Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Slowdowns


  • Please log in to reply

#1
cleverboy12

cleverboy12

    Member

  • Member
  • PipPipPip
  • 687 posts
Hi there,

I have recently been experiencing random slowdowns and something is trying to access my harddisk too often. Please could someone check my log and tell me the outcome.

Thanks :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 08:50:31, on 19/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124116191736
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonde...tivePreQual.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
I don't see anything strange.

What do your firewall logs tell you about the times your HD is busy?

You can alos see if defragmenting brings the level of activity down a bit.

Regards,
  • 0

#3
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Thanks for your Help,

Well My Firewall has some incoming traffic through TCP and UDP from some kind of Chinese and Turkish countries when i checked it up but apart from that nothing !

Thanks Again for your help
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
I do get lots of hits from these areas. They are typically infected "bots" trying to find new victims.
Your firewall should be blocking those. Let me know if you need help configuring it to do so.
Also read: http://bellsouthpwp....gateBasics.html
and:
http://bellsouthpwp....ancedRules.html

Regards,
  • 0

#5
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Hi there,

Thanks For Your Help In This Matter Once Again.

I have a few questions :

How do the Bots know my Ip and why are they trying to get through UDP and TCP incoming ?

Is This Something To Be Concerened about ?
_________________________________________________

I also have these questions :

I have ad.doubleclicknet on my log outcoming and incoming and webtrendslive and it is somehow allowing it how do i configure it so it blocks these. I have read the link Tutorials by the way.

_________________________________________________

Once again thanks for you time ! :tazz:
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Don't worry. They don't know your IP.
They just try thousands per hour and with the number of infected machines that adds up to a few hits per computer per minute.

Different viruses use different methods to spread, so that may explain the different ports and protocols.

Which applications makes the connections you want to stop?
IE?

Regards,
  • 0

#7
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Im not sure its addoubleclick and webtrenslive and they dont have applications !

Thanks again for helping me out on this matter :tazz:
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
This is how I keep them out:
http://www.mvps.org/...p2002/hosts.htm

Regards,
  • 0

#9
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Thanks i already use it but the webtrendslive is a tracking cookie and it still manages to getpast the firewall according to the logs.
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Have a look here: Tools to Control Cookies
  • 0

Advertisements


#11
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
thanks for helping me out on this.

I think that my computer is fairly clean now.

Thanks Again For Your Help In This Matter :tazz:
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
No problem. :tazz:
  • 0

#13
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Oh wait sorry but i downloaded CleanUp from the original source and it cleaned over 84mb of TEMP and other stuff and now my pc is slower sometimes cant get onto hotmail programs take longer to load and the drop down menu themes have changed to the older ones. I think this has something to do with the .net passport as i think it may have removed it.

Any Ideas on where is should go from here ? :tazz:
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
If you have System Restore enabled, go back to before the CleanUp action.

Or put back the backup.

Regards,
  • 0

#15
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
What is the backup i deleted CleanUp out of worridness.

I didnt unfortunatley have system restore enabled . ( i should have done so now :) )

Is There any other way to get back ?

Thanks Again for helping me out ! :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP