[beerman]

Hello GTG!

This computer has been running poorly for the past few days. Very sluggish. After several attempts to figure out what was going on I ran a MBAM scan since it was already installed on this computer. It reported and cleaned what it called Trojan.Fakealert in two places. Not sure if this is sufficient as it still seems a bit slow.

Anyway, here are the OTL logs, as well as the MBAM log from the prior run. Hope you can help.

OTL logfile created on: 7/25/2013 2:52:37 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\bcrothers\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 467.30 Mb Available Physical Memory | 45.68% Memory free
1.65 Gb Paging File | 1.32 Gb Available in Paging File | 79.60% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 58.23 Gb Free Space | 78.21% Space Free | Partition Type: NTFS
Drive F: | 255.99 Gb Total Space | 94.41 Gb Free Space | 36.88% Space Free | Partition Type: NTFS
Drive H: | 255.99 Gb Total Space | 94.41 Gb Free Space | 36.88% Space Free | Partition Type: NTFS
Drive P: | 255.99 Gb Total Space | 156.07 Gb Free Space | 60.97% Space Free | Partition Type: NTFS
Drive Y: | 255.99 Gb Total Space | 156.07 Gb Free Space | 60.97% Space Free | Partition Type: NTFS

Computer Name: DC1X6851 | User Name: bcrothers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/12 20:07:22 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/04/26 12:15:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bcrothers\Desktop\OTL.exe
PRC - [2011/03/19 21:29:02 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/03/19 21:29:02 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 21:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/19 21:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/03/19 21:29:02 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 21:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 21:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/07/25 14:53:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/07/22 11:06:05 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130725.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/07/22 11:06:05 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130725.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/04/16 01:25:30 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/13 22:08:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/11 16:44:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/19 21:29:02 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/19 21:29:02 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/19 21:29:02 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/19 21:28:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/03/19 21:28:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011/03/19 21:28:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011/03/19 21:28:58 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 71 82 09 3C D4 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Google Docs = C:\Documents and Settings\bcrothers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\bcrothers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\bcrothers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\bcrothers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\bcrothers\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2003/07/16 12:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1281716085055 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1281985881078 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE75ED0-8CDA-4100-9153-2A38EB45747F}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\bcrothers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bcrothers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/13 11:53:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/25 14:53:44 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/25 14:53:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/07/25 14:13:17 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 10:20:28 | 000,011,062 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/07/24 20:12:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 11:05:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/22 10:52:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/12 20:19:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/29 09:44:29 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\bcrothers\Desktop\TRUCK WASH COUPONS
[2013/06/26 14:45:13 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/15 22:54:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/07 13:00:49 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\bcrothers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 10:03:52 | 000,011,062 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.25.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bcrothers :: DC1X6851 [administrator]

7/25/2013 2:14:51 PM
mbam-log-2013-07-25 (14-14-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315419
Time elapsed: 23 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\bcrothers\Templates\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\bcrothers\Local Settings\Temp\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

No Extras log?

Ah well, thanks in advance.

[Advertisements]

Feel free to post the logs as you get them rather than waiting until you have them all.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


o to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

If you have done a defrag lately do so now:

http://support.microsoft.com/kb/314848

Do not use the PC while it is defragging.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron

[RKinner]

Feel free to post the logs as you get them rather than waiting until you have them all.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


o to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

If you have done a defrag lately do so now:

http://support.microsoft.com/kb/314848

Do not use the PC while it is defragging.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron

[beerman]

Ron:

Thanks for your help. ESET did not find anything so there is no log.

Here are a two others:

Summary
		Operating System
			Windows XP Professional 32-bit SP3
		CPU
			Intel Pentium 4
			Northwood 0.13um Technology
		RAM
			1.00GB Dual-Channel DDR @ 159MHz (2.5-3-3-7)
		Motherboard
			Dell Computer Corp. 0Y1057 (Microprocessor)
		Graphics
			DELL 1702FP (1280x1024@60Hz)
			64MB NVIDIA GeForce4 MX 440 with AGP8X (NVIDIA)
		Hard Drives
			75GB Maxtor 6Y080L0 (ATA)	39 °C
		Optical Drives
			HL-DT-ST RW/DVD GCC-4481B
		Audio
			SoundMAX Integrated Digital Audio
Operating System
	Windows XP Professional 32-bit SP3
	Computer type: Mini Tower
	Installation Date: 8/13/2010 11:58:44 AM
	Serial Number: 
		Windows Security Center
			Firewall	Disabled
		Windows Update
			AutoUpdate	Download Automatically and Install at Set Scheduled time
			Schedule Frequency	Every Day
			Schedule Time	3:00 AM
		Antivirus
			Antivirus	Enabled
			Company Name	Symantec Corporation
			Display Name	Symantec Endpoint Protection
			Product Version	11.0.6005.562
			Virus Signature Database	Up to date
		Internet Explorer
			Version	8.0.6001.18702
		Environment Variables
			USERPROFILE	C:\Documents and Settings\bcrothers
			SystemRoot	C:\WINDOWS
				User Variables
					TEMP	C:\Documents and Settings\bcrothers\Local Settings\Temp
					TMP	C:\Documents and Settings\bcrothers\Local Settings\Temp
				Machine Variables
					ComSpec	C:\WINDOWS\system32\cmd.exe
					Path	C:\WINDOWS\system32
					C:\WINDOWS
					C:\WINDOWS\System32\Wbem
					windir	C:\WINDOWS
					OS	Windows_NT
					PROCESSOR_ARCHITECTURE	x86
					PROCESSOR_LEVEL	15
					PROCESSOR_IDENTIFIER	x86 Family 15 Model 2 Stepping 9, GenuineIntel
					PROCESSOR_REVISION	0209
					NUMBER_OF_PROCESSORS	1
					PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
					TEMP	C:\WINDOWS\TEMP
					TMP	C:\WINDOWS\TEMP
					FP_NO_HOST_CHECK	NO
		Power Profile
			Active power scheme	Home/Office Desk
			Hibernation	Disabled
			Turn Off Monitor after: (On AC Power)	20 min
			Turn Off Hard Disk after: (On AC Power)	Never
			Suspend after: (On AC Power)	Never
			Screen saver	Enabled
		Uptime
				Current Session
					Current Time	7/26/2013 10:59:00 AM
					Current Uptime	346,048 sec (4 d, 00 h, 07 m, 28 s)
					Last Boot Time	7/22/2013 10:51:32 AM
		TimeZone
			TimeZone	GMT -5:00 Hours
			Language	English (United States)
			Location	United States
			Format	English (United States)
			Currency	$
			Date Format	M/d/yyyy
			Time Format	h:mm:ss tt
		Process List
				ccApp.exe
					Process ID	3008
					User	bcrothers
					Domain	DAYTON
					Path	C:\Program Files\Common Files\Symantec Shared\ccApp.exe
					Memory Usage	356 KB
					Peak Memory Usage	8.94 MB
				ccSvcHst.exe
					Process ID	1388
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
					Memory Usage	2.75 MB
					Peak Memory Usage	14 MB
				chrome.exe
					Process ID	2348
					User	bcrothers
					Domain	DAYTON
					Path	C:\Program Files\Google\Chrome\Application\chrome.exe
					Memory Usage	7.12 MB
					Peak Memory Usage	70 MB
				chrome.exe
					Process ID	2720
					User	bcrothers
					Domain	DAYTON
					Path	C:\Program Files\Google\Chrome\Application\chrome.exe
					Memory Usage	48 MB
					Peak Memory Usage	72 MB
				chrome.exe
					Process ID	316
					User	bcrothers
					Domain	DAYTON
					Path	C:\Program Files\Google\Chrome\Application\chrome.exe
					Memory Usage	21 MB
					Peak Memory Usage	33 MB
				csrss.exe
					Process ID	640
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	\??\C:\WINDOWS\system32\csrss.exe
					Memory Usage	2.41 MB
					Peak Memory Usage	4.72 MB
				ctfmon.exe
					Process ID	3016
					User	bcrothers
					Domain	DAYTON
					Path	C:\WINDOWS\system32\ctfmon.exe
					Memory Usage	1.63 MB
					Peak Memory Usage	3.55 MB
				explorer.exe
					Process ID	2228
					User	bcrothers
					Domain	DAYTON
					Path	C:\WINDOWS\Explorer.EXE
					Memory Usage	11 MB
					Peak Memory Usage	32 MB
				GoogleCrashHandler.exe
					Process ID	388
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
					Memory Usage	464 KB
					Peak Memory Usage	2.50 MB
				lsass.exe
					Process ID	720
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\WINDOWS\system32\lsass.exe
					Memory Usage	3.72 MB
					Peak Memory Usage	7.09 MB
				msmsgs.exe
					Process ID	3064
					User	bcrothers
					Domain	DAYTON
					Path	C:\Program Files\Messenger\msmsgs.exe
					Memory Usage	1.15 MB
					Peak Memory Usage	5.46 MB
				nvsvc32.exe
					Process ID	260
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\WINDOWS\System32\nvsvc32.exe
					Memory Usage	248 KB
					Peak Memory Usage	3.38 MB
				Rtvscan.exe
					Process ID	336
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
					Memory Usage	4.03 MB
					Peak Memory Usage	111 MB
				services.exe
					Process ID	708
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\WINDOWS\system32\services.exe
					Memory Usage	1.92 MB
					Peak Memory Usage	7.70 MB
				Smc.exe
					Process ID	1172
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
					Memory Usage	5.77 MB
					Peak Memory Usage	22 MB
				SmcGui.exe
					Process ID	2244
					User	bcrothers
					Domain	DAYTON
					Path	C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
					Memory Usage	5.32 MB
					Peak Memory Usage	16 MB
				smss.exe
					Process ID	592
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	\SystemRoot\System32\smss.exe
					Memory Usage	48 KB
					Peak Memory Usage	508 KB
				Speccy.exe
					Process ID	2960
					User	bcrothers
					Domain	DAYTON
					Path	C:\Program Files\Speccy\Speccy.exe
					Memory Usage	19 MB
					Peak Memory Usage	31 MB
				spoolsv.exe
					Process ID	1700
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\WINDOWS\system32\spoolsv.exe
					Memory Usage	1.66 MB
					Peak Memory Usage	6.27 MB
				svchost.exe
					Process ID	892
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\WINDOWS\system32\svchost.exe
					Memory Usage	1.80 MB
					Peak Memory Usage	5.20 MB
				svchost.exe
					Process ID	964
					Path	C:\WINDOWS\system32\svchost.exe
					Memory Usage	1.63 MB
					Peak Memory Usage	4.35 MB
				svchost.exe
					Process ID	1060
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\WINDOWS\System32\svchost.exe
					Memory Usage	13 MB
					Peak Memory Usage	26 MB
				svchost.exe
					Process ID	1204
					Path	C:\WINDOWS\System32\svchost.exe
					Memory Usage	1.89 MB
					Peak Memory Usage	3.60 MB
				svchost.exe
					Process ID	1224
					Path	C:\WINDOWS\System32\svchost.exe
					Memory Usage	1.38 MB
					Peak Memory Usage	7.15 MB
				svchost.exe
					Process ID	1844
					Path	C:\WINDOWS\System32\svchost.exe
					Memory Usage	164 KB
					Peak Memory Usage	5.39 MB
				svchost.exe
					Process ID	324
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\WINDOWS\System32\svchost.exe
					Memory Usage	124 KB
					Peak Memory Usage	5.04 MB
				System
					Process ID	4
					Memory Usage	36 KB
					Peak Memory Usage	3.41 MB
				System Idle Process
					Process ID	0
				winlogon.exe
					Process ID	664
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	\??\C:\WINDOWS\system32\winlogon.exe
					Memory Usage	5.37 MB
					Peak Memory Usage	15 MB
				wmiprvse.exe
					Process ID	1600
					Path	C:\WINDOWS\system32\wbem\wmiprvse.exe
					Memory Usage	8.61 MB
					Peak Memory Usage	8.61 MB
				wmiprvse.exe
					Process ID	2152
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\WINDOWS\system32\wbem\wmiprvse.exe
					Memory Usage	4.93 MB
					Peak Memory Usage	4.93 MB
		Scheduler
			7/26/2013 11:12 AM;Every 1 hour(s) from 8:12 PM for 24 hour(s) every day, starting 7/12/2013	GoogleUpdateTaskMachineUA
			7/26/2013 8:12 PM;Run at user logon	GoogleUpdateTaskMachineCore
		Hotfixes
		System Folders
			Path for burning CD	C:\Documents and Settings\bcrothers\Local Settings\Application Data\Microsoft\CD Burning
			Application Data	C:\Documents and Settings\All Users\Application Data
			Public Desktop	C:\Documents and Settings\All Users\Desktop
			Documents	C:\Documents and Settings\All Users\Documents
			Global Favorites	C:\Documents and Settings\All Users\Favorites
			Music	C:\Documents and Settings\All Users\Documents\My Music
			Pictures	C:\Documents and Settings\All Users\Documents\My Pictures
			Start Menu Programs	C:\Documents and Settings\All Users\Start Menu\Programs
			Start Menu	C:\Documents and Settings\All Users\Start Menu
			Startup	C:\Documents and Settings\All Users\Start Menu\Programs\Startup
			Templates	C:\Documents and Settings\All Users\Templates
			Videos	C:\Documents and Settings\All Users\Documents\My Videos
			Cookies	C:\Documents and Settings\bcrothers\Cookies
			Desktop	C:\Documents and Settings\bcrothers\Desktop
			Physical Desktop	C:\Documents and Settings\bcrothers\Desktop
			User Favorites	C:\Documents and Settings\bcrothers\Favorites
			Fonts	C:\WINDOWS\Fonts
			Internet History	C:\Documents and Settings\bcrothers\Local Settings\History
			Temporary Internet Files	C:\Documents and Settings\bcrothers\Local Settings\Temporary Internet Files
			Local Application Data	C:\Documents and Settings\bcrothers\Local Settings\Application Data
			Windows Directory	C:\WINDOWS
			Windows/System	C:\WINDOWS\system32
			Program Files	C:\Program Files
		Services
			Running	COM+ Event System
			Running	Computer Browser
			Running	Cryptographic Services
			Running	DCOM Server Process Launcher
			Running	DHCP Client
			Running	Distributed Link Tracking Client
			Running	DNS Client
			Running	Error Reporting Service
			Running	Event Log
			Running	Help and Support
			Running	IPSEC Services
			Running	Logical Disk Manager
			Running	Net Logon
			Running	Network Connections
			Running	Network Location Awareness (NLA)
			Running	NVIDIA Driver Helper Service
			Running	Plug and Play
			Running	Print Spooler
			Running	Protected Storage
			Running	Remote Access Connection Manager
			Running	Remote Procedure Call (RPC)
			Running	Remote Registry
			Running	Secondary Logon
			Running	Security Accounts Manager
			Running	Server
			Running	Shell Hardware Detection
			Running	SSDP Discovery Service
			Running	Symantec Endpoint Protection
			Running	Symantec Event Manager
			Running	Symantec Management Client
			Running	Symantec Settings Manager
			Running	System Event Notification
			Running	System Restore Service
			Running	Task Scheduler
			Running	TCP/IP NetBIOS Helper
			Running	Telephony
			Running	Terminal Services
			Running	Themes
			Running	Universal Plug and Play Device Host
			Running	WebClient
			Running	Windows Audio
			Running	Windows Image Acquisition (WIA)
			Running	Windows Management Instrumentation
			Running	Windows Time
			Running	Wireless Zero Configuration
			Running	Workstation
			Stopped	Alerter
			Stopped	Application Layer Gateway Service
			Stopped	Application Management
			Stopped	Background Intelligent Transfer Service
			Stopped	ClipBook
			Stopped	COM+ System Application
			Stopped	Distributed Transaction Coordinator
			Stopped	Extensible Authentication Protocol Service
			Stopped	Fast User Switching Compatibility
			Stopped	Google Update Service (gupdate)
			Stopped	Google Update Service (gupdatem)
			Stopped	Health Key and Certificate Management Service
			Stopped	HTTP SSL
			Stopped	Human Interface Device Access
			Stopped	IMAPI CD-Burning COM Service
			Stopped	Indexing Service
			Stopped	LiveUpdate
			Stopped	Logical Disk Manager Administrative Service
			Stopped	Messenger
			Stopped	MS Software Shadow Copy Provider
			Stopped	NetMeeting Remote Desktop Sharing
			Stopped	Network Access Protection Agent
			Stopped	Network DDE
			Stopped	Network DDE DSDM
			Stopped	Network Provisioning Service
			Stopped	NT LM Security Support Provider
			Stopped	Office Source Engine
			Stopped	Performance Logs and Alerts
			Stopped	Portable Media Serial Number Service
			Stopped	QoS RSVP
			Stopped	Remote Access Auto Connection Manager
			Stopped	Remote Desktop Help Session Manager
			Stopped	Remote Procedure Call (RPC) Locator
			Stopped	Removable Storage
			Stopped	Routing and Remote Access
			Stopped	Security Center
			Stopped	Smart Card
			Stopped	Symantec Network Access Control
			Stopped	Telnet
			Stopped	Uninterruptible Power Supply
			Stopped	Volume Shadow Copy
			Stopped	Windows Driver Foundation - User-mode Driver Framework
			Stopped	Windows Firewall/Internet Connection Sharing (ICS)
			Stopped	Windows Installer
			Stopped	Windows Management Instrumentation Driver Extensions
			Stopped	Windows Media Player Network Sharing Service
			Stopped	Wired AutoConfig
			Stopped	WMI Performance Adapter
		Security Options
			Accounts: Administrator account status	Enabled
			Accounts: Guest account status	Disabled
			Accounts: Limit local account use of blank passwords to console logon only	Enabled
			Accounts: Rename administrator account	Administrator
			Accounts: Rename guest account	Guest
			Audit: Audit the access of global system objects	Disabled
			Audit: Audit the use of Backup and Restore privilege	Disabled
			Audit: Shut down system immediately if unable to log security audits	Disabled
			DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax	Not defined
			DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax	Not defined
			Devices: Allow undock without having to log on	Enabled
			Devices: Allowed to format and eject removable media	Administrators
			Devices: Prevent users from installing printer drivers	Disabled
			Devices: Restrict CD-ROM access to locally logged-on user only	Disabled
			Devices: Restrict floppy access to locally logged-on user only	Disabled
			Devices: Unsigned driver installation behavior	Warn but allow installation
			Domain controller: Allow server operators to schedule tasks	Not defined
			Domain controller: LDAP server signing requirements	Not defined
			Domain controller: Refuse machine account password changes	Not defined
			Domain member: Digitally encrypt or sign secure channel data (always)	Enabled
			Domain member: Digitally encrypt secure channel data (when possible)	Enabled
			Domain member: Digitally sign secure channel data (when possible)	Enabled
			Domain member: Disable machine account password changes	Disabled
			Domain member: Maximum machine account password age	30 days
			Domain member: Require strong (Windows 2000 or later) session key	Disabled
			Interactive logon: Display user information when the session is locked	Not defined
			Interactive logon: Do not display last user name	Disabled
			Interactive logon: Do not require CTRL+ALT+DEL	Not defined
			Interactive logon: Message text for users attempting to log on
			Interactive logon: Message title for users attempting to log on
			Interactive logon: Number of previous logons to cache (in case domain controller is not available)	10 logons
			Interactive logon: Prompt user to change password before expiration	14 days
			Interactive logon: Require Domain Controller authentication to unlock workstation	Disabled
			Interactive logon: Require smart card	Not defined
			Interactive logon: Smart card removal behavior	No Action
			Microsoft network client: Digitally sign communications (always)	Disabled
			Microsoft network client: Digitally sign communications (if server agrees)	Enabled
			Microsoft network client: Send unencrypted password to third-party SMB servers	Disabled
			Microsoft network server: Amount of idle time required before suspending session	15 minutes
			Microsoft network server: Digitally sign communications (always)	Disabled
			Microsoft network server: Digitally sign communications (if client agrees)	Disabled
			Microsoft network server: Disconnect clients when logon hours expire	Enabled
			Network access: Allow anonymous SID/Name translation	Disabled
			Network access: Do not allow anonymous enumeration of SAM accounts	Enabled
			Network access: Do not allow anonymous enumeration of SAM accounts and shares	Disabled
			Network access: Do not allow storage of credentials or .NET Passports for network authentication	Disabled
			Network access: Let Everyone permissions apply to anonymous users	Disabled
			Network access: Named Pipes that can be accessed anonymously	COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,browser
			Network access: Remotely accessible registry paths	System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
			Network access: Shares that can be accessed anonymously	COMCFG,DFS$
			Network access: Sharing and security model for local accounts	Guest only - local users authenticate as Guest
			Network security: Do not store LAN Manager hash value on next password change	Disabled
			Network security: Force logoff when logon hours expire	Disabled
			Network security: LAN Manager authentication level	Send LM & NTLM responses
			Network security: LDAP client signing requirements	Negotiate signing
			Network security: Minimum session security for NTLM SSP based (including secure RPC) clients	No minimum
			Network security: Minimum session security for NTLM SSP based (including secure RPC) servers	No minimum
			Recovery console: Allow automatic administrative logon	Disabled
			Recovery console: Allow floppy copy and access to all drives and all folders	Disabled
			Shutdown: Allow system to be shut down without having to log on	Enabled
			Shutdown: Clear virtual memory pagefile	Disabled
			System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing	Disabled
			System objects: Default owner for objects created by members of the Administrators group	Object creator
			System objects: Require case insensitivity for non-Windows subsystems	Enabled
			System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)	Enabled
		Device Tree
				ACPI Uniprocessor PC
						Microsoft ACPI-Compliant System
							ACPI Power Button
							Intel Pentium 4 CPU 3.00GHz
							System board
							ACPI Fixed Feature Button
								PCI bus
									Intel 82865G\PE\P Processor to I/O Controller - 2570
									Intel 82801EB Ultra ATA Storage Controllers
									Intel 82801EB SMBus Controller - 24D3
									SoundMAX Integrated Digital Audio
										Intel(R) 82865G\PE\P Processor to AGP Controller - 2571
												NVIDIA GeForce4 MX 440 with AGP8X
													Plug and Play Monitor
										Intel(R) 82801EB USB Universal Host Controller - 24D2
												USB Root Hub
														USB Human Interface Device
															HID-compliant mouse
										Intel(R) 82801EB USB Universal Host Controller - 24D4
											USB Root Hub
										Intel(R) 82801EB USB Universal Host Controller - 24D7
											USB Root Hub
										Intel(R) 82801EB USB Universal Host Controller - 24DE
												USB Root Hub
														USB Human Interface Device
															HID Keyboard Device
										Standard Enhanced PCI to USB Host Controller
											USB Root Hub
										Intel(R) 82801EB PCI Bridge - 244E
											Intel PRO/1000 MT Network Connection
										Intel(R) 82801EB LPC Interface Controller - 24D0
											ISAPNP Read Data Port
											Direct memory access controller
											Numeric data processor
											Programmable interrupt controller
											System speaker
											System CMOS/real time clock
											System timer
											Communications Port (COM1)
											System board
												Standard floppy disk controller
													Floppy disk drive
												ECP Printer Port (LPT1)
													Printer Port Logical Interface
										Intel(R) 82801EB Ultra ATA Storage Controllers
												Primary IDE Channel
													Maxtor 6Y080L0
												Secondary IDE Channel
													HL-DT-ST RW/DVD GCC-4481B
CPU
		Intel Pentium 4
			Cores	1
			Threads	1
			Name	Intel Pentium 4
			Code Name	Northwood
			Package	Socket 478 mPGA
			Technology	0.13um
			Specification	Intel Pentium 4 CPU 3.00GHz
			Family	F
			Extended Family	F
			Model	2
			Extended Model	2
			Stepping	9
			Revision	D1
			Instructions	MMX, SSE, SSE2
			Virtualization	Not supported
			Hyperthreading	Not supported
			Bus Speed	199.5 MHz
			Rated Bus Speed	798.0 MHz
			Stock Core Speed	3000 MHz
			Stock Bus Speed	200 MHz
				Caches
					L1 Data Cache Size	8 KBytes
					L1 trace cache	12 Kµops
					L2 Unified Cache Size	512 KBytes
				Core 0
					Core Speed	2992.5 MHz
					Multiplier	x 15.0
					Bus Speed	199.5 MHz
					Rated Bus Speed	798.0 MHz
						Thread 1
							APIC ID	0
RAM
		Memory slots
			Total memory slots	4
			Used memory slots	2
			Free memory slots	2
		Memory
			Type	DDR
			Size	1024 MBytes
			Channels #	Dual
			DRAM Frequency	159.6 MHz
			CAS# Latency (CL)	2.5 clocks
			RAS# to CAS# Delay (tRCD)	3 clocks
			RAS# Precharge (tRP)	3 clocks
			Cycle Time (tRAS)	7 clocks
		Physical Memory
			Memory Usage	45 %
			Total Physical	MB
			Available Physical	558 MB
			Total Virtual	1.65 GB
			Available Virtual	1.30 GB
		SPD
			Number Of SPD Modules	2
				Slot #1
					Type	DDR
					Size	512 MBytes
					Manufacturer	Crucial Technology
					Max Bandwidth	PC2700 (166 MHz)
					Part Number	LIFETIMEMEMORY.COM
					Week/year	17 / 10
					SPD Ext.	EPP
						JEDEC #2
							Frequency	166.7 MHz
							CAS# Latency	2.5
							RAS# To CAS#	4
							RAS# Precharge	4
							tRAS	8
							Voltage	2.500 V
						JEDEC #1
							Frequency	133.3 MHz
							CAS# Latency	2.0
							RAS# To CAS#	3
							RAS# Precharge	3
							tRAS	6
							Voltage	2.500 V
				Slot #2
					Type	DDR
					Size	512 MBytes
					Manufacturer	Crucial Technology
					Max Bandwidth	PC2700 (166 MHz)
					Part Number	LIFETIMEMEMORY.COM
					Week/year	17 / 10
					SPD Ext.	EPP
						JEDEC #2
							Frequency	166.7 MHz
							CAS# Latency	2.5
							RAS# To CAS#	4
							RAS# Precharge	4
							tRAS	8
							Voltage	2.500 V
						JEDEC #1
							Frequency	133.3 MHz
							CAS# Latency	2.0
							RAS# To CAS#	3
							RAS# Precharge	3
							tRAS	6
							Voltage	2.500 V
Motherboard
	Manufacturer	Dell Computer Corp.
	Model	0Y1057 (Microprocessor)
	Chipset Vendor	Intel
	Chipset Model	i865P/PE/G/i848P
	Chipset Revision	A2
	Southbridge Vendor	Intel
	Southbridge Model	82801EB (ICH5)
	Southbridge Revision	02
		BIOS
			Brand	Dell Computer Corporation
			Version	A04
			Date	5/17/2004
		PCI Data
				Slot PCI
					Slot Type	PCI
					Slot Usage	Available
					Bus Width	32 bit
					Slot Designation	PCI1
					Slot Number	0
				Slot PCI
					Slot Type	PCI
					Slot Usage	Available
					Bus Width	32 bit
					Slot Designation	PCI2
					Slot Number	1
				Slot PCI
					Slot Type	PCI
					Slot Usage	Available
					Bus Width	32 bit
					Slot Designation	PCI3
					Slot Number	2
				Slot PCI
					Slot Type	PCI
					Slot Usage	Available
					Bus Width	32 bit
					Slot Designation	PCI4
					Slot Number	3
				Slot Unknown
					Slot Type	Unknown
					Slot Usage	In Use
					Bus Width	32 bit
					Slot Designation	AGP1
					Slot Number	4
Graphics
		Monitor
			Name	DELL 1702FP on NVIDIA GeForce4 MX 440 with AGP8X
			Current Resolution	1280x1024 pixels
			Work Resolution	1280x994 pixels
			State	Enabled, Primary
			Monitor Width	1280
			Monitor Height	1024
			Monitor BPP	32 bits per pixel
			Monitor Frequency	60 Hz
			Device	\\.\DISPLAY1\Monitor0
		NVIDIA GeForce4 MX 440 with AGP8X
			Manufacturer	NVIDIA
			Model	GeForce4 MX 440 with AGP8X
			GPU	NV18
			Device ID	10DE-0181
			Revision	C2
			Subvendor	NVIDIA (10DE)
			Current Performance Level	Level 0
			Technology	150 nm
			Transistors	29 M
			Release Date	Oct 2002
			DirectX Support	7.0
			OpenGL Support	1.2
			GPU Clock	275 MHz
			Memory Clock	400 MHz
			Driver version	4.5.0.3
			BIOS Version	4.18.20.21.B8
			ROPs	2
			Shaders	Vertex 2/Pixel 20
			Memory Type	DDR
			Memory	64 MB
			Bus Width	128 Bit
			Pixel Fillrate	0.5 GPixels/s
			Texture Fillrate	1.1 GTexels/s
			Bandwidth	12.8 GB/s
				Count of performance levels : 1
					Level 1
Hard Drives
		Maxtor 6Y080L0
			Manufacturer	Maxtor
			Heads	16
			Cylinders	16,383
			Device type	Fixed
			ATA Standard	ATA/ATAPI-7
			Serial Number	Y23615SE
			LBA Size	28bit LBA
			Power On Count	431 times
			Power On Time	1569.1 days
			Features	S.M.A.R.T., APM, AAM
			Transfer Mode	Ultra DMA/133
			Interface	ATA
			Capacity	75 GB
			Real size	80,000,000,000 bytes
			RAID Type	None
				S.M.A.R.T
					Status	Good
					Temperature	39 °C
					Temperature Range	OK (less than 50 °C)
					03 Spin-Up Time	224 (224) Data 0000002349
					04 Start/Stop Count	253 (253) Data 00000001A9
					05 Reallocated Sectors Count	253 (253) Data 0000000000
					06 Read Channel Margin	253 (253) Data 0000000000
					07 Seek Error Rate	253 (252) Data 0000000000
					08 Seek Time Performance	245 (236) Data 000000A221
					09 Power-On Hours (POH)	050 (050) Data 000000931B
					0A Spin Retry Count	253 (252) Data 0000000000
					0B Recalibration Retries	253 (252) Data 0000000000
					0C Device Power Cycle Count	252 (252) Data 00000001AF
					C0 Power-off Retract Count	253 (253) Data 0000000000
					C1 Load/Unload Cycle Count	253 (253) Data 0000000000
					C2 Temperature	253 (253) Data 0000000026
					C3 Hardware ECC Recovered	253 (252) Data 0000000320
					C4 Reallocation Event Count	253 (253) Data 0000000000
					C5 Current Pending Sector Count	253 (253) Data 0000000000
					C6 Uncorrectable Sector Count	253 (253) Data 0000000000
					C7 UltraDMA CRC Error Count	199 (199) Data 0000000000
					C8 Write Error Rate / Multi-Zone Error Rate	253 (252) Data 0000000000
					C9 Soft Read Error Rate	253 (249) Data 0000000038
					CA Data Address Mark errors	253 (252) Data 0000000000
					CB Run Out Cancel	253 (252) Data 0000000000
					CC Soft ECC Correction	253 (252) Data 0000000000
					CD Thermal Asperity Rate (TAR)	253 (252) Data 0000000000
					CF Spin High Current	253 (252) Data 0000000000
					D0 Spin Buzz	253 (252) Data 0000000000
					D1 Offline Seek Performance	190 (190) Data 0000000000
					63 Average Flying Height control	253 (253) Data 0000000000
					64 Erase/Program Cycles	253 (253) Data 0000000000
					65 Maximum Flying Height control	253 (253) Data 0000000000
				Partition 0
					Partition ID	Disk #0, Partition #0
					Size	39.1 MB
				Partition 1
					Partition ID	Disk #0, Partition #1
					Disk Letter	C:
					File System	NTFS
					Volume Serial Number	B079F510
					Size	74 GB
					Used Space	15.5 GB (21%)
					Free Space	59 GB (79%)
Optical Drives
		HL-DT-ST RW/DVD GCC-4481B
			Media Type	DVD Reader
			Name	HL-DT-ST RW/DVD GCC-4481B
			Availability	Running/Full Power
			Capabilities	Random Access, Supports Removable Media
			Read capabilities	CD-R, CD-RW, CD-ROM, DVD-ROM, DVD-R, DVD+R, DVD+RW
			Write capabilities	CD-R, CD-RW
			Config Manager Error Code	Device is working properly
			Config Manager User Config	FALSE
			Drive	D:
			Media Loaded	FALSE
			SCSI Bus	0
			SCSI Logical Unit	0
			SCSI Port	1
			SCSI Target Id	0
			Status	OK
Audio
		Sound Card
			SoundMAX Integrated Digital Audio
		Playback Device
			SoundMAX Digital Audio
		Recording Device
			SoundMAX Digital Audio
		Speaker Configuration
		Speaker Configuration
			Speaker type	Stereo
Peripherals
		HID Keyboard Device
			Device Kind	Keyboard
			Device Name	HID Keyboard Device
			Vendor	Unknown
			Location	Location 0
				Driver
					Date	7-1-2001
					Version	5.1.2600.5512
					File	C:\WINDOWS\system32\DRIVERS\kbdhid.sys
					File	C:\WINDOWS\system32\DRIVERS\kbdclass.sys
		HID-compliant mouse
			Device Kind	Mouse
			Device Name	HID-compliant mouse
			Vendor	Unknown
			Location	Location 0
				Driver
					Date	7-1-2001
					Version	5.1.2600.0
					File	C:\WINDOWS\system32\DRIVERS\mouclass.sys
					File	C:\WINDOWS\system32\DRIVERS\mouhid.sys
		Printers
				Gestetner DSm735/735G PCL 5e (Default Printer)
					Printer Port	IP_10.0.0.206
					Print Processor	WinPrint
					Availability	Always
					Priority	1
					Duplex	None
					Print Quality	600 * 600 dpi Color
					Status	Unknown
						Driver
							Driver Name	Gestetner DSm735/735G PCL 5e (v1.00)
							Driver Path	C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\GES542K.DLL
				Microsoft Office Document Image Writer
					Printer Port	Microsoft Document Imaging Writer Port:
					Print Processor	ModiPrint
					Availability	Always
					Priority	1
					Duplex	None
					Print Quality	200 * 200 dpi Monochrome
					Status	Unknown
						Driver
							Driver Name	Microsoft Office Document Image Writer Driver (v4.00)
							Driver Path	C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll
Network
	You are connected to the internet
	Connected through	Intel PRO/1000 MT Network Connection - Packet Scheduler Miniport
	IP Address	10.0.0.56
	Subnet mask	255.255.255.0
	Gateway server	10.0.0.1
	Preferred DNS server	10.0.0.1
	DHCP	Enabled
	DHCP server	10.0.0.5
	External IP Address	74.83.166.146
	Adapter Type	Ethernet
	NetBIOS over TCP/IP	Enabled via DHCP
	NETBIOS Node Type	Broadcast node
	Link Speed	0 Bps
		Computer Name
			NetBIOS Name	DC1X6851
			DNS Name	dc1x6851.Dayton.Local
			Membership	Part of domain
			Domain Name	Dayton.Local
		Remote Desktop
			Disabled
				Console
					State	Active
					Domain	DAYTON
		WinInet Info
			LAN Connection
			Local system uses a local area network to connect to the Internet
			Local system has RAS to connect to the Internet
		Wi-Fi Info
			Wi-Fi not enabled
		WinHTTPInfo
			WinHTTPSessionProxyType	No proxy
			Session Proxy
			Session Proxy Bypass
			Connect Retries	5
			Connect Timeout (ms)	60,000
			HTTP Version	HTTP 1.1
			Max Connects Per 1.0 Servers	INFINITE
			Max Connects Per Servers	INFINITE
			Max HTTP automatic redirects	10
			Max HTTP status continue	10
			Send Timeout (ms)	30,000
			IEProxy Auto Detect	No
			IEProxy Auto Config
			IEProxy
			IEProxy Bypass
			Default Proxy Config Access Type	No proxy
			Default Config Proxy
			Default Config Proxy Bypass
		Sharing and Discovery
			File and printer sharing service	Enabled
			Simple File Sharing	Enabled
			Administrative Shares	Enabled
			Network access: Sharing and security model for local accounts	Guest only - local users authenticate as Guest
		Adapters List
				Intel(R) PRO/1000 MT Network Connection - Packet Scheduler Miniport
					IP Address	10.0.0.56
					Subnet mask	255.255.255.0
					Gateway server	10.0.0.1
					MAC Address	00-0D-56-A5-68-1F
		Network Shares
			No network shares
		Current TCP Connections
				C:\Program Files\Common Files\Symantec Shared\ccApp.exe (3008)
					Local 127.0.0.1:1115	LISTEN
				C:\Program Files\Google\Chrome\Application\chrome.exe (2348)
					Local 10.0.0.56:2415	ESTABLISHED Remote 74.125.228.58:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2417	ESTABLISHED Remote 74.125.228.58:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2478	ESTABLISHED Remote 74.125.228.59:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2534	ESTABLISHED Remote 173.194.74.118:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2536	ESTABLISHED Remote 74.125.228.58:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2563	ESTABLISHED Remote 74.125.228.122:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2564	ESTABLISHED Remote 74.125.228.122:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2579	ESTABLISHED Remote 74.125.228.122:443 (Querying... ) (HTTPS)
					Local 10.0.0.56:2582	ESTABLISHED Remote 216.68.248.212:443 (Querying... ) (HTTPS)
					Local 10.0.0.56:2377	FIN-WAIT-1 Remote 216.68.10.106:443 (Querying... ) (HTTPS)
				C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (1172)
					Local 10.0.0.56:2546	ESTABLISHED Remote 10.0.0.5:8014 (Querying... )
				System Process
					Local 10.0.0.56:2448	TIME-WAIT Remote 216.68.10.162:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2549	TIME-WAIT Remote 10.0.0.5:389 (Querying... )
					Local 10.0.0.56:2571	TIME-WAIT Remote 216.68.248.212:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2572	TIME-WAIT Remote 216.68.248.212:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2573	TIME-WAIT Remote 216.68.248.212:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2574	TIME-WAIT Remote 216.68.248.212:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2575	TIME-WAIT Remote 216.68.248.227:80 (Querying... ) (HTTP)
					Local 10.0.0.56:2576	TIME-WAIT Remote 216.68.248.227:80 (Querying... ) (HTTP)
				System Process
					Local 0.0.0.0:445 (Windows shares)	LISTEN
					Local 10.0.0.56:139 (NetBIOS session service)	LISTEN
					Local 10.0.0.56:1705	ESTABLISHED Remote 10.0.0.5:445 (Querying... ) (Windows shares)
				svchost.exe (964)
					Local 0.0.0.0:135 (DCE)	LISTEN
Generated with Speccy v1.22.536

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 98.44 0 K 16 K 0
procexp.exe 1.56 28,888 K 32,420 K 3344 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
wmiprvse.exe 2,280 K 4,912 K 2820 WMI Microsoft Corporation (Verified) Microsoft Windows Component Publisher
winlogon.exe 7,308 K 8,136 K 664 Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
System 0 K 36 K 4
svchost.exe 3,284 K 2,712 K 892 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 14,380 K 14,672 K 1060 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,928 K 1,720 K 964 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,380 K 2,308 K 1204 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 3,364 K 1,424 K 1224 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,152 K 680 K 1844 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,432 K 2,148 K 324 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
spoolsv.exe 3,416 K 2,644 K 1700 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 168 K 120 K 592 Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
SmcGui.exe 7,240 K 4,916 K 2244 Symantec CMC SmcGui Symantec Corporation (Verified) Symantec Corporation
Smc.exe 12,248 K 6,052 K 1172 Symantec CMC Smc Symantec Corporation (Verified) Symantec Corporation
services.exe 4,120 K 3,256 K 708 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
Rtvscan.exe 17,704 K 3,484 K 336 Symantec AntiVirus Symantec Corporation (Verified) Symantec Corporation
nvsvc32.exe 568 K 752 K 260 NVIDIA Driver Helper Service, Version 45.03 NVIDIA Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
msmsgs.exe 1,376 K 2,000 K 3064 Windows Messenger Microsoft Corporation (Verified) Microsoft Windows Component Publisher
lsass.exe 4,384 K 2,040 K 720 LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
GoogleCrashHandler.exe 1,848 K 944 K 388 Google Crash Handler Google Inc. (Verified) Google Inc
explorer.exe 23,492 K 18,052 K 2228 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ctfmon.exe 972 K 2,128 K 3016 CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 1,704 K 2,396 K 640 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
chrome.exe 42,468 K 35,744 K 2348 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 43,344 K 49,388 K 2720 Google Chrome Google Inc. (Verified) Google Inc
ccSvcHst.exe 10,460 K 2,848 K 1388 Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
ccApp.exe 4,740 K 392 K 3008 Symantec User Session Symantec Corporation (Verified) Symantec Corporation



Hope this helps. Others on the way.

David

[beerman]

[beerman]

Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/07/2013 1:26:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[beerman]

Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/07/2013 1:28:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/07/2013 12:11:19 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user DAYTON\bcrothers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

[RKinner]

How is it running now? Any better?

[beerman]

Yes it is. Not sure what it was the helped. Scan disk did find some minor errors. Did you see anything?

Thanks.

[beerman]

Oddly, the only thing going on now is that Microsoft auto update is off and cannot be turned on. Also, can't go to Microsoft Update web page to update either. This was not happening before.

David

[RKinner]

None of the logs showed any real problems. Expect it was the defrag that really helped. Defrag is something that is automatically done periodically by Vista and Win 7 but needs to be done manually for XP. If you had a high percentage of fragmentation that can really slow it down. I'd say you should check it at least once a month to see if it needs it.

[RKinner]

For your update issue: Go to http://support.microsoft.com/kb/971058 click on the + in front of Vista and XP under Diagnose by using the automated troubleshooter Run the Fixit. See if that helps.