Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected machine? - Spurious Emails Sent


  • Please log in to reply

#16
steve bradbury

steve bradbury

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ron

please note I will be away from home on business tomorrow so will not be able to log on again until Thursday evening.

Many thanks for the ongoing support and prompt feedback

Steve
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Could you try downloading Combofix again? (Remember to turn off your anti-virus while downloading or running Combofix). This time rename it to george.exe and see if it will run.

Otherwise it seems to be free of malware tho it did have some hard drive problems which appear to have been corrected by the diskcheck. Have you tried changing your email password(s). How do you connect to the Internet? If wireless do you have the link encrypted with something besides WEP? Does the router have a password other than the default?

If it is still running slow:

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.





Ron
  • 0

#18
steve bradbury

steve bradbury

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Ron

here is the notebook entry from Combofix (aka George). There are several references to AVG in the response. Not sure if this means that temporary disable was not fully active

ComboFix 11-12-01.03 - Steve 01/12/2011 21:48:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4087.2565 [GMT 0:00]
Running from: c:\users\Steve\Desktop\George.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
C:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 21:51 . 2011-12-01 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-01 21:15 . 2011-12-01 21:15 -------- d-----w- c:\users\Steve\AppData\Roaming\AVG10
2011-12-01 21:12 . 2011-12-01 21:12 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-12-01 21:12 . 2011-12-01 21:12 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-11-29 07:59 . 2011-10-18 01:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAF17FFA-5E19-4079-9277-4A0EBE333F49}\mpengine.dll
2011-11-27 19:54 . 2011-11-27 19:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-10 17:52 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 17:52 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-10 17:52 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 17:52 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 18:13 . 2011-11-04 18:13 -------- d-----w- c:\windows\Sun
2011-11-04 18:13 . 2011-11-04 18:13 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-01 17:34 . 2011-05-04 07:18 97104 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-10-18 20:11 . 2011-05-25 07:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 05:06 . 2011-07-29 19:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-08-27 15:25 2565448 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-15 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Omnipage"="c:\program files (x86)\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"CommonToolkitTray"="c:\program files (x86)\Fighters\Tray\FightersTray.exe" [2011-10-05 1429128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1411" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-11-14 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]
R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-01 931640]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-08-27 488776]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 NEOFLTR_650_14599;Juniper Networks TDI Filter Driver (NEOFLTR_650_14599);c:\windows\system32\Drivers\NEOFLTR_650_14599.SYS [x]
S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys [2011-11-01 396944]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-01 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-01 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2010-09-10 3210176]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-03 6104144]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 01:10]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 01:10]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018395322-1037248882-2513499089-1000Core.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 00:15]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018395322-1037248882-2513499089-1000UA.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 00:15]
.
2011-12-01 c:\windows\Tasks\SLOW-PCfighter64-Steve-Notification.job
- c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2011-10-17 09:58]
.
2011-12-01 c:\windows\Tasks\SLOW-PCfighter64-Steve-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2011-10-17 09:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-08-12 3451904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: hsbc.co.uk
Trusted Zone: hsbc.co.uk\hive2
TCP: DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Steve\Application Data\Mozilla\Firefox\Profiles\rjtbjhzy.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-01 21:57:04
ComboFix-quarantined-files.txt 2011-12-01 21:57
.
Pre-Run: 949,071,024,128 bytes free
Post-Run: 948,999,491,584 bytes free
.
- - End Of File - - B56AB40E526E93E7DCD3D24C6C5F3532
**********************************************************************************************************
  • 0

#19
steve bradbury

steve bradbury

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Ron

following up on your other points

Have you tried changing your email password(s). YES. Passwords changed

How do you connect to the Internet? If wireless do you have the link encrypted with something besides WEP? Not sure how to check this so suspect not


Does the router have a password other than the default? Not sure how to check this so suspect not

If it is still running slow: Speed seems back to normal

Thanks for all your support. It has been brilliant. Is there a way I can buy you a drink ?

Cheers ..... Steve
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Your router is probably at 192.168.1.254 so if you point your browser to it then you talk to it and see how it is setup. Your best bet is to go to the router maker's website and read up on it. At least change the password on the router. If you don't know the default password then try:
http://www.routerpasswords.com/
or
http://www.phenoelit...rg/dpl/dpl.html

It's very easy to use someone's router if they do not use encryption on the link (and even if they do it's not that hard to break into a WEP encrypted link. (One of the links in my goodbye post it to a newspaper article about people hacking into wep encrypted business networks from a car outside the business. I have a friend in Manilla and he tells me that when you buy a PC there they give you a program for cracking your neighbor's WEP so you don't have to pay for service.)

I think I would uninstall your SLOW-PCfighter64. It's nothing but a registry cleaner which we don't think much of. Registry cleaners cause more trouble than they fix. Make sure that the two tasks associated with it are cancelled by the uninstall:

2011-12-01 c:\windows\Tasks\SLOW-PCfighter64-Steve-Notification.job
- c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2011-10-17 09:58]
.
2011-12-01 c:\windows\Tasks\SLOW-PCfighter64-Steve-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2011-10-17 09:58]

Instead or buying me a drink, please donate the cost of the drink to Kwiaht:

http://www.kwiaht.org/donate.htm

It's a local environmental group that I do a lot of volunteer work with.

Thanks,

Ron
  • 0

#21
steve bradbury

steve bradbury

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Ron

Thanks for all your guidance. i have made a contribution to your nominated charity and hope this provides some great support.

I followed your advice and downloaded Procexp. Attached is a copy of the text

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.84 0 K 24 K
plugin-container.exe 11000 2.94 134,192 K 144,952 K Plugin Container for Firefox Mozilla Corporation
procexp64.exe 31208 1.04 22,400 K 43,128 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mswinext.exe 4420 0.82 44,684 K 67,876 K MSN® Toolbar Microsoft Corp.
Interrupts n/a 0.56 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1764 0.26 33,704 K 34,560 K Desktop Window Manager Microsoft Corporation
System 4 0.16 528 K 161,568 K
csrss.exe 676 0.12 4,564 K 8,236 K Client Server Runtime Process Microsoft Corporation
BoostSpeed.exe 2036 0.09 19,920 K 3,672 K PC Tuneup 2011 AVG
firefox.exe 10556 0.06 267,216 K 300,488 K Firefox Mozilla Corporation
AVGIDSAgent.exe 2848 0.01 22,300 K 18,800 K AVG Identity Protection Service AVG Technologies CZ, s.r.o.
WNA1100.exe 3624 0.01 3,984 K 11,064 K Netgear
avgcsrva.exe 4816 0.01 12,800 K 38,968 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
BTHelpNotifier.exe 3552 0.01 4,960 K 6,544 K mcci+McciTrayApp Alcatel-Lucent
MOM.exe 3800 0.01 41,872 K 9,852 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.
SearchIndexer.exe 2560 < 0.01 23,992 K 16,380 K Microsoft Windows Search Indexer Microsoft Corporation
explorer.exe 1832 < 0.01 27,468 K 48,172 K Windows Explorer Microsoft Corporation
avgwdsvc.exe 1964 < 0.01 10,048 K 19,824 K AVG Watchdog Service AVG Technologies CZ, s.r.o.
WINWORD.EXE 32064 < 0.01 13,540 K 34,164 K Microsoft Word Microsoft Corporation
avgrsa.exe 5900 < 0.01 1,812 K 1,844 K AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgtray.exe 3856 < 0.01 7,400 K 2,724 K AVG Tray Monitor AVG Technologies CZ, s.r.o.
WifiSvc.exe 2648 < 0.01 4,132 K 7,660 K Wifi Service
svchost.exe 1248 < 0.01 14,072 K 17,476 K Host Process for Windows Services Microsoft Corporation
svchost.exe 856 < 0.01 97,688 K 107,760 K Host Process for Windows Services Microsoft Corporation
avgchsva.exe 352 < 0.01 49,660 K 53,448 K AVG Cache Server AVG Technologies CZ, s.r.o.
services.exe 712 < 0.01 6,596 K 10,344 K Services and Controller app Microsoft Corporation
wmpnetwk.exe 4828 < 0.01 11,132 K 10,980 K Windows Media Player Network Sharing Service Microsoft Corporation
CCC.exe 4184 < 0.01 65,924 K 22,932 K Catalyst Control Centre: Host application ATI Technologies Inc.
concentr.exe 3864 < 0.01 2,420 K 7,104 K Citrix online plug-in Connection Center Citrix Systems, Inc.
svchost.exe 960 < 0.01 5,140 K 9,176 K Host Process for Windows Services Microsoft Corporation
wfcrun32.exe 3932 < 0.01 3,360 K 10,616 K Citrix Citrix Systems, Inc.
svchost.exe 944 < 0.01 30,312 K 47,304 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1128 < 0.01 9,492 K 16,980 K Host Process for Windows Services Microsoft Corporation
avgam.exe 2312 < 0.01 4,264 K 2,524 K AVG Alert Manager AVG Technologies CZ, s.r.o.
avgnsa.exe 2408 < 0.01 19,428 K 5,804 K AVG Online Shield Service AVG Technologies CZ, s.r.o.
BTHelpBrowser.exe 3644 < 0.01 8,544 K 29,876 K mcci+McciBrowser Alcatel-Lucent
taskeng.exe 32940 < 0.01 2,776 K 6,876 K Task Scheduler Engine Microsoft Corporation
McciContextHookShim.exe 3712 < 0.01 1,708 K 6,148 K mcci+McciContextHookShim Alcatel-Lucent
taskhost.exe 1704 < 0.01 7,204 K 18,464 K Host Process for Windows Tasks Microsoft Corporation
GoogleToolbarNotifier.exe 3564 < 0.01 3,292 K 1,268 K GoogleToolbarNotifier Google Inc.
avgfws.exe 1604 < 0.01 15,956 K 26,452 K AVG Firewall Service AVG Technologies CZ, s.r.o.
csrss.exe 576 < 0.01 2,604 K 5,024 K Client Server Runtime Process Microsoft Corporation
YahooAUService.exe 2680 3,772 K 9,148 K AutoUpater Service Module Yahoo! Inc.
WUDFHost.exe 3160 2,324 K 6,460 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
WmiPrvSE.exe 32772 2,852 K 6,188 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 1792 1,448 K 3,380 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
WLIDSVC.EXE 2572 4,648 K 12,652 K Microsoft® Windows Live ID Service Microsoft Corporation
winlogon.exe 844 3,416 K 7,764 K Windows Logon Application Microsoft Corporation
wininit.exe 656 1,660 K 4,736 K Windows Start-Up Application Microsoft Corporation
taskeng.exe 1916 2,460 K 6,280 K Task Scheduler Engine Microsoft Corporation
svchost.exe 884 4,884 K 10,460 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1484 8,996 K 12,904 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4948 4,520 K 10,516 K Host Process for Windows Services Microsoft Corporation
svchost.exe 564 19,336 K 22,572 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3124 7,420 K 37,248 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3096 1,660 K 4,384 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2532 1,992 K 5,632 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3240 2,052 K 5,592 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1452 7,204 K 13,496 K Spooler SubSystem App Microsoft Corporation
splwow64.exe 31016 1,880 K 5,388 K Print driver host for 32bit applications Microsoft Corporation
smss.exe 288 524 K 1,216 K Windows Session Manager Microsoft Corporation
SeaPort.exe 2088 4,328 K 9,340 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
procexp.exe 32384 1,936 K 6,752 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
opware32.exe 3788 1,160 K 3,920 K OCR Aware (32-bit) ScanSoft, Inc
McciCMService.exe 1816 1,832 K 6,460 K mcci+McciCMService Alcatel-Lucent
lsm.exe 736 2,860 K 4,540 K Local Session Manager Service Microsoft Corporation
lsass.exe 728 5,112 K 12,696 K Local Security Authority Process Microsoft Corporation
jusched.exe 3872 1,388 K 4,992 K Java™ Update Scheduler Sun Microsystems, Inc.
ijplmsvc.exe 2000 1,072 K 3,660 K Inkjet Printer/Scanner Extended Servey Program Service
BJMYPRT.EXE 3544 2,676 K 6,108 K Canon My Printer CANON INC.
AVGIDSMonitor.exe 3880 2,224 K 6,088 K
avgcsrva.exe 4600 9,460 K 7,920 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
audiodg.exe 31752 15,744 K 15,544 K Windows Audio Device Graph Isolation Microsoft Corporation
atiesrxx.exe 328 1,728 K 4,508 K AMD External Events Service Module AMD
atieclxx.exe 1340 2,416 K 6,288 K AMD External Events Client Module AMD
armsvc.exe 1576 1,212 K 3,920 K Adobe Acrobat Update Service Adobe Systems Incorporated
  • 0

#22
steve bradbury

steve bradbury

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Ron

caried out the second half of your instruction and action the Speccy process.

Txt File (Steve PC) attached
cheers

Attached Files


  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Thanks.

You have some toolbars and add-ons that are probably not necessary:

plugin-container.exe 11000 2.94 134,192 K 144,952 K Plugin Container for Firefox Mozilla Corporation (used to run toolbars and Add-ons in Firefox)
mswinext.exe 4420 0.82 44,684 K 67,876 K MSN® Toolbar Microsoft Corp.

Don't think you really need the MSN toolbar. I'd uninstall it unless you really love it. Otherwise looks pretty good.
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Speccy looks good. Temps are nice and low and hard drive is happy.
  • 0

#25
steve bradbury

steve bradbury

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
You are a star.

Many thanks for all your support and patience in getting this resolved. I am very grateful.

Keep smiling

Steve
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP