Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

**INFECTED** Win32:Hrupka-D and...


  • This topic is locked This topic is locked

#31
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Gosh. I really feel as if I should apologize on the behalf of my computer lol. Ctrl F11 is completely non-functional upon start up. Also, while it hasn't gotten too bad yet, it seems as if my internet connectivity issue may be resurfacing. There has been one instance of a "time out," today. Earlier this week there were a few instances of "time outs," within a specific time frame that I did not report, but it then went away again.

RKreport[1]:


RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Scan -- Date : 09/22/2012 03:27:54

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : -> KILLED [TermProc]
[SUSP PATH] clclean.0001 -- C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001 -> KILLED [TermThr]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2100BH +++++
--- User ---
[MBR] e30b0f35ac4666070cc27eb41b4e2c53
[BSP] 2d5ea5c1668257081f48005b83a8d871 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 88655 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 181663020 | Size: 5247 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

Advertisements


#32
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Gosh. I really feel as if I should apologize on the behalf of my computer lol

No need I assure you but understand what you mean. ;)

Ctrl F11 is completely non-functional upon start up.

OK, the actual partition appears to be still present:-

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

Though I am wondering what this one is exactly:-

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 181663020 | Size: 5247 Mo

Possibly malicious and may have been created by malware for example. Either way we will investigate this and may shed some further light on why the actual Recovery Partition cannot no longer be invoked etc.

Also, while it hasn't gotten too bad yet, it seems as if my internet connectivity issue may be resurfacing. There has been one instance of a "time out," today. Earlier this week there were a few instances of "time outs," within a specific time frame that I did not report, but it then went away again.

Acknowledged.

Custom Batch File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Posted Image
Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Note: You will temporally loose your internet connection and your machine should automatically reboot. If it does not reboot your machine manually.

Scan with Listparts:

Please download and save Listparts to your desktop.

  • Double-click on ListParts.exe to launch the application.
  • Click on/select List BCD >> now click on the Scan button.
  • When the scan is complete, it will have created a notepad file on the desktop called Result.txt
  • Close Listparts and post the contents of the aforementioned notepad fine in your next reply.
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. In your case just use FireFox...

You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#33
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
List Parts:

ListParts by Farbar Version: 17-09-2012
Ran by Chris (administrator) on 23-09-2012 at 00:43:12
Windows XP (X86)
Running From: C:\Documents and Settings\Chris\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 60%
Total physical RAM: 1022.37 MB
Available physical RAM: 402.1 MB
Total Pagefile: 2459.46 MB
Available Pagefile: 1927.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 2010.46 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:86.58 GB) (Free:73.8 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 92 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 87 GB 47 MB
Partition 3 Unknown 5248 MB 87 GB
======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 87 GB Healthy System (partition with boot components)
======================================================================================================

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

****** End Of Log ******
  • 0

#34
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ESET:

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2ee5769dc218064b9359421efd7d87f9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-23 05:34:24
# local_time=2012-09-23 01:34:24 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52348
# found=6
# cleaned=0
# scan_time=2246
C:\TDSSKiller_Quarantine\18.09.2012_19.29.12\tdlfs0000\tsk0003.dta Win32/Olmarik.ADZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\18.09.2012_19.29.12\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\18.09.2012_19.29.12\tdlfs0000\tsk0006.dta Win64/Olmarik.R trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\18.09.2012_19.29.12\tdlfs0000\tsk0007.dta Win64/Olmarik.R trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\18.09.2012_19.29.12\tdlfs0000\tsk0008.dta Win64/Olmarik.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\18.09.2012_19.29.12\tdlfs0000\tsk0009.dta probably a variant of Win32/Olmarik.AUW trojan (unable to clean) 00000000000000000000000000000000 I
  • 0

#35
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Please check for me if this software is still installed/present in Add/Remove:-

Dell System Restore
  • 0

#36
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
it is installed.
  • 0

#37
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

it is installed.

Good...after researching all the recent logs provided I am leaning towards a component of the Recovery Partition is corrupted/damaged possibly.

Either way for now I have decided we will address this last of all. Mainly because I am going to have to research further what exactly to advise, as in the correct/most prudent course of action.

For interest sake this provides a lot of pertinent information:-

Inside the Dell PC Restore Partition

For now I propose we update what is required since it appears for all and intents purposes your machine at present is malware free according to the results of the Eset online scan.

The below will in all likely-hood take some time and can be quite tedious but well worth it in the long run.

Carry out each of the below in the exact order they are in please...

Update Internet Explorer:

Download and install the new browser from here.

Note: Even if you decide not to use IE, having out of date software installed is deemed a security risk.

Upgrade to Service Pack 3:

Download can be found here

Please read this Microsft article before actually installing the aforementioned service pack.

Visit Windows Update:

Click on Start >> >> All Programs >> Windows Updates

Install all Critical Updates, and any specific Hardware/Software related for your machine.

Check for Dell Updates:

Go to this page Dell Drivers & Downloads and check if any appropriate updates for your machine.

If there is, download and install etc...

Next:

Let myself know when all of the above is completed and provide myself with a update about how your machine is performing now. Then we will go from there, thank you.
  • 0

#38
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok. i followed the direction up until the dell updates. which I am very confused about.

I entered my dell "service number," and downloaded all updates which appeared listed. I then proceeded to "continue with install." The first update on the list "MM061A17.exe" would not "flash BIOS" because it thinks my battery and AC adapters are not both plugged in. Hence, the entire update query failed to properly initialize, and install. I guess my battery isn't doing so well?

As a means to resolve I attempted to manually install the updates from the file folder directory from which they were downloaded to. The first two updates were in compressed folders. So I placed each into their own folder, extracted, and ran each .exe. Of the first two updates that i tried to install each one would generate some kind of error message. As a generic example, along the lines of "device not detected," or, "wrong device." These updates were apparently for the CDROM drive. I did, however, successfully install 1 update which downloaded as a non-compressed .exe. It does not appear to actually be a system update when ran; rather an application which allows the user options such as creating a new partition on the hard drive/creating a boot-able image, and some other options. Of course in this instance I took absolutely no action other then closing the app.

Lastly in regard to Dell updates; I extracted an additional dell update that downloaded as a compressed folder. The extraction created two folders. One folder was named "Dos," and the other named, "Windows." The "Dos" folder had two .exe applications in it. Neither of these did I try running. There was an .exe with a cute icon in the "windows" folder, and I did attempt to run this. It generated and error similar to those listed in the aforementioned citation in the previous paragraph. This update appeared to be again for the CDROM drive.

Internet explorer updated to version 8. I don't know if this is sufficient. I saw that a version 10 is seemingly available, however, have not located a link or process to upgrade from a version later then 8.

Given what I have been able to do up to this point the symptoms are still relenting. Shortly after updating windows my internet invoked it's randomized fail procedure (the time out thing.) As a means to absolve I reinstalled Firefox. However, unlike the last time I used this strategy this did not immediately rectify the problem; the problem has since subsided. Although, it may be important to note that both browsers (when not timing out/unable to connect) were randomly displaying pages in HTML, and in such state generated unresponsive links on any website.

I surely could use guidance regarding the dell updates if it is at all possible, and not to much to ask. What advice, search query, or instructions for installing the dell updates properly could you recommend?
  • 0

#39
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

ok. i followed the direction up until the dell updates. which I am very confused about.

Good and my apologies about the latter, the confusion etc. I should have explained more fully what to to do...If you had any of the various Dell CD-ROM's I mentioned prior I would have probably not mentioned about the Dell Update site.

I entered my dell "service number," and downloaded all updates which appeared listed. I then proceeded to "continue with install." The first update on the list "MM061A17.exe" would not "flash BIOS" because it thinks my battery and AC adapters are not both plugged in. Hence, the entire update query failed to properly initialize, and install. I guess my battery isn't doing so well?

Possibly though I would not be overly concerned about that particular update and just leave well alone.

Internet explorer updated to version 8. I don't know if this is sufficient. I saw that a version 10 is seemingly available, however, have not located a link or process to upgrade from a version later then 8.

Internet Explorer 8 is the latest supported version for XP. Versions 9 is only for Vista and W7. Finally version 10 is still in the beta stage far as I am aware.

Given what I have been able to do up to this point the symptoms are still relenting. Shortly after updating windows my internet invoked it's randomized fail procedure (the time out thing.) As a means to absolve I reinstalled Firefox. However, unlike the last time I used this strategy this did not immediately rectify the problem; the problem has since subsided. Although, it may be important to note that both browsers (when not timing out/unable to connect) were randomly displaying pages in HTML, and in such state generated unresponsive links on any website.

Not sure if this is malware related and may just be your ISP for example.

It appears your machines TCPIP stack is using this:-

209.18.47.61

Which relates to the Road Runner ISP.

But when posting it appears this is being used:-

184-57-192-194

Though that is a Road Runner ISP also.

So are you at times using a different machine to post? If so please explain exactly how you are connecting this machine we have been working on as this may just shed some further light on the overall situation.

I surely could use guidance regarding the dell updates if it is at all possible, and not to much to ask. What advice, search query, or instructions for installing the dell updates properly could you recommend?

Usually when visited and once the service tag either manually imputed and or use the auto detection feature the list will come up.

Only download and install those flagged as Recommended or Urgent that are in turn the newest applicable for you machine as there may be one than update for the same piece of hardware/software etc.

So try that again and let myself know the outcome...do not worry if some do not seem to work and or fail, just make a note of which exactly. The main thing is we have managed to install/upgrade the Operating System security side of things.

Also please provide the answer to my ISP/how you machine connects to the internet excatly query.
  • 0

#40
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I am posting from just one connection. My software is intel PROSet/wireless IP: 192.168.0.15

Netgear Wireless Cable Modem.

I downloaded all recommend and urgent updates. I tried to install all of them, but had issues with some. I included in this post all reports of successful installs, identified the program (if able to do so,) and all failed installs.

I have to restart my computer. I will report back if any symptoms have gone away (as of now they have not.)

R157449_MediaDirect_3_Patch.exe - "Unable to install patch! Your system must have powercinema version 4.7 installed"

Ad18.zip - "The Device does not match this FW !!!"

TS-L462D_DE09.zip - downloaded as two separate folders named "Dos," and "windows." Each folder has it's own .exe; no apparent directions for install

DW-224EV_D.DB.zip - downloaded as two separate folders named "Dos," and "windows." Each folder has it's own .exe; no apparent directions for install

DS-8W1P_BD1C.zip - downloaded as two separate folders named "Dos," and "windows." Each folder has it's own .exe; no apparent directions for install

SDVD8820_AD20_Philips.zip - "The Device does not match this FW !!!"

R172217.zip - "Software Not Found. Dell EMC 901B16J could not be located on your system. Reinstall Dell EMC 901B16J and then run this patch again."

R121310.EXE - Successfully Installed ("TV Tuner Driver")

R147170.EXE - "To complete driver installation you will need to plug in the USB device or if it's already plugged in, disconnect and reconnect it again."

R147396.EXE
- "To complete driver installation you will need to plug in the USB device or if it's already plugged in, disconnect and reconnect it again."

R118783.EXE
- "To complete driver installation you will need to plug in the USB device or if it's already plugged in, disconnect and reconnect it again."

R142470.EXE
- "This update is not designed for the application version you currently have installed."

R103372.EXE - Appears to be an application. "Title: Removable Storage: SMART LF G2 128/256/512MB Memory Key Utility"

Dell%20Boot%20Utility%20-%20DRMK%2012417.zip - "This application is designed for use with small fonts. (found in your display setting - advanced). This application may encounter errors or display problems because small fonts are not in use. please change your settings to small fonts for optimal display viewing." - application/Installed Successfully

TSST_TS-L632H-SLIM-8X-DVD---_A09_R250068.exe - appears to be an application/Installed Successfully

R129472.EXE - "Bluetooth Stack for windows by toshiba - sp2" Installed Successfully

R149798.EXE - "Broadcom 440x 10/100 integrated controller" Installed Successfully

R150593.EXE - "Broadcom Management Programs" Installed Successfully

R159805.EXE
- no clue. a DOS pop up flashed for a fraction of a second, and that's all.

Dell_multi-device_A17_R174291.exe - would not install. "incompatible hardware."

Dell_Wireless-355-Bluetooth-_A01_R127314.exe - "activate bluetooth using Fn + F2 or radio on/off switch" program forced cancellation of install

R132660.EXE - program named "SetPoint" Installed Successfully

R141926.EXE - "mouse suite for laptop computers" Installed Successfully

R151799.EXE - no clue. some driver package. I guess it installed. It said the files unzipped, and then closed.

R142668.EXE - "dell mobile broadband card utility" Installed Successfully

R142984.EXE - "Title : Communications:Dell Wireless 5510 Mobile Broadband (3G HSDPA) Express card Driver" "Another version of this product is already installed. Installation of this version can not continue. To configure or remove the existing version of this product, use add/remove programs on the control panel."

R142669.EXE - "Another version of this product is already installed. Installation of this version can not continue. To configure or remove the existing version of this product, use add/remove programs on the control panel."

R114200.EXE - "Conexant HDA D110 MDC V.92 Modem upgrade" driver/installed successfully

R90851.EXE - "Digital Line Detect" "Another version of this product is already installed. Installation of this version can not continue. To configure or remove the existing version of this product, use add/remove programs on the control panel."

DELL_MULTI-DEVICE_A05_R216783.EXE - "Title : Communications:Dell Wireless 5500 Cingular Mobile Broadband 3G HSDPA MiniCard, Wireless 5510 Cingular Mobile Broadband (3G HSDPA) Express card, Wireless 5520 Cingular Mobile Broadband (3G HSDPA) MiniCard Utility" "not a dell compatible system"

R141246.EXE - "RICOH R5C8xx Media Driver" installed successfully

R127097.EXE - Sound Blaster MB Drivers. Already installed on system "installing will replace drivers" Installed successfully

R198174-1.exe - Dell Support center... for downloading updates lol.............. installed successfully (maybe they should have put this at the top of the list...) ...um. it stopped responding on set up. I "repaired" the program, but won't know until "restarting" the OS.

R217043.exe - "Dell PC Tune Up." installation successful? it's in french... apparently i need a "product key..."
  • 0

Advertisements


#41
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Why did you feel the need to send a PM(private message) about my apparent lack of response to a colleague ?

I had actually read your prior response and you did mention this:-

I have to restart my computer. I will report back if any symptoms have gone away (as of now they have not.)

So that is what I have been awaiting...

Now RE your last post, acknowledged and with regard to the specific Dell updates we have actually gone further with that way beyound the level of support I normally provide, which is specifically Anti-Malware related only...

So please do answer the above what I have quoted and in turn carry out the below also, thank you.

Boot.ini Check:

I would like to check the current state of the Boot.ini file to review if it is corrupted or not as follows:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <----Start >> Run... type in notepad and select OK
@Echo off
xcopy C:\boot.ini "%userprofile%\desktop\" /h
attrib -s -h "%userprofile%\desktop\boot.ini"
ren "%userprofile%\desktop\boot.ini" bootini.txt
Del %0
  • Go to File >> Save As
  • Save File name as "Look.bat" <-- Make sure to include the apostrophes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Posted Image
Now double click on the desktop Look.bat to run the batch file. It will self-delete when completed and produce a notepad text file named bootini on your desktop.

Scan with SINO:

Please download SINO by Artellos.

  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Click on Select All >> Run Scan!
  • Wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.
Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.
  • 0

#42
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
It has come to my attention you have requested someone else to assist you, absolutely fine by me and I will ask on your behalf...

Good luck! :)
  • 0

#43
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
(post edited only to fix the HTML)

Hi. :)

Why did you feel the need to send a PM(private message) about my apparent lack of response to a colleague ?

I had actually read your prior response and you did mention this:-


I greatly appreciate your help, and time. As you have been offering your expert knowledge, and service free of charge which is very kind, and honorable. I really do appreciate all of your help very much, and it has been invaluable.

It just seemed as if you could be busy tending to other things, and helping others, and I could never rudely ask, or demand from someone anything that has been kind enough to do as you have been doing. As you were the expert whom picked up my topic when I waited; you were there to help :cool:

It would be of no issue, however, in my particular situation, while I am very grateful for the website, and your help; if it were at all possible to resolve more quickly it would be a tremendous help. I do not doubt your competence nor ability in the least bit, and I think you are a very nice person. I simply could not ask of you to freely dedicate more of your time. You may not realize how much appreciation I really do have for your service. It's only frustrating on my behalf due to my computers condition, and if it were only possible without asking for to much.

You have helped so much already I simply could not ask from you anything more especially regarding your time.

So I thought it best to see if maybe someone could be available whom may have a little bit more free time at the moment; so as maybe the issues could be resolved a little more quickly.

If I were running the website I certainly would be glad to have you on my team. Please don't take personal, or offense, or as a discredit to yourself. It is none of the above. I just could not ask more time from someone already providing voluntary help.

Bootini

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Edited by blah12, 25 September 2012 - 02:15 PM.

  • 0

#44
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
SINOLog:

System Investigator by Olrik
Log Created On: 0323_25-09-2012
SINO Version: 3.1.0.0

Total RAM: 1022 MB | Free RAM: 351 MB | Pagefile Size: 2460 MB
C: | 68984 MB out of 88655 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: DDXXQ1B1
Username: Chris
Language Setting: ENU
Windows Directory: C:\WINDOWS
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[C:\WINDOWS\System32\smss.exe] - Process ID: 408
[csrss.exe] - Process ID: 580
[C:\WINDOWS\system32\winlogon.exe] - Process ID: 616
[C:\WINDOWS\system32\services.exe] - Process ID: 660
[C:\WINDOWS\system32\lsass.exe] - Process ID: 672
[C:\WINDOWS\system32\Ati2evxx.exe] - Process ID: 860
[C:\WINDOWS\system32\svchost.exe] - Process ID: 876
[svchost.exe] - Process ID: 944
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1036
[C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] - Process ID: 1084
[C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] - Process ID: 1112
[C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe] - Process ID: 1140
[svchost.exe] - Process ID: 1180
[svchost.exe] - Process ID: 1296
[C:\Program Files\AVAST Software\Avast\AvastSvc.exe] - Process ID: 1504
[C:\WINDOWS\system32\spoolsv.exe] - Process ID: 1636
[svchost.exe] - Process ID: 1780
[C:\WINDOWS\system32\Ati2evxx.exe] - Process ID: 1800
[C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe] - Process ID: 1924
[C:\WINDOWS\system32\CTsvcCDA.exe] - Process ID: 1964
[C:\WINDOWS\eHome\ehRecvr.exe] - Process ID: 2016
[C:\WINDOWS\Explorer.EXE] - Process ID: 136
[C:\WINDOWS\eHome\ehSched.exe] - Process ID: 164
[C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe] - Process ID: 424
[C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe] - Process ID: 448
[C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe] - Process ID: 592
[C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe] - Process ID: 676
[C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] - Process ID: 988
[C:\Program Files\Dell Support Center\bin\sprtsvc.exe] - Process ID: 1224
[svchost.exe] - Process ID: 1672
[mcrdsvc.exe] - Process ID: 2156
[wmiprvse.exe] - Process ID: 2680
[C:\WINDOWS\ehome\ehtray.exe] - Process ID: 2964
[C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe] - Process ID: 2996
[C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe] - Process ID: 3028
[C:\Program Files\Dell\QuickSet\quickset.exe] - Process ID: 3060
[C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] - Process ID: 3084
[C:\Program Files\ATI Technologies\ATI.ACE\cli.exe] - Process ID: 3100
[C:\WINDOWS\system32\Rundll32.exe] - Process ID: 3172
[C:\Program Files\Creative\VoiceCenter\AndreaVC.exe] - Process ID: 3224
[C:\WINDOWS\system32\dla\tfswctrl.exe] - Process ID: 3332
[C:\Program Files\AVAST Software\Avast\avastUI.exe] - Process ID: 3420
[C:\WINDOWS\system32\ICO.EXE] - Process ID: 3544
[C:\Program Files\Dell Support Center\bin\sprtcmd.exe] - Process ID: 3616
[C:\Program Files\NetWaiting\netWaiting.exe] - Process ID: 3864
[C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe] - Process ID: 3964
[C:\WINDOWS\system32\ctfmon.exe] - Process ID: 1520
[C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe] - Process ID: 2384
[C:\DOCUME~1\Chris\LOCALS~1\Temp\clclean.0001] - Process ID: 2412
[C:\WINDOWS\system32\dllhost.exe] - Process ID: 2604
[C:\WINDOWS\eHome\ehmsas.exe] - Process ID: 2752
[C:\Program Files\Digital Line Detect\DLG.exe] - Process ID: 3020
[C:\Program Files\SetPoint\SetPoint.exe] - Process ID: 3476
[alg.exe] - Process ID: 3792
[C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe] - Process ID: 2324
[C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe] - Process ID: 3516
[C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE] - Process ID: 3908
[C:\Program Files\ATI Technologies\ATI.ACE\cli.exe] - Process ID: 3620
[C:\WINDOWS\system32\wuauclt.exe] - Process ID: 2676
[C:\Program Files\Mozilla Firefox\firefox.exe] - Process ID: 2540
[C:\DOCUME~1\Chris\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 2740
[wmiprvse.exe] - Process ID: 3748

<<<< Startup Items >>>>

[Digital Line Detect.lnk] - <Common Startup> - C:\Program Files\Digital Line Detect\DLG.exe
[Microsoft Office.lnk] - <Common Startup> - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[SetPoint.lnk] - <Common Startup> - C:\Program Files\SetPoint\SetPoint.exe
[ehTray] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\ehome\ehtray.exe
[IntelZeroConfig] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
[IntelWireless] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
[Dell QuickSet] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Dell\QuickSet\quickset.exe
[SynTPEnh] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[ATICCC] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[MBMon] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - Rundll32 CTMBHA.DLL,MBMon
[VoiceCenter] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
[dla] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\dla\tfswctrl.exe
[BuildBU] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - c:\dell\bldbubg.exe
[avast] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
[Logitech Hardware Abstraction Layer] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - KHALMNPR.EXE
[PMX Daemon] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - ICO.EXE
[dellsupportcenter] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
[ModemOnHold] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\NetWaiting\netWaiting.exe
[SetDefaultMIDI] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - MIDIDef.exe
[Creative Detector] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
[ctfmon.exe] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\ctfmon.exe
[Akamai NetSession Interface] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe"

<<<< MS Services >>>>

Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\alg.exe
Ati HotKey Poller (Ati HotKey Poller) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\Ati2evxx.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
COM+ System Application (COMSysApp) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k NetworkService
Media Center Receiver Service (ehRecvr) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\eHome\ehRecvr.exe
Media Center Scheduler Service (ehSched) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\eHome\ehSched.exe
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service (HidServ) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Media Center Extender Service (McrdSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\ehome\mcrdsvc.exe
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time (w32time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Automatic Updates (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Computer Browser (Browser) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\clipsrv.exe
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\dmadmin.exe /com
Logical Disk Manager (dmserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Wired AutoConfig (Dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k dot3svc
Extensible Authentication Protocol Service (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k eapsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Health Key and Certificate Management Service (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\imapi.exe
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
MHN (MHN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\msdtc.exe
Windows Installer (MSIServer) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\msiexec.exe /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\locator.exe
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\rsvp.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\SCardSvr.exe
Windows Image Acquisition (WIA) (stisvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k imgsvc
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\smlogsvc.exe
Telnet (TlntSvr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\tlntsvr.exe
Universal Plug and Play Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\vssvc.exe
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation Driver Extensions (Wmi) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Wireless Zero Configuration (WZCSVC) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

avast! Antivirus (avast! Antivirus) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Creative Labs Licensing Service (Creative Labs Licensing Service) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe"
Creative Service for CDROM Access (Creative Service for CDROM Access) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\CTsvcCDA.exe
Intel® PROSet/Wireless Event Log (EvtEng) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
MBAMScheduler (MBAMScheduler) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"
MBAMService (MBAMService) - Running [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
NICCONFIGSVC (NICCONFIGSVC) - Running [Auto | Stoppable | Pausable] - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
Intel® PROSet/Wireless Registry Service (RegSrvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Intel® PROSet/Wireless Service (S24EventMonitor) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter
Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Fax (Fax) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\fxssvc.exe
Mozilla Maintenance Service (MozillaMaintenance) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
Windows User Mode Driver Framework (UMWdf) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\wdfmgr.exe

<<<< Boot.ini >>>>

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: DDXXQ1B1 | ID: 5000 | Source: NativeWrapper | Type: Error | Date: 24-9-12 18:23:12 | Log: Application
Message: <The description for Event ID ( 5000 ) in Source ( u'NativeWrapper' ) could not be found. It contains the following insertion string(s):u'visualstudio7x80update, msiexec.exe, 1.0.1701.5039, kb2656353, 1033, 643, f, install, x86, 5.1.2600.2.3.0.256, 0'.>
Computer Name: DDXXQ1B1 | ID: 1023 | Source: MsiInstaller | Type: Error | Date: 24-9-12 18:23:12 | Log: Application
Message: Product: Microsoft .NET Framework 1.1 - Update '{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log.


Computer Name: DDXXQ1B1 | ID: 11706 | Source: MsiInstaller | Type: Error | Date: 24-9-12 18:23:11 | Log: Application
Message: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.


Computer Name: DDXXQ1B1 | ID: 5000 | Source: NativeWrapper | Type: Error | Date: 24-9-12 18:22:51 | Log: Application
Message: <The description for Event ID ( 5000 ) in Source ( u'NativeWrapper' ) could not be found. It contains the following insertion string(s):u'visualstudio7x80update, msiexec.exe, 1.0.1705.5046, kb2656370, 1033, 643, f, install, x86, 5.1.2600.2.3.0.256, 0'.>
Computer Name: DDXXQ1B1 | ID: 1023 | Source: MsiInstaller | Type: Error | Date: 24-9-12 18:22:50 | Log: Application
Message: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.


<<<< Last 5 System Errors or Warnings >>>>

Computer Name: DDXXQ1B1 | ID: 20 | Source: Windows Update Agent | Type: Error | Date: 24-9-12 18:23:12 | Log: System
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).


Computer Name: DDXXQ1B1 | ID: 20 | Source: Windows Update Agent | Type: Error | Date: 24-9-12 18:22:52 | Log: System
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).


Computer Name: DDXXQ1B1 | ID: 36 | Source: W32Time | Type: Warning | Date: 24-9-12 16:37:57 | Log: System
Message: The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.


Computer Name: DDXXQ1B1 | ID: 20 | Source: Windows Update Agent | Type: Error | Date: 24-9-12 3:1:24 | Log: System
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).


Computer Name: DDXXQ1B1 | ID: 20 | Source: Windows Update Agent | Type: Error | Date: 24-9-12 3:0:50 | Log: System
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).


<<<< Special Events >>>>

There were no special events found

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : DDXXQ1B1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-15-C5-17-22-34

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-13-02-65-14-47
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
Lease Obtained. . . . . . . . . . : Tuesday, September 25, 2012 2:58:26 AM
Lease Expires . . . . . . . . . . : Tuesday, September 25, 2012 3:58:26 AM


<<<< Pinging >>>>

OpenDNS Domain Test
Pinging to www.opendns.com [67.215.92.210]:
Response - 30ms
Response - 94ms
Response - 92ms
Response - 94msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 30ms - Maximum = 94ms

OpenDNS IP Test
Pinging to 208.69.38.150 [208.69.38.150]:
Response - 125ms
Response - 77ms
Response - 141ms
Response - 156msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 77ms - Maximum = 156ms

Kaspersky Domain Test
Pinging to www.kaspersky.com [195.27.252.18]:
Response - 171ms
Response - 155ms
Response - 250ms
Response - 156msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 155ms - Maximum = 250ms

Kaspersky IP Test
Pinging to 195.27.181.10 [195.27.181.10]:
Response - 233ms
Response - 171ms
Response - 219ms
Response - 171msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 171ms - Maximum = 233ms

YouTube Domain Test
Pinging to www.youtube.com [74.125.225.135]:
Response - 46ms
Response - 16ms
Response - 30ms
Response - 31msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 16ms - Maximum = 46ms

YouTube IP Test
Pinging to 66.102.9.136 [66.102.9.136]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:
Response - 0ms
Response - 0ms
Response - 0ms
Response - 0msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 944
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
-- unknown component(s) --
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:1053 0.0.0.0:0 LISTENING 3516
[netsession_win.exe]

TCP 127.0.0.1:1029 0.0.0.0:0 LISTENING 3792
[alg.exe]

TCP 127.0.0.1:1034 0.0.0.0:0 LISTENING 3100
[cli.exe]

TCP 127.0.0.1:1066 0.0.0.0:0 LISTENING 3620
[cli.exe]

TCP 127.0.0.1:9421 0.0.0.0:0 LISTENING 3516
[netsession_win.exe]

TCP 127.0.0.1:9422 0.0.0.0:0 LISTENING 3516
[netsession_win.exe]

TCP 127.0.0.1:9423 0.0.0.0:0 LISTENING 3516
[netsession_win.exe]

TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:12465 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:12563 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 127.0.0.1:27275 0.0.0.0:0 LISTENING 1504
[AvastSvc.exe]

TCP 192.168.0.15:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1073 127.0.0.1:1074 ESTABLISHED 2540
[firefox.exe]

TCP 127.0.0.1:1074 127.0.0.1:1073 ESTABLISHED 2540
[firefox.exe]

TCP 192.168.0.15:1036 77.234.42.53:80 ESTABLISHED 1504
[AvastSvc.exe]

TCP 192.168.0.15:1049 208.46.117.187:443 ESTABLISHED 3516
[netsession_win.exe]

TCP 192.168.0.15:1233 74.125.225.4:443 ESTABLISHED 2540
[firefox.exe]

TCP 192.168.0.15:1232 78.46.105.4:80 LAST_ACK 1504
[AvastSvc.exe]

TCP 192.168.0.15:1240 184.73.185.66:80 LAST_ACK 1504
[AvastSvc.exe]

TCP 192.168.0.15:1253 107.14.34.16:80 LAST_ACK 1504
[AvastSvc.exe]

TCP 127.0.0.1:1287 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:1281 TIME_WAIT 0
TCP 192.168.0.15:1205 74.125.225.101:80 TIME_WAIT 0
TCP 192.168.0.15:1222 74.125.142.141:80 TIME_WAIT 0
TCP 192.168.0.15:1227 173.194.73.106:80 TIME_WAIT 0
TCP 192.168.0.15:1228 173.194.73.106:80 TIME_WAIT 0
TCP 192.168.0.15:1236 74.125.225.26:80 TIME_WAIT 0
TCP 192.168.0.15:1237 74.125.225.110:80 TIME_WAIT 0
TCP 192.168.0.15:1248 74.125.225.26:80 TIME_WAIT 0
TCP 192.168.0.15:1250 24.143.206.43:80 TIME_WAIT 0
TCP 192.168.0.15:1254 98.27.88.62:80 TIME_WAIT 0
TCP 192.168.0.15:1255 74.125.225.58:80 TIME_WAIT 0
TCP 192.168.0.15:1257 74.125.225.58:80 TIME_WAIT 0
TCP 192.168.0.15:1284 72.5.58.115:80 TIME_WAIT 0
TCP 192.168.0.15:1285 72.5.58.115:80 TIME_WAIT 0
TCP 192.168.0.15:1288 69.163.234.194:80 TIME_WAIT 0
TCP 192.168.0.15:1289 72.5.58.115:80 TIME_WAIT 0
UDP 0.0.0.0:4500 *:* 672
[lsass.exe]

UDP 0.0.0.0:3776 *:* 2156
[mcrdsvc.exe]

UDP 0.0.0.0:500 *:* 672
[lsass.exe]

UDP 0.0.0.0:1052 *:* 3516
[netsession_win.exe]

UDP 0.0.0.0:1055 *:* 3516
[netsession_win.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 127.0.0.1:1900 *:* 1672
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:123 *:* 1036
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:1047 *:* 3516
[netsession_win.exe]

UDP 127.0.0.1:1044 *:* 3516
[netsession_win.exe]

UDP 192.168.0.15:123 *:* 1036
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]

UDP 192.168.0.15:138 *:* 4
[System]

UDP 192.168.0.15:1900 *:* 1672
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.0.15:137 *:* 4
[System]


<<<< Routing Table >>>>

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 c5 17 22 34 ...... Broadcom 440x 10/100 Integrated Controller
0x10004 ...00 13 02 65 14 47 ...... Intel® PRO/Wireless 3945ABG Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.15 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.15 192.168.0.15 25
192.168.0.15 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.15 192.168.0.15 25
224.0.0.0 240.0.0.0 192.168.0.15 192.168.0.15 25
255.255.255.255 255.255.255.255 192.168.0.15 10003 1
255.255.255.255 255.255.255.255 192.168.0.15 192.168.0.15 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

Route Table

<<<< Hosts File >>>>

The HOSTS file is 21 Bytes in size.

There were 0 lines which refer to an external IP address.

<<<< Active Shares >>>>

Share: IPC$ - Path:
Share: ADMIN$ - Path: C:\WINDOWS
Share: C$ - Path: C:\


------ End of File ------
  • 0

#45
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I have to restart my computer. I will report back if any symptoms have gone away (as of now they have not.)


So that is what I have been awaiting...


Sorry for the poorly worded sentence. The computer is still showing symptoms.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP