Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP is crawling

Started by RickMath , Jun 27 2015 05:23 PM

  • Please log in to reply

#1
RickMath
Posted 27 June 2015 - 05:23 PM

RickMath

    Member

  • Member
  • PipPipPip
  • 177 posts

HI

 

I have an older machine with XP that I need to run some older applications.

 

It is very slow. Fire fox take forever to open if it does at all. I ran Norton Security and it scanned over a million items. The hard drive light blinks constantly.

 

Thanks for your help ;-)

 

Here are the frst files

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by Owner (administrator) on RENA on 27-06-2015 19:10:01
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
(CANON INC.) C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.5.0.124\NS.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.5.0.124\NS.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-03-18] (ATI Technologies, Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2005-04-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2005-03-18] (Hewlett-Packard)
HKLM\...\Run: [PDUiP6700DMon] => C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe [61440 2006-03-16] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1191936 2006-03-21] (CANON INC.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15] (ATI Technologies Inc.)
HKU\S-1-5-21-2841148819-1158956313-2477166573-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-2841148819-1158956313-2477166573-1003\...\Run: [HP Officejet Pro 8620 (NET)] => "C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe" -deviceID "CN538EW0R0:NW" -scfn "HP Officejet Pro 8620 (NET)" -AutoStart 1
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2841148819-1158956313-2477166573-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
HKU\S-1-5-21-2841148819-1158956313-2477166573-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2841148819-1158956313-2477166573-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-2841148819-1158956313-2477166573-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
SearchScopes: HKU\S-1-5-21-2841148819-1158956313-2477166573-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...ct=sb&qsrc=2869
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18] ()
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18] ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2841148819-1158956313-2477166573-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g4pb3yf3.default
FF Homepage: hxxp://att.my.yahoo.com/
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2009-05-01] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-03-02] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-10-14] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-03-02]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-03-02]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn [2015-06-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-27]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2008-01-30]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2008-01-30]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2008-01-30]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2008-01-30]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NS; C:\Program Files\Norton Security\Engine\22.5.0.124\NS.exe [282016 2015-06-17] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2005-04-19] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [35840 2004-10-21] (Advanced Micro Devices)
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx86.sys [1181424 2015-06-22] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NS\1605000.07C\ccSetx86.sys [128728 2015-06-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-06-16] (Symantec Corporation)
R3 IDSxpx86; C:\Program Files\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSxpx86.sys [496824 2015-06-25] (Symantec Corporation)
R3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [625537 2003-03-31] (LT)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150627.002\NAVENG.SYS [104440 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150627.002\NAVEX15.SYS [1645432 2015-05-20] (Symantec Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-14] (Realtek Semiconductor Corporation                           )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 SI3112r; C:\WINDOWS\System32\DRIVERS\SI3112r.sys [97920 2005-03-03] (Silicon Image, Inc.)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [10240 2005-03-03] (Silicon Image, Inc.)
R1 SRTSP; C:\WINDOWS\system32\drivers\NS\1605000.07C\SRTSP.SYS [702680 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NS\1605000.07C\SRTSPX.SYS [36056 2015-06-04] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NS\1605000.07C\SYMEFASI.SYS [1278168 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [94424 2015-06-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NS\1605000.07C\Ironx86.SYS [226008 2015-06-04] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\system32\drivers\NS\1605000.07C\SYMTDI.SYS [388440 2015-06-04] (Symantec Corporation)
S3 DBKDRVR54; \??\C:\temp\Cheat Engine\dbk32.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-27 19:10 - 2015-06-27 19:10 - 00012577 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2015-06-27 19:08 - 2015-06-27 19:10 - 00000000 ____D C:\FRST
2015-06-27 19:08 - 2015-06-27 19:08 - 01636352 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2015-06-27 18:36 - 2015-06-27 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-27 18:35 - 2015-06-27 18:35 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-27 18:35 - 2015-06-27 18:35 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-27 18:35 - 2015-06-27 18:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-27 18:35 - 2015-06-27 18:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-27 18:35 - 2015-04-14 10:39 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-27 18:35 - 2015-04-14 10:38 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-27 18:33 - 2015-06-27 18:34 - 21545336 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\mbam-setup-sem-2.1.6.1022(2).exe
2015-06-27 18:32 - 2015-06-27 18:34 - 21545336 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\mbam-setup-sem-2.1.6.1022.exe
2015-06-27 17:50 - 2015-06-27 18:21 - 00002050 _____ C:\WINDOWS\spupdsvc.log
2015-06-27 17:50 - 2015-06-27 17:51 - 00000000 ____D C:\cc29c4da339221141fc7d5a768
2015-06-27 17:34 - 2015-06-27 17:34 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
2015-06-27 17:30 - 2015-06-27 18:21 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-06-27 17:30 - 2015-06-27 18:20 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-27 17:15 - 2015-06-27 17:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
2015-06-27 17:15 - 2015-06-27 17:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2015-06-27 17:09 - 2015-06-27 17:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2015-06-27 17:06 - 2015-06-27 17:06 - 00030596 _____ C:\WINDOWS\KB2834886.log
2015-06-27 17:06 - 2015-06-27 17:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2015-06-27 17:05 - 2015-06-27 17:05 - 00030371 _____ C:\WINDOWS\KB2900986.log
2015-06-27 17:05 - 2015-06-27 17:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2015-06-27 17:05 - 2015-06-27 17:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2015-06-27 17:04 - 2015-06-27 17:04 - 00029878 _____ C:\WINDOWS\KB2834902-v2.log
2015-06-27 17:04 - 2015-06-27 17:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2015-06-27 17:04 - 2015-06-27 17:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$
2015-06-27 17:04 - 2015-06-27 17:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2015-06-27 17:03 - 2015-06-27 17:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
2015-06-27 17:00 - 2015-06-27 17:00 - 00029715 _____ C:\WINDOWS\KB2862335.log
2015-06-27 17:00 - 2015-06-27 17:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2015-06-27 16:54 - 2015-06-27 16:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2015-06-27 16:42 - 2015-06-27 16:42 - 00029345 _____ C:\WINDOWS\KB2904266.log
2015-06-27 16:42 - 2015-06-27 16:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2015-06-27 16:41 - 2015-06-27 16:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2015-06-27 16:39 - 2015-06-27 16:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
2015-06-27 16:39 - 2015-06-27 16:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2015-06-27 16:32 - 2015-06-27 16:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2015-06-27 16:31 - 2015-06-27 16:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2015-06-27 16:31 - 2015-06-27 16:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2015-06-27 16:30 - 2015-06-27 16:30 - 00028383 _____ C:\WINDOWS\KB2807986.log
2015-06-27 16:30 - 2015-06-27 16:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2015-06-27 16:30 - 2015-06-27 16:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2015-06-27 16:29 - 2015-06-27 16:29 - 00026468 _____ C:\WINDOWS\KB2868038.log
2015-06-27 16:29 - 2015-06-27 16:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2015-06-27 16:29 - 2015-06-27 16:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2015-06-27 16:29 - 2015-06-27 16:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2015-06-27 16:24 - 2015-06-27 17:50 - 00010206 _____ C:\WINDOWS\updspapi.log
2015-06-27 16:24 - 2015-06-27 16:24 - 00026739 _____ C:\WINDOWS\KB2909921-IE8.log
2015-06-27 16:24 - 2015-06-27 16:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2015-06-27 16:22 - 2015-06-27 16:22 - 00020025 _____ C:\WINDOWS\KB2934207.log
2015-06-27 16:22 - 2015-06-27 16:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2934207$
2015-06-27 16:11 - 2015-06-27 16:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-27 16:07 - 2015-06-27 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2015-06-27 16:05 - 2015-06-27 17:50 - 00046215 _____ C:\WINDOWS\setupapi.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00191656 _____ C:\WINDOWS\FaxSetup.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00091636 _____ C:\WINDOWS\ocgen.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00073132 _____ C:\WINDOWS\tsoc.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00063323 _____ C:\WINDOWS\comsetup.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00038395 _____ C:\WINDOWS\ntdtcsetup.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00030514 _____ C:\WINDOWS\iis6.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00010602 _____ C:\WINDOWS\ocmsn.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00009579 _____ C:\WINDOWS\msgsocm.log
2015-06-27 16:05 - 2015-06-27 17:16 - 00001374 _____ C:\WINDOWS\imsins.log
2015-06-27 16:05 - 2015-06-27 17:15 - 00001374 _____ C:\WINDOWS\imsins.BAK
2015-06-27 16:05 - 2015-06-27 16:05 - 00018653 _____ C:\WINDOWS\KB2909210-IE8.log
2015-06-27 16:05 - 2015-06-27 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2015-06-27 16:05 - 2015-06-27 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2015-06-27 16:05 - 2015-06-27 16:05 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-27 16:05 - 2015-06-27 16:05 - 00000000 _____ C:\WINDOWS\setupact.log
2015-06-27 16:04 - 2015-06-27 16:05 - 00019181 _____ C:\WINDOWS\KB2914368.log
2015-06-27 12:34 - 2015-06-27 17:16 - 00050898 _____ C:\WINDOWS\KB2868626.log
2015-06-27 12:34 - 2015-06-27 17:15 - 00050639 _____ C:\WINDOWS\KB2922229.log
2015-06-27 12:33 - 2015-06-27 17:10 - 00050436 _____ C:\WINDOWS\KB2916036.log
2015-06-27 12:32 - 2015-06-27 17:05 - 00049397 _____ C:\WINDOWS\KB2847311.log
2015-06-27 12:32 - 2015-06-27 17:04 - 00051293 _____ C:\WINDOWS\KB2802968.log
2015-06-27 12:32 - 2015-06-27 17:04 - 00048498 _____ C:\WINDOWS\KB2898715.log
2015-06-27 12:32 - 2015-06-27 17:04 - 00047702 _____ C:\WINDOWS\KB2929961.log
2015-06-27 12:31 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2015-06-27 12:31 - 2013-07-02 21:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2015-06-27 12:30 - 2015-06-27 16:54 - 00050217 _____ C:\WINDOWS\KB2780091.log
2015-06-27 12:29 - 2015-06-27 16:41 - 00048008 _____ C:\WINDOWS\KB2876217.log
2015-06-27 12:29 - 2015-06-27 16:39 - 00047818 _____ C:\WINDOWS\KB2930275.log
2015-06-27 12:29 - 2015-06-27 16:39 - 00047115 _____ C:\WINDOWS\KB2864063.log
2015-06-27 12:28 - 2015-06-27 16:32 - 00046011 _____ C:\WINDOWS\KB2862152.log
2015-06-27 12:28 - 2015-06-27 16:31 - 00045256 _____ C:\WINDOWS\KB2850869.log
2015-06-27 12:28 - 2015-06-27 16:31 - 00044958 _____ C:\WINDOWS\KB2876331.log
2015-06-27 12:28 - 2015-06-27 16:30 - 00045522 _____ C:\WINDOWS\KB2859537.log
2015-06-27 12:28 - 2015-06-27 16:29 - 00046540 _____ C:\WINDOWS\KB2820917.log
2015-06-27 12:28 - 2015-06-27 16:29 - 00043996 _____ C:\WINDOWS\KB2893294.log
2015-06-27 12:28 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-06-27 12:28 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2015-06-27 12:28 - 2013-02-11 20:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2015-06-27 12:28 - 2013-02-11 20:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2015-06-27 12:27 - 2015-06-27 16:24 - 00038368 _____ C:\WINDOWS\KB2892075.log
2015-06-27 12:26 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-06-27 12:26 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-06-27 12:25 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2015-06-27 12:25 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2015-06-27 12:25 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2015-06-27 12:25 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2015-06-27 12:24 - 2015-06-27 16:05 - 00040754 _____ C:\WINDOWS\KB2813345.log
2015-06-26 22:26 - 2015-06-27 17:28 - 00000610 _____ C:\WINDOWS\wiadebug.log
2015-06-26 22:26 - 2015-06-27 07:25 - 00000049 ____N C:\WINDOWS\wiaservc.log
2015-06-26 22:26 - 2015-06-26 22:26 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2015-06-26 22:26 - 2001-08-17 13:53 - 00006784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\serscan.sys
2015-06-26 22:26 - 2001-08-17 13:53 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serscan.sys
2015-06-26 21:59 - 2015-06-27 16:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2015-06-26 21:58 - 2015-06-26 21:58 - 00000057 _____ C:\Documents and Settings\All Users\Application Data\Ament.ini
2015-06-26 21:53 - 2015-06-27 17:52 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-06-26 21:53 - 2015-06-26 21:53 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-06-26 21:53 - 2015-06-26 21:53 - 00000000 ____D C:\Program Files\MSBuild
2015-06-26 21:52 - 2006-06-29 13:07 - 00014048 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg2.dll
2015-06-26 20:37 - 2015-06-26 22:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\HP
2015-06-26 19:19 - 2015-06-26 19:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
2015-06-26 19:19 - 2015-06-26 19:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2015-06-26 18:29 - 2015-06-26 18:29 - 00094424 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2015-06-26 18:29 - 2015-06-26 18:29 - 00008138 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2015-06-26 18:29 - 2015-06-26 18:29 - 00000000 ____D C:\Program Files\Symantec
2015-06-26 18:28 - 2015-06-26 18:28 - 00001885 _____ C:\Documents and Settings\All Users\Desktop\Norton Security.LNK
2015-06-26 18:26 - 2015-06-26 18:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security
2015-06-26 18:26 - 2015-06-26 18:26 - 00000000 ____D C:\WINDOWS\system32\Drivers\NS
2015-06-26 18:26 - 2015-06-26 18:26 - 00000000 ____D C:\Program Files\Norton Security
2015-06-26 18:22 - 2015-06-26 22:28 - 00055172 ____H C:\WINDOWS\system32\mlfcache.dat
2015-06-26 18:16 - 2015-06-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Norton
2015-06-26 18:16 - 2015-06-26 18:26 - 00000711 _____ C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
2015-06-26 18:15 - 2015-06-26 18:15 - 01110744 _____ (Symantec Corporation) C:\Documents and Settings\Owner\Desktop\NSDownloader.exe
2015-06-26 18:02 - 2015-06-26 18:02 - 00000000 ____D C:\WINDOWS\system32\LogFiles

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-27 19:10 - 2005-06-22 19:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-06-27 19:01 - 2008-01-30 19:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-27 19:01 - 2005-06-22 19:06 - 01604527 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-27 18:20 - 2005-06-22 19:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-27 18:20 - 2005-06-22 12:00 - 00265416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-27 18:19 - 2005-06-22 19:10 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-27 18:19 - 2005-06-22 19:10 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-06-27 18:08 - 2008-07-25 13:13 - 00068648 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-27 18:04 - 2005-06-22 19:15 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-06-27 17:59 - 2005-06-22 12:01 - 00501604 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-27 17:31 - 2010-12-04 17:44 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2015-06-27 16:42 - 2008-01-30 19:53 - 00631592 _____ C:\WINDOWS\system32\TZLog.log
2015-06-27 16:30 - 2005-06-22 20:15 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2015-06-27 16:27 - 2005-06-22 18:53 - 00000573 _____ C:\WINDOWS\win.ini
2015-06-27 16:24 - 2009-07-05 14:45 - 00000000 ____D C:\WINDOWS\ie8updates
2015-06-27 16:20 - 2005-06-22 18:53 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-27 16:06 - 2008-01-30 19:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-06-27 16:06 - 2008-01-29 16:01 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-06-27 16:06 - 2005-06-22 11:56 - 00000000 ____D C:\WINDOWS\twain_32
2015-06-27 08:06 - 2009-07-05 15:04 - 00000000 __SHD C:\Documents and Settings\Owner\PrivacIE
2015-06-27 08:05 - 2009-07-05 14:48 - 00000000 __SHD C:\Documents and Settings\Owner\IETldCache
2015-06-27 08:04 - 2010-04-28 14:06 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache
2015-06-27 08:03 - 2005-06-22 19:10 - 00000000 ____D C:\Documents and Settings\Owner
2015-06-26 21:52 - 2005-06-22 11:56 - 00000000 ____D C:\WINDOWS\system32\spool
2015-06-26 19:32 - 2005-06-22 11:56 - 00000000 ____D C:\WINDOWS\system32\ias
2015-06-26 19:29 - 2005-06-22 18:55 - 00000184 __RSH C:\boot.ini
2015-06-26 19:00 - 2008-10-24 14:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2015-06-26 18:56 - 2005-06-22 19:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-26 18:25 - 2005-06-22 19:11 - 00000000 ____D C:\Program Files\Norton AntiVirus
2015-06-26 17:54 - 2009-05-25 12:28 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-26 17:43 - 2012-09-24 08:44 - 00001940 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

==================== Files in the root of some directories =======

2008-01-31 00:19 - 2008-11-04 17:05 - 0006144 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-04 17:49 - 2012-09-25 06:33 - 0001940 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Some files in TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\UNNERO.exe
C:\Documents and Settings\Owner\Local Settings\Temp\UNNeroVision.exe
C:\Documents and Settings\Owner\Local Settings\Temp\UNNMP.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by Owner at 2015-06-27 19:10:55
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2841148819-1158956313-2477166573-500 - Administrator - Enabled)
ASPNET (S-1-5-21-2841148819-1158956313-2477166573-1004 - Limited - Enabled)
Guest (S-1-5-21-2841148819-1158956313-2477166573-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2841148819-1158956313-2477166573-1005 - Limited - Disabled)
Owner (S-1-5-21-2841148819-1158956313-2477166573-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-2841148819-1158956313-2477166573-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.5 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5145 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.12-050317m-022739C - )
Canon iP6700D (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D) (Version:  - )
Canon iP6700D Memory Card Utility (HKLM\...\MCU PDUiP6700DMon.exe) (Version:  - )
Canon iP6700D User Registration (HKLM\...\Canon iP6700D User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
KB408682 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}_814) (Version:  - Adobe Systems Incorporated)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft IntelliPoint 6.2 (HKLM\...\{8C5FAD77-F678-4758-A296-C12F08D179E0}) (Version: 6.20.182.0 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Windows Journal Viewer (HKLM\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}) (Version: 1.5.2315.3 - Microsoft)
Mozilla Firefox (3.0.15) (HKLM\...\Mozilla Firefox (3.0.15)) (Version: 3.0.15 (en-US) - Mozilla)
Mozilla Sunbird (0.7) (HKLM\...\Mozilla Sunbird (0.7)) (Version: 0.7 (en-US) - Mozilla)
Mozilla Thunderbird (3.1.16) (HKLM\...\Mozilla Thunderbird (3.1.16)) (Version: 3.1.16 (en-US) - Mozilla)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Norton Security (HKLM\...\NS) (Version: 22.5.0.124 - Symantec Corporation)
OrderReminder HP LaserJet 1020 (HKLM\...\OrderReminder HP LaserJet 1020) (Version: 2.0 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.1 - Google, Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

26-06-2015 19:51:45 System Checkpoint
26-06-2015 21:52:24 Installed %1 %2.
26-06-2015 21:52:31 Printer Driver Microsoft XPS Document Writer Installed
27-06-2015 16:04:00 Software Distribution Service 3.0
27-06-2015 17:34:38 Software Distribution Service 3.0
27-06-2015 18:24:51 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-01-29 16:04 - 2004-08-04 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2008-06-13 15:54 - 2006-04-18 19:04 - 00034304 _____ () C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
2008-06-13 15:54 - 2006-04-18 19:04 - 00064000 _____ () C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2841148819-1158956313-2477166573-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\ps-rc4s.bmp
DNS Servers: 10.0.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2015 06:28:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2015 06:23:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2015 05:13:00 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.7680

Error: (06/27/2015 05:12:49 PM) (Source: MsiInstaller) (EventID: 1023) (User: RENA)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Owner\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (06/27/2015 04:06:31 PM) (Source: MsiInstaller) (EventID: 11704) (User: RENA)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1704. An installation for HP Officejet Pro 8620 Basic Device Software is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (06/27/2015 08:10:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2015 08:10:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2015 08:10:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2015 08:10:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2015 08:10:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (06/27/2015 06:21:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (06/27/2015 05:30:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (06/27/2015 05:13:12 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (06/27/2015 07:25:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (06/26/2015 10:23:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (06/26/2015 10:23:15 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.6 for the Network Card with network address 0013D321D678 has been
denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/26/2015 07:32:57 PM) (Source: RemoteAccess) (EventID: 20106) (User: )
Description: Unable to add the interface {8B713ABD-CA8A-44C3-A388-4D1060409AC6} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Error: (06/26/2015 07:21:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (06/26/2015 06:26:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (06/26/2015 05:53:47 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Microsoft Office:
=========================
Error: (06/27/2015 06:28:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe1.9.0.3576hungapp0.0.0.000000000

Error: (06/27/2015 06:23:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe1.9.0.3576hungapp0.0.0.000000000

Error: (06/27/2015 05:13:00 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.7680

Error: (06/27/2015 05:12:49 PM) (Source: MsiInstaller) (EventID: 1023) (User: RENA)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\DOCUME~1\Owner\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (06/27/2015 04:06:31 PM) (Source: MsiInstaller) (EventID: 11704) (User: RENA)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1704. An installation for HP Officejet Pro 8620 Basic Device Software is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (06/27/2015 08:10:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/27/2015 08:10:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/27/2015 08:10:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/27/2015 08:10:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/27/2015 08:10:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3200+
Percentage of memory in use: 81%
Total physical RAM: 447.36 MB
Available physical RAM: 83.96 MB
Total Pagefile: 1117.58 MB
Available Pagefile: 426.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:160.73 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 5A1EA01D)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

Advertisements

#2
RKinner
Posted 02 July 2015 - 03:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Suggest you run defrag a time or two. 

https://support.micr...en-us/kb/314848

 

XP does not automatically defrag and over time that will slow it down tremendously.  If that doesn't help then let's :

 

Let's get Speedfan:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin)

It will tell you your temps in real time. (If you click on Configure then on Core you can check Show in Tray then OK  and even when minimized it will show the Core temp in the system tray (near the clock),  If you don't see it then Windows is hiding it.  Click on the up arrow to the left of the icons near the clock and  Customize.  Find Speedfan and change it to Show Icons and Notifications.  ) Leave it up and run something like a video or a scan or maybe sfc /scannow again and see if the temps climb into the 70s or higher.
 

 

Get the free version of Speccy:

http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  

Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

 

Ron
 


  • 0

#3
RickMath
Posted 02 July 2015 - 05:49 PM

RickMath

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

I cannot even open firefox or IE to do this. My hard disk light just keep blinking and the program give me messages that they are not responding. I will try to download your suggestions to my W7 notebook cna copy them to my desktop.

 

Thanks

 

This is giving me fits.


  • 0

#4
RKinner
Posted 02 July 2015 - 05:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Try Safe Mode with Networking.

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 

Also right click on the clock and select Task Manager then processes.  Click on the CPU column heading once or twice until you get the big users at the top.  (Make sure you tell it to show processes from all users.)  What are the top 4 users and what per cent do they use?  (System Idle should be over 90% on a normal PC)    I wonder if your anti-virus has gone into scan mode and is taking over all of the CPU time?

 

 

Be aware than many XPs have heatsinks clogged with dust.  This makes them run hot and a hot CPU will slow down in order to protect itself.  Is this a laptop or a desktop?


  • 0

#5
RickMath
Posted 02 July 2015 - 07:08 PM

RickMath

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

Ron

 

Thanks

 

I was able to get the files on a flash drive and use them on the computer. This is a desktop computer.

 

The Speecy file is attached and the test from the other one is attached. I hope these are what you need.

 

I truly appreciate your help as I have waited days for a reponse.

 

==================================================

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    96.88    0 K    28 K    0            
Interrupts    3.13    0 K    0 K    n/a    Hardware Interrupts and DPCs        
wuauclt.exe        2,284 K    192 K    3308    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
wmiprvse.exe        2,352 K    5,072 K    1760    WMI    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
winlogon.exe        6,548 K    2,568 K    576    Windows NT Logon Application    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
wdfmgr.exe        1,536 K    56 K    1772    Windows User Mode Driver Manager    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
System        0 K    60 K    4            
svchost.exe        35,252 K    30,684 K    1024    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        3,464 K    1,628 K    840    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,884 K    1,560 K    932    Generic Host Process for Win32 Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        1,396 K    1,236 K    1100    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        5,168 K    2,024 K    1232    Generic Host Process for Win32 Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        1,380 K    680 K    440    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,688 K    236 K    3176    Generic Host Process for Win32 Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
spoolsv.exe        3,544 K    2,072 K    1516    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
SOUNDMAN.EXE        1,980 K    740 K    1960    Realtek Sound Manager    Realtek Semiconductor Corp.    (No signature was present in the subject) Realtek Semiconductor Corp.
smss.exe        176 K    60 K    480    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
services.exe        1,852 K    2,352 K    628    Services and Controller app    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
procexp.exe        25,116 K    32,620 K    2756    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PDUiP6700DMon.exe        2,012 K    1,972 K    2032    PDUMon    CANON INC.    (No signature was present in the subject) CANON INC.
OrderReminder.exe        728 K    80 K    1988    HP Cartridge Order Reminder    Hewlett-Packard    (No signature was present in the subject) Hewlett-Packard
NS.exe        73,100 K    13,112 K    1712    Norton Security    Symantec Corporation    (Verified) Symantec Corporation
NS.exe        18,900 K    5,616 K    2196    Norton Security    Symantec Corporation    (Verified) Symantec Corporation
msmsgs.exe        3,104 K    464 K    968    Windows Messenger    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
MDM.EXE        992 K    1,868 K    1604    Machine Debug Manager    Microsoft Corporation    (Verified) Microsoft Corporation
lsass.exe        4,012 K    1,424 K    644    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
ipoint.exe        7,192 K    11,552 K    116    IPoint.exe    Microsoft Corporation    (Verified) Microsoft Corporation
explorer.exe        19,836 K    18,584 K    1456    Windows Explorer    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
dpupdchk.exe        1,940 K    80 K    1196    dpupdchk.exe    Microsoft Corporation    (Verified) Microsoft Corporation
ctfmon.exe        1,024 K    1,628 K    764    CTF Loader    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
csrss.exe        1,884 K    2,732 K    544    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
BJMYPRT.EXE        1,900 K    3,684 K    368    Canon My Printer    CANON INC.    (No signature was present in the subject) CANON INC.
atiptaxx.exe        3,188 K    472 K    1892    ATI Desktop Control Panel    ATI Technologies, Inc.    (No signature was present in the subject) ATI Technologies, Inc.
ati2evxx.exe        556 K    264 K    812    ATI External Event Utility EXE Module    ATI Technologies Inc.    (No signature was present in the subject) ATI Technologies Inc.
ati2evxx.exe        524 K    476 K    1380    ATI External Event Utility EXE Module    ATI Technologies Inc.    (No signature was present in the subject) ATI Technologies Inc.
alg.exe        1,160 K    120 K    2480    Application Layer Gateway Service    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
 

Attached Files


  • 0

#6
RickMath
Posted 02 July 2015 - 07:46 PM

RickMath

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

Temps from Speed Fan

 

1 91F

2 102F

3 55F

HDO 102F

Core 91F


  • 0

#7
RKinner
Posted 03 July 2015 - 07:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Were you able to get it to defrag?

 

The hard drive looks amazingly good considering its age.  Temps are OK.  There are no processes hogging the CPU.  The only thing I see that I don't like is this line:

 

Interrupts    3.13    0 K    0 K    n/a    Hardware Interrupts and DPCs     

 

 

 

Generally this should be under 1.5 so it may mean you have a bad driver.  Also you only have 512 MB.  This should be 1 GB with XP SP3.  It should run OK tho just be really slow booting up.   You could just add another 512 MB stick:

 

http://www.amazon.com/Kingston-ValueRAM-512-Desktop-KVR400X64C3A/dp/B000097O5F/ref=sr_1_2?s=pc&ie=UTF8&qid=1435929714&sr=1-2&refinements=p_n_feature_four_browse-bin%3A1194458%2Cp_n_feature_five_browse-bin%3A677885011 

 

but for about the same price you can max it out with two 1GB sticks.

 

http://www.amazon.co...e-bin:673262011

 

(Let me know if the links don't work.  Any desktop PC3200 DDR should work.  You may be able to get used memory locally for even less.)

 

Try booting into Safe Mode with Networking and then run Process Explorer again and post the log.  Let's see if the Interrupts goes down.

 

 

 

Let's see if we have any errors that tell us why things are slow.

 

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Enable boot logging using one of the two methods here:  http://smallbusiness...rtup-45581.html

 

Reboot.
 

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.) 


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (It will override the first log so you need to copy and paste it to a reply before running it again.)

 

 

Find the file C:\windows\ntbtlog.txt and copy and paste or attach it to your next reply.


  • 0

#8
RickMath
Posted 03 July 2015 - 08:32 AM

RickMath

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

Started in safe mode with networking.

 

Here is the process report.. Do I continuie in safe mode with the next steps?

 

Thanks

 

=============================================

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    98.44    0 K    16 K    0            
Interrupts    1.56    0 K    0 K    n/a    Hardware Interrupts and DPCs        
wmiprvse.exe        2,288 K    4,924 K    1648    WMI    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
winlogon.exe        3,356 K    2,596 K    428    Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
System        0 K    216 K    4            
svchost.exe        9,608 K    16,448 K    760    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,344 K    3,588 K    800    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        2,936 K    4,820 K    632    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,636 K    4,136 K    684    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,068 K    2,952 K    892    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
smss.exe        172 K    420 K    356    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
services.exe        1,652 K    3,356 K    472    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
procexp.exe        26,804 K    33,156 K    1560    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
lsass.exe        2,016 K    544 K    484    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
explorer.exe        14,556 K    23,260 K    1720    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
csrss.exe        1,368 K    3,088 K    404    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
 


  • 0

#9
RKinner
Posted 03 July 2015 - 09:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

No we want to boot normally to see what errors we get.


  • 0

#10
RickMath
Posted 03 July 2015 - 09:40 AM

RickMath

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

I ran the event viewer. Do you want the reports?


  • 0

#11
RKinner
Posted 03 July 2015 - 10:02 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Yes tho if you ran it in Safe Mode there will be a lot of errors. 


  • 0

#12
RickMath
Posted 03 July 2015 - 03:31 PM

RickMath

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts

I reran it in regular mode and no errors.

 

I will continue with the next steps. Hope I doing OK so far infollowing your instructions.


  • 0

#13
RKinner
Posted 03 July 2015 - 05:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Make sure you reboot after clearing the alarms.  Normally we do see some errors.

 

When you ran it in Safe Mode with Networking did it seem to run normally?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP