Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Slowdowns


  • Please log in to reply

#31
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Midaddle i believe is the name of the infection but im sure i have got rid of it now.
  • 0

Advertisements


#32
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
OK. Good job. :tazz:
  • 0

#33
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Thanks,

I have a little suspicion here :

explorer.exe running in Taskmanager at the Following :

Name: explorer.exe
Username: Owner
CPU: 0 and 01 sometimes
MEM Usage: 16 704

Is this normal or it it something bad ?

Please help thanks :tazz:

PS : i have also noticed that when i do a Hijackthis log Explorer.EXE isnt there anymore but it was there when i started this topic.

Edited by cleverboy12, 30 September 2005 - 10:39 AM.

  • 0

#34
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Open any folder and run HijackThis again. :tazz:
  • 0

#35
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Here it is again and it isnt here :

Logfile of HijackThis v1.99.1
Scan saved at 20:17:52, on 30/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124116191736
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonde...tivePreQual.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

#36
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Hmmm. As far as I'm aware, if there is a folder open then explorer.exe should show up in your running processes.

Anyway. Explorer.exe will under normal circumstances always be running, since it is one of the major processes that makes Windows work, the shell.

http://www.liutiliti...brary/explorer/

explorer.exe is the Windows Program Manager or Windows Explorer. It manages the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager. By removing this process the graphical interface for Windows will disappear.
  • 0

#37
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
ok so i understand it is normal.

Well thanks for letting me know :tazz:

are there any things to do with seceirty to keep in mind now that i have installed a printer & scanner ?

Thanks Again :)
  • 0

#38
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Only if you want to share them across a home network.

http://itmanagement....cle.php/3547936
  • 0

#39
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Im not sure if im sharing it.

I only use it on my computer i think.

any ideas ?

:tazz:
  • 0

#40
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Make sure your settings match the recommendations here:
http://support.micro...s/Q199/3/46.ASP
  • 0

Advertisements


#41
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Ok

As i use AVG Free for my AV then should it be able to detect all viruses even ones that i am about to get from email attachements. And when i turn on the computrer should it be able to stop a virus from running or does it not support that.

Just wandering because i am about to do another whole system scan.

:tazz:
  • 0

#42
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
If AVG resident shield is on it will stop any virus it recognizes as such from running or entering your computer.

The problem, as always, are the not yet known viruses.
  • 0

#43
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Just another thought.

How likely is it that I may have a rootkit becuase I have been reading about them and they sound like malware ?

Thanks
  • 0

#44
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
If you are not experiencing any problems, the cahnces you have a rootkit are very slim.

Some reading for you:
http://www.sysintern...itRevealer.html

So I won't feel like I'm doing it all alone :tazz:

Regards,
  • 0

#45
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
Well actually I have been experiencing slowdows of internet browsing especially when using Hotmail. I doubt this to be a rootkit but any ideas on what this is ?

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP