Windows Font Cache Service
            Running    Windows Management Instrumentation
            Running    Windows Presentation Foundation Font Cache 3.0.0.0
            Running    Windows Search
            Running    WinHTTP Web Proxy Auto-Discovery Service
            Running    WLAN AutoConfig
            Running    Workstation
            Stopped    ActiveX Installer (AxInstSV)
            Stopped    App Readiness
            Stopped    Application Experience
            Stopped    Application Identity
            Stopped    Application Layer Gateway Service
            Stopped    AppX Deployment Service (AppXSVC)
            Stopped    ASP.NET State Service
            Stopped    BitLocker Drive Encryption Service
            Stopped    Block Level Backup Engine Service
            Stopped    Bluetooth Handsfree Service
            Stopped    Bluetooth Support Service
            Stopped    Certificate Propagation
            Stopped    CNG Key Isolation
            Stopped    COM+ System Application
            Stopped    Computer Browser
            Stopped    Credential Manager
            Stopped    Device Association Service
            Stopped    Device Install Service
            Stopped    Device Setup Manager
            Stopped    Diagnostic System Host
            Stopped    Distributed Transaction Coordinator
            Stopped    Encrypting File System (EFS)
            Stopped    Extensible Authentication Protocol
            Stopped    Family Safety
            Stopped    Fax
            Stopped    File History Service
            Stopped    Function Discovery Provider Host
            Stopped    Function Discovery Resource Publication
            Stopped    Google Update Service (gupdate)
            Stopped    Google Update Service (gupdatem)
            Stopped    Group Policy Client
            Stopped    Health Key and Certificate Management
            Stopped    HomeGroup Listener
            Stopped    HomeGroup Provider
            Stopped    HP Software Framework Service
            Stopped    Human Interface Device Service
            Stopped    Hyper-V Data Exchange Service
            Stopped    Hyper-V Guest Service Interface
            Stopped    Hyper-V Guest Shutdown Service
            Stopped    Hyper-V Heartbeat Service
            Stopped    Hyper-V Remote Desktop Virtualization Service
            Stopped    Hyper-V Time Synchronization Service
            Stopped    Hyper-V Volume Shadow Copy Requestor
            Stopped    Intel Capability Licensing Service TCP IP Interface
            Stopped    Intel Content Protection HECI Service
            Stopped    Intel Integrated Clock Controller Service - Intel ICCS
            Stopped    Intel Update Manager
            Stopped    Interactive Services Detection
            Stopped    Internet Connection Sharing (ICS)
            Stopped    Internet Explorer ETW Collector Service
            Stopped    IPsec Policy Agent
            Stopped    KtmRm for Distributed Transaction Coordinator
            Stopped    Link-Layer Topology Discovery Mapper
            Stopped    Microsoft Account Sign-in Assistant
            Stopped    Microsoft iSCSI Initiator Service
            Stopped    Microsoft Software Shadow Copy Provider
            Stopped    Microsoft Storage Spaces SMP
            Stopped    Mozilla Maintenance Service
            Stopped    Net.Tcp Port Sharing Service
            Stopped    Netlogon
            Stopped    Network Access Protection Agent
            Stopped    Network Connected Devices Auto-Setup
            Stopped    Network Connections
            Stopped    Network Connectivity Assistant
            Stopped    Optimise drives
            Stopped    Peer Name Resolution Protocol
            Stopped    Peer Networking Grouping
            Start pending    Peer Networking Identity Manager
            Stopped    Performance Counter DLL Host
            Stopped    Performance Logs & Alerts
            Stopped    PNRP Machine Name Publication Service
            Stopped    Portable Device Enumerator Service
            Stopped    Printer Extensions and Notifications
            Stopped    Problem Reports and Solutions Control Panel Support
            Stopped    Quality Windows Audio Video Experience
            Stopped    Remote Access Auto Connection Manager
            Stopped    Remote Desktop Configuration
            Stopped    Remote Desktop Services
            Stopped    Remote Desktop Services UserMode Port Redirector
            Stopped    Remote Procedure Call (RPC) Locator
            Stopped    Remote Registry
            Stopped    Routing and Remote Access
            Stopped    Secondary Log-on
            Stopped    Sensor Monitoring Service
            Stopped    Smart Card
            Stopped    Smart Card Device Enumeration Service
            Stopped    Smart Card Removal Policy
            Stopped    SNMP Trap
            Stopped    Software Protection
            Stopped    Spot Verifier
            Stopped    Still Image Acquisition Events
            Stopped    Storage Service
            Stopped    TCP/IP NetBIOS Helper
            Stopped    Thread Ordering Server
            Stopped    Touch Keyboard and Handwriting Panel Service
            Stopped    UPnP Device Host
            Stopped    Virtual Disk
            Stopped    Volume Shadow Copy
            Stopped    W3C Logging Service
            Stopped    WebClient
            Stopped    Windows Biometric Service
            Stopped    Windows Colour System
            Stopped    Windows Connect Now - Config Registrar
            Stopped    Windows Defender Network Inspection Service
            Stopped    Windows Defender Service
            Stopped    Windows Driver Foundation - User-mode Driver Framework
            Stopped    Windows Encryption Provider Host Service
            Stopped    Windows Error Reporting Service
            Stopped    Windows Event Collector
            Stopped    Windows Image Acquisition (WIA)
            Stopped    Windows Installer
            Stopped    Windows Location Framework Service
            Stopped    Windows Media Player Network Sharing Service
            Stopped    Windows Modules Installer
            Stopped    Windows Process Activation Service
            Stopped    Windows Remote Management (WS-Management)
            Stopped    Windows Store Service (WSService)
            Stopped    Windows Time
            Stopped    Windows Update
            Stopped    Wired AutoConfig
            Stopped    WMI Performance Adapter
            Stopped    Work Folders
            Stopped    WWAN AutoConfig

      
The a list of running processes, also from speccy
 
Process List
                AERTSr64.exe
                    Process ID    1592
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
                    Memory Usage    2.26 MB
                    Peak Memory Usage    2.37 MB
                audiodg.exe
                    Process ID    4376
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Memory Usage    13 MB
                    Peak Memory Usage    18 MB
                AvastSvc.exe
                    Process ID    1232
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
                    Memory Usage    41 MB
                    Peak Memory Usage    148 MB
                AvastUI.exe
                    Process ID    3340
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Program Files\AVAST Software\Avast\AvastUI.exe
                    Memory Usage    23 MB
                    Peak Memory Usage    24 MB
                BTDevMgr.exe
                    Process ID    1636
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
                    Memory Usage    5.53 MB
                    Peak Memory Usage    5.85 MB
                conhost.exe
                    Process ID    1268
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\conhost.exe
                    Memory Usage    2.44 MB
                    Peak Memory Usage    2.61 MB
                csrss.exe
                    Process ID    548
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Memory Usage    3.87 MB
                    Peak Memory Usage    3.88 MB
                csrss.exe
                    Process ID    604
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Memory Usage    30 MB
                    Peak Memory Usage    37 MB
                dllhost.exe
                    Process ID    2876
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\DllHost.exe
                    Memory Usage    3.75 MB
                    Peak Memory Usage    3.75 MB
                dllhost.exe
                    Process ID    2840
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\DllHost.exe
                    Memory Usage    4.38 MB
                    Peak Memory Usage    4.38 MB
                dwm.exe
                    Process ID    76
                    User    DWM-1
                    Domain    Window Manager
                    Path    C:\Windows\system32\dwm.exe
                    Memory Usage    20 MB
                    Peak Memory Usage    28 MB
                explorer.exe
                    Process ID    3028
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Windows\Explorer.EXE
                    Memory Usage    100 MB
                    Peak Memory Usage    112 MB
                firefox.exe
                    Process ID    1888
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                    Memory Usage    294 MB
                    Peak Memory Usage    371 MB
                HPSA_Service.exe
                    Process ID    3040
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
                    Memory Usage    47 MB
                    Peak Memory Usage    49 MB
                HPWMISVC.exe
                    Process ID    1664
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
                    Memory Usage    3.96 MB
                    Peak Memory Usage    4.04 MB
                IAStorDataMgrSvc.exe
                    Process ID    3264
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Intel\Intel Rapid Storage Technology\IAStorDataMgrSvc.exe
                    Memory Usage    47 MB
                    Peak Memory Usage    48 MB
                igfxCUIService.exe
                    Process ID    408
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\igfxCUIService.exe
                    Memory Usage    5.96 MB
                    Peak Memory Usage    6.01 MB
                igfxEM.exe
                    Process ID    2284
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Windows\system32\igfxEM.exe
                    Memory Usage    8.41 MB
                    Peak Memory Usage    8.41 MB
                igfxHK.exe
                    Process ID    2260
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Windows\system32\igfxHK.exe
                    Memory Usage    6.41 MB
                    Peak Memory Usage    6.41 MB
                IntelMeFWService.exe
                    Process ID    3552
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Intel\Intel Management Engine Components\FWService\IntelMeFWService.exe
                    Memory Usage    3.59 MB
                    Peak Memory Usage    3.64 MB
                jhi_service.exe
                    Process ID    3812
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Intel\Intel Management Engine Components\DAL\jhi_service.exe
                    Memory Usage    4.22 MB
                    Peak Memory Usage    4.27 MB
                LMS.exe
                    Process ID    3184
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Intel\Intel Management Engine Components\LMS\LMS.exe
                    Memory Usage    9.23 MB
                    Peak Memory Usage    10 MB
                lsass.exe
                    Process ID    704
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\lsass.exe
                    Memory Usage    9.43 MB
                    Peak Memory Usage    9.43 MB
                PresentationFontCache.exe
                    Process ID    2888
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                    Memory Usage    23 MB
                    Peak Memory Usage    23 MB
                RAVBg64.exe
                    Process ID    3176
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
                    Memory Usage    9.67 MB
                    Peak Memory Usage    10 MB
                RAVBg64.exe
                    Process ID    1068
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
                    Memory Usage    10 MB
                    Peak Memory Usage    10 MB
                RtkAudioService64.exe
                    Process ID    1052
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
                    Memory Usage    5.38 MB
                    Peak Memory Usage    5.47 MB
                RtkNGUI64.exe
                    Process ID    3112
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
                    Memory Usage    9.01 MB
                    Peak Memory Usage    9.04 MB
                SearchIndexer.exe
                    Process ID    884
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\SearchIndexer.exe
                    Memory Usage    17 MB
                    Peak Memory Usage    17 MB
                services.exe
                    Process ID    696
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Memory Usage    6.00 MB
                    Peak Memory Usage    6.03 MB
                smss.exe
                    Process ID    356
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Memory Usage    1.02 MB
                    Peak Memory Usage    1.06 MB
                Speccy64.exe
                    Process ID    2032
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Program Files\Speccy\Speccy64.exe
                    Memory Usage    20 MB
                    Peak Memory Usage    20 MB
                spoolsv.exe
                    Process ID    1444
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\spoolsv.exe
                    Memory Usage    13 MB
                    Peak Memory Usage    15 MB
                svchost.exe
                    Process ID    1608
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\svchost.exe
                    Memory Usage    7.35 MB
                    Peak Memory Usage    7.50 MB
                svchost.exe
                    Process ID    1472
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\svchost.exe
                    Memory Usage    18 MB
                    Peak Memory Usage    55 MB
                svchost.exe
                    Process ID    1856
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\svchost.exe
                    Memory Usage    5.45 MB
                    Peak Memory Usage    5.51 MB
                svchost.exe
                    Process ID    1108
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\svchost.exe
                    Memory Usage    17 MB
                    Peak Memory Usage    31 MB
                svchost.exe
                    Process ID    756
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    74 MB
                    Peak Memory Usage    90 MB
                svchost.exe
                    Process ID    944
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\svchost.exe
                    Memory Usage    46 MB
                    Peak Memory Usage    168 MB
                svchost.exe
                    Process ID    916
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    21 MB
                    Peak Memory Usage    23 MB
                svchost.exe
                    Process ID    288
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\svchost.exe
                    Memory Usage    13 MB
                    Peak Memory Usage    14 MB
                svchost.exe
                    Process ID    816
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\svchost.exe
                    Memory Usage    6.54 MB
                    Peak Memory Usage    6.75 MB
                svchost.exe
                    Process ID    780
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\svchost.exe
                    Memory Usage    10 MB
                    Peak Memory Usage    10 MB
                svchost.exe
                    Process ID    952
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    5.54 MB
                    Peak Memory Usage    5.57 MB
                SynTPEnh.exe
                    Process ID    2916
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    Memory Usage    14 MB
                    Peak Memory Usage    14 MB
                SynTPEnhService.exe
                    Process ID    1732
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
                    Memory Usage    2.94 MB
                    Peak Memory Usage    2.97 MB
                SynTPHelper.exe
                    Process ID    2268
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
                    Memory Usage    3.10 MB
                    Peak Memory Usage    3.11 MB
                System
                    Process ID    4
                    Memory Usage    2.19 MB
                    Peak Memory Usage    6.78 MB
                System Idle Process
                    Process ID    0
                taskhostex.exe
                    Process ID    2884
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Windows\system32\taskhostex.exe
                    Memory Usage    9.60 MB
                    Peak Memory Usage    9.65 MB
                unsecapp.exe
                    Process ID    3636
                    User    (my user name)
                    Domain    (my name)
                    Path    C:\Windows\system32\wbem\unsecapp.exe
                    Memory Usage    5.39 MB
                    Peak Memory Usage    5.48 MB
                wininit.exe
                    Process ID    612
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\wininit.exe
                    Memory Usage    3.44 MB
                    Peak Memory Usage    3.64 MB
                winlogon.exe
                    Process ID    640
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\winlogon.exe
                    Memory Usage    6.47 MB
                    Peak Memory Usage    13 MB
                wlanext.exe
                    Process ID    1252
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\WLANExt.exe
                    Memory Usage    4.24 MB
                    Peak Memory Usage    4.36 MB
                WmiPrvSE.exe
                    Process ID    3648
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\wbem\wmiprvse.exe
                    Memory Usage    20 MB
                    Peak Memory Usage    27 MB
                WmiPrvSE.exe
                    Process ID    3280
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\system32\wbem\wmiprvse.exe
                    Memory Usage    5.40 MB
                    Peak Memory Usage    5.40 MB

 
 
Thank You


Edited by rp88, 02 April 2015 - 04:15 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 rp88

rp88
  • Topic Starter

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:01 PM

Posted 07 April 2015 - 10:23 AM

Please can I have some advice on this anyone? Thank You.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 07 April 2015 - 10:50 AM

Personally rp, I see nothing wrong with that setup. You've been given a lot of advice, tips and tricks in your first thread so I guess pretty much everything was covered there.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 rp88

rp88
  • Topic Starter

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:01 PM

Posted 07 April 2015 - 10:58 AM

Aura, Any chance you could look over the logs and see if anything stands out, or have you already done so? These logs will contain more detail than I put into my typed posts on the thread about uninstalling bundleware. Thank You.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 07 April 2015 - 02:03 PM

I would update your Network/Ethernet Controller drivers since there seems to be an issue with them. Also, did you disable your Windows Updates?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 rp88

rp88
  • Topic Starter

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:01 PM

Posted 07 April 2015 - 02:35 PM

How would I go about updating ethernet/network drivers, Is this likely to be an important issue or is it a matter of "Because I'm online via ethernet right now it's all fine"? There is a HP program on here which does some stuff with instaling and searching for drivers and driver updates but the only thing it found was a single driver update for the BIOS/UEFI (which I thought it wiser to just leave as is and not apply that update, especially as I want to run a live linux distribution on this as well as the installed windows 8.1 OS).


I didn't disable windows update, I put them on "check automatically but ask me before downloading or installing". That is the setting I like them to be on, I assume my logs reflect ths setting?

Nothing you can see as wrong in the context of un-necessary processes runing in the background?

Thank You for checking over my logs.

Edited by rp88, 07 April 2015 - 02:35 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:01 PM

Posted 07 April 2015 - 06:05 PM

You may want to review these topics...
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 07 April 2015 - 07:22 PM

To update your drivers, simply go on your laptop drivers webpage, select your OS, the type of drivers you want to download, then download and install them. Simple as that. Your drivers webpage is below:

http://support.hp.com/us-en/product/HP-15-Notebook-PC-series/7486447/model/7698729/drivers/

If you need help finding out which Ethernet and Network Controllers you have, let me know.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:08:01 AM

Posted 07 April 2015 - 07:28 PM

The irony in all this, while your looking at increasing your security, IS by posting such detailed hardware and system logs to a public forum, IS a security risk in itself.

Detailed hardware and system logs, as you have posted, and as many other members have, are a security risk and should be either PM, or restricted from general public viewing.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 07 April 2015 - 07:31 PM

If that's the case Crazy Cat, no one could get assistance in the "Am I Infected?" or even the malware removal section. These logs are just fine, no problem with them being posted online except for the computer name which is pretty much useless.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:08:01 AM

Posted 07 April 2015 - 08:00 PM

If that's the case Crazy Cat, no one could get assistance in the "Am I Infected?" or even the malware removal section. These logs are just fine, no problem with them being posted online except for the computer name which is pretty much useless.

I disagree completely with your statement, and somewhat reckless.

For starters, the Physical Address are posted.

Physical Address. . . . . . . . . : 2C-33-7A-8C-45-9F
Physical Address. . . . . . . . . : D0-BF-9C-1C-BE-25

I can go on-and-on, but it will turn into a hacking tutorial.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#12 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:04:01 PM

Posted 07 April 2015 - 08:28 PM

If that's the case Crazy Cat, no one could get assistance in the "Am I Infected?" or even the malware removal section. These logs are just fine, no problem with them being posted online except for the computer name which is pretty much useless.

I disagree completely with your statement, and somewhat reckless.

For starters, the Physical Address are posted.

Physical Address. . . . . . . . . : 2C-33-7A-8C-45-9F
Physical Address. . . . . . . . . : D0-BF-9C-1C-BE-25

I can go on-and-on, but it will turn into a hacking tutorial.


No information posted by the OP could result in any system compromise. Tools hosted on BleepingComputer do not allow remote access to computers and their logs can only be used to enumerate basic things like installed software and hardware configurations, which isn't harmful at all.

The MAC addresses you posted are simply unique identifiers embedded by the manufacturer of his network card. They do not facilitate anything but obtaining whoever made that piece of hardware.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#13 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:01 PM

Posted 07 April 2015 - 09:31 PM

@Crazy Cat If you have an issue with the logs and tools used here at Bleeping Computer. I suggest you send a PM to Grinler to address the issue you seem to feel strongly about. Tools and their output approved for use by Bleeping Computer do not reveal personally identifying information or put the user at risk. Discussing or debating the issue with members trying to help others will not resolve the situation.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:08:01 AM

Posted 08 April 2015 - 12:19 AM

(1) No information posted by the OP could result in any system compromise. Tools hosted on BleepingComputer do not allow remote access to computers and their logs can only be used to enumerate basic things like installed software and hardware configurations, which isn't harmful at all.

(2) The MAC addresses you posted are simply unique identifiers embedded by the manufacturer of his network card. They do not facilitate anything but obtaining whoever made that piece of hardware.

(1) I disagree, but like I said, " I won't turn this into a hacking tutorial", nor did I say that the tools hosted on BleepingComputer allow remote access. This is out of context.

(2) Create a static ARP entry linking its MAC address to the IP address you want to give it. e.g.: arp -s 192.168.1.100 00-02-20-a0-b4-cd

ARP, Address Resolution Protocol, is used to create the dynamic correspondence between the MAC address and the IP address. If you know the MAC address and need the IP address, you send an Ethernet broadcast called a "Who has". The system with the needed IP address will then answer with an "Is at". https://www.sans.edu/research/security-laboratory/article/mgt-mac-addressing

It is possible for some people to spoof MAC addresses and make another device impersonate a known device on a network... https://www.police.qld.gov.au/programs/cscp/ecrime/wireless.htm

@Crazy Cat If you have an issue with the logs and tools used here at Bleeping Computer. I suggest you send a PM to Grinler to address the issue you seem to feel strongly about. Tools and their output approved for use by Bleeping Computer do not reveal personally identifying information or put the user at risk. Discussing or debating the issue with members trying to help others will not resolve the situation.

Actually I won't bother, since it's the members prerogative to post the logs in the general public forum or not.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#15 rp88

rp88
  • Topic Starter

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:01 PM

Posted 08 April 2015 - 07:45 AM

Thanks for your advice everyone.

Edited by rp88, 08 April 2015 - 07:45 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users