Solved Progressively slower internet on Clean(?) computer

Status
Not open for further replies.
Have a look here for the Host setting: http://overclockedtech.com/?tag=007guardcom

This is probably very clear to you:
I split the two physical hard disks into 11 partitions: C - M. Each has a different purpose. (C is root, D is Data, G is Games, I is Internet saves, M is Windows Backup).
But it is a daunting challenge to anyone checking the logs! If you have enough in each category to think each needs a drive of it's own, I would think that could cause great slowdown!
To make my computer more manageable
Are you enjoying the system at all? It sound like you're so busy 'organizing' the system that you can't sit back and enjoy it! It would be more 'normal' and certainly easier for you, if you set up directories for each instead of a partition:
Examples: C:\Games, C:\Data, etc..

And for "Internet Saves", it in the best format and save to docs & settings.

As for allowed websites in the firewall, no one is expected to recognize all of them. they go by Whitelist and Blacklist and it's the job of the author of the software to keep them straight.

As for the random entries on the C drive, I can't do much with them totally out of context. You can do a Google search to identify these files:
There are several exe files, migautoplay.exe, spuninst.exe spupdsvc.exe and tcinst.exe. The remain files have the .man extenThey are all there.sion or .dll extension.

Explain the following please:
At one point I've been upwards of 150 connections and have spiked momentarily to over 350 attempted connections.

A comment meant in good faith: Many of us have a bit of OCD in us when it comes to setting up our systems, files and folders. But getting too involved will take away the enjoyment you can have using the system. I think you need to take some time and set up the files and folders. Get rid of all of the partitions and set up the directories instead. Split the hard drive if you want, but get rid of all the partitions.

You can update and run Combofix again and I'll review a new log.
 
Bobbye,

First off, thanks for your continued assistance.

Are you enjoying the system at all? It sound like you're so busy 'organizing' the system that you can't sit back and enjoy it! It would be more 'normal' and certainly easier for you, if you set up directories for each instead of a partition:
Examples: C:\Games, C:\Data, etc..

And for "Internet Saves", it in the best format and save to docs & settings.
Yes, I'm enjoying the system. It's how I've run my various computers for the last 15+ years. Its a pattern I've developed over the years. The Internet Saves is distinct from Documents where Word and other programs store their Documents. When I want to look at a saved web page I know to go to I:\ and not root through the Documents directory. I know it doesn't work for everyone, but it works for me.

Redoing the computer without the 11 partitions would be a weekends work as I have programs installed across the various drives. It may come to that though... (see below)

The best explanation I can come up with regarding the 150 and 350 connections to my computer is with the aid of illustration.

Screen1.jpg


screen2.jpg


The first illustration is the connections displayed according to the firewall when trying to load google. Notice the spike in the right graph. The second illustration is a grab of the Resource Monitor in Window 7. The grab was taken while trying to reload this page.

Hope my meaning is more clearer.

Now onto the matter of Combofix

Now its my turn for a brainfade.

To be safe and to ensure I was up-to-date I downloaded a new copy of Combofix to my computer (it now 4.11mb in size instead of 4.09mb) and sent it to the desktop. I was tired and didn't realise that I sent shortcut instead of the actual program to the desktop.

After disabling the anti-malware and anti-virus (but -not- Online Armor) I ran the shortcut and it protested about wrong OS version and then the firewall started complaining about a program called PEV.EXE wanting to run. I didn't recognise it so I clicked block. Nothing then happened for several minutes.

So I double clicked it again - and the backdrop disappeared. I went looking for a log and there were none.

I then realised my error. I Rebooted, and disabled Online Armor and the antivirus and anti-malware. I then moved the actual program to the desktop and ran it. It ran without a hitch, all the various stages cycling through, no protests about incorrect OS, or anything. The desktop background was restored and the computer for a moment appeared to be working fine. The log is attached below.

However... I think my few moments of brainfade broke something. Despite rebooting twice, my computer can not connect to the internet at all now.

Sorry. As I said... it was a brainfade. Completely my fault. If you are willing to admit to one previously in this thread, I'll be brave enough to admit to mine.

I'm posting this from one of the other computers on the network.
----
EDIT:
I ran the Network Troubleshooter in Windows 7 and it wove its magic and now my computer can connect to the internet. First is said there was a problem with the DNS sever and then there was something wrong with the DHCP settings with respect to the LAN. Once it fixed them up... I have net connectivity back... I'm yet to see how fast it is.

--------------

ComboFix 11-04-10.02 - Michael 11/04/2011 17:09:40.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3070.1974 [GMT 10:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: Online Armor Firewall *Disabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 07:13 . 2011-04-11 07:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 07:13 . 2011-04-11 07:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-05 07:30 . 2011-04-05 07:30 -------- d-----w- c:\programdata\Panda Security
2011-04-05 07:30 . 2011-04-05 07:30 -------- d-----w- c:\program files\Panda USB Vaccine
2011-03-22 02:34 . 2011-03-22 02:34 -------- d-----w- c:\program files\ESET
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 04:00 . 2010-06-24 01:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 00:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30 . 2011-03-09 23:39 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 23:39 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 23:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 05:54 . 2011-02-09 06:09 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 11:40 . 2010-04-20 22:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-26 13:36 . 2011-01-26 13:36 7566848 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 13:00 . 2011-01-26 13:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 13:00 . 2010-03-03 04:16 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 12:59 . 2011-01-26 12:59 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 12:56 . 2010-04-07 02:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 12:55 . 2010-04-07 02:12 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 12:55 . 2010-04-07 02:12 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 12:54 . 2011-01-26 12:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 12:53 . 2010-04-07 02:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 12:53 . 2011-01-26 12:53 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 12:53 . 2011-01-26 12:53 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 12:53 . 2011-01-26 12:53 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 12:49 . 2010-03-03 04:06 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 12:32 . 2011-01-26 12:32 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 12:28 . 2010-03-03 03:46 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 12:27 . 2011-01-26 12:27 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 12:27 . 2011-01-26 12:27 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 12:25 . 2011-01-26 12:25 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 12:24 . 2010-03-03 03:24 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 12:20 . 2010-03-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 12:14 . 2010-04-07 01:23 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 238592 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 12:12 . 2010-03-03 03:06 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 12:12 . 2010-03-03 03:06 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 12:12 . 2011-01-26 12:12 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-01-26 12:11 . 2011-01-26 12:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 12:08 . 2011-01-26 12:08 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 12:08 . 2011-01-26 12:08 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-17 05:47 . 2011-02-28 23:16 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-13 09:41 . 2010-01-26 22:01 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-13 08:47 . 2010-06-29 11:25 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-01-13 14:30 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-01-13 14:31 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-01-13 14:31 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-01-13 14:31 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-01-13 14:30 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-01-13 14:31 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DefragTaskBar"="d:\program files\Ashampoo Magical Defrag 3\defragtaskbar.exe" [2009-12-16 927072]
"Ashampoo Core Tuner"="d:\program files\Ashampoo Core Tuner\autostarter.exe" [2009-09-25 428376]
"WordWeb"="d:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"@OnlineArmor GUI"="d:\program files\Online Armor\OAui.exe" [2010-11-04 2345000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "d:\progra~1\ONLINE~1\oaevent.dll" [2010-11-04 353992]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-10-30 38856]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SvcOnlineArmor;Online Armor;d:\program files\Online Armor\oasrv.exe [2010-11-04 3653208]
R3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-17 691696]
S1 aswSP;aswSP; [x]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-11-04 202064]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-11-04 25000]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/13 23:32];c:\program files\CyberLink\PowerDVD DX\000.fcl [2009-06-24 10:19 87536]
S2 acthelper;Ashampoo CoreTuner Helper Service;d:\program files\Ashampoo Core Tuner\ACTHelperService.exe [2009-09-25 902488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 Ashampoo Defrag Service;Ashampoo Defrag Service;d:\program files\Ashampoo Magical Defrag 3\defragservice.exe [2009-12-16 890208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 OAcat;Online Armor Helper Service;d:\program files\Online Armor\OAcat.exe [2010-11-04 380784]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-11-04 29120]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-12-12 07:01]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - d:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - d:\program files\GetRight\GRbrowse.htm
TCP: {EB9D824D-F1DB-491F-A89D-B32705065FB3} = 192.168.0.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\2tnep8uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5608)
c:\windows\System32\SyncCenter.dll
.
Completion time: 2011-04-11 17:15:28
ComboFix-quarantined-files.txt 2011-04-11 07:15
.
Pre-Run: 83,432,783,872 bytes free
Post-Run: 83,159,576,576 bytes free
.
- - End Of File - - C3C7D45598092E86C8E22C98DB16B321
 
You are certainly allowed a 'brainfade'!I call mine 'braindrains' and have them frequently.

I don't see any problem with the connections. Both the processes and the IPs are legitimate. As long as the firewall is configured correctly, you should be okay. I'm thinking you may be running a lot of resource intensive processes- and that is controllable. I did note though that Avast has multiple connections. One of them: 11 domains hosted on IP address 66.102.11.104. Whether this is of any significance or not, will need to be determined- perhaps in Avast support?

I have not seen the Panda Vaccine on a computer system yet. Usually it's applied to the USB or other movable drives. I think these processes are more frequently controlled by [utl=http://technet.microsoft.com/en-us/sysinternals/bb963902]Autoruns[/colot][/url]
==================================
Please open the Firefox Extensions and remove all of the Java- including Java v6u21 through v6u24.. You do not need to put an extension in Firefox as the Java update on your system works in Firefox.
==============================================
My standard recommendation for CPU spikes is to open the Task Manager and note what process is active. For instance, I have Firefox open, Outlook express minimized and Notepad. But the only CPU activity showing are System Idle and Firefox, with small occasional use by taskmgr. While other processes are using the memory, nothing shows in the CPU column.
 
Sorry for the delay.

I went looking over the other forums like you suggested, looking for advice why I had such high CPU usage and high connections.

In the end, I upgraded my avast to version 6 and uninstalled my firewall, rebooted twice and did a clean install of the just released upgraded version.

I also uninstalled the Bing bar and managed to uninstall the various java extensions (6.0.17, 6.0.19, 6.0.20, 6.0.22, 6.0.23, and 6.0.24) and disable the Java plugins (ava(TM) Platform SE 6 U26 6.0.240.7 and Java Deployment Toolkit 6.0.240.7) from Firefox.

During the short window of time that I had no firewall on my computer, I ran TFC and it removed about 230mb of files.

The net result of all this?

Firefox can once more access the net at decent speeds. Internet connectivity has been restored. However I still have lots of connections showing up... more then I use to. I think I'll have to redefine "normal".
 
I think those connections are going to have to have you verify if they are 'normal'. Unless you either have remote help($$$$) or take the system to a shop($$$) it's not a 'doable' thing on a forum such as this.

Connections can depend on auto-updaters (a great evil which I only allow my AV program to do), addons in your browsers or even scheduled tasks-depending on their nature. You protection is to have a bi-directional firewall> one that listens at both outgoing and incoming ports. Then the first time there is an attempt to connect, you can allow, deny or grant different type of access.
Autoupdaters running on your system:Java, adobe Reader, qtask, iTunes.
==========================================
I think you may also be putting scans and connections in the same basket. For instance, thousands of scans are sent out, looking for unprotected systems. I once sat and watch my own computer end up in a denial of service- some kid using the gnutella P2P network. That network eventually spawned LimeWire, Morpheus and was an alternate to KaZaA, another of the file sharing protocols. This kid put out over 200 scans in 10 minutes, looking for a port to get in. My firewall blocked them all. So there was no connection.
====================================
You might be interested in my tally of some of your log entries:
For Online Armor: Someone asked this question:
Why is oanet.sys using 100% of my CPU?> this process is>
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys>> Tall Emu Online Armor Firewall helper file.
S=Stopped R=Running And the status meaning is:
Driver/Service status:
1=System,
2=Auto,
3=Demand,
4=Disabled
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys
R1 oahlpXX;Online Armor helperdriver> Autorun - automatically runs every time you start your computer (Online Armor helper driver)
On Drive D:
R2 SvcOnlineArmor;Online Armor;d:\program files\Online Armor\oasrv.exe> the main process of OA.
S2 OAcat;Online Armor Helper Service;d:\program files\Online Armor\OAcat.exe
===========================================
The interesting about the Online Armor processes is that you have some on Drive C and some on Drive D. You might want to check that out.
==========================================
Another 'busy' program you're running is Ashampoo:
R3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo WinOptimizer 6\Dfsdks.exe
S2 acthelper;Ashampoo CoreTuner Helper Service;d:\program files\Ashampoo Core Tuner\ACTHelperService.exe
S2 Ashampoo Defrag Service;Ashampoo Defrag Service;d:\program files\AshampooMagical Defrag 3\defragservice.exe
Ashampoo Magical Defrag > Stopped, Automatic
Ashampoo WinOptimizer 6 > Running, Demand
Ashampoo Core Tuner > Stopped, Automatic
===========================================
Remote Desktop USB Hub Filter Driver
R3 TsUsbFlt;TsUsbFlt
=========================================
And one more:
S2 Power Control \CyberLink\PowerDVD DX\000.fcl
===================================
Connections: As long as you can identify them and want the process to run, don't worry
mDNSResponder.exe> belongs to the Bonjour for Windows service, which is Apple’s “Zero Configuration Networking” application, typically installed automatically by iTunes.>> Does it need to run in the background? NO
=====================================
I do this only to show you that the system can be clean and still have many processes running, some 'connection' some slowing you down. It's pretty much in your control.
======================================
Your computer is clean. Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Creating a Restore Point in Windows 7:
  • Click on Start> right click on Computer> Properties
  • Select System Protection
  • Click on the Create button (near bottom)
  • Type a name for the Restore Point
  • Click on Create again to save the restore point.

Deleting all but the most recent System Protection point in Windows 7
  1. Click Start> Computer> right click the C Drive and choose Properties> enter.
  2. Click Disk Cleanup from there.
    image2.png
  3. Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
  4. Click the More Options tab
    w7-srp2.png
  5. Click the Clean up under System Restore and Shadow Copies.
  6. Click OK.
  7. You will get a confirmation screen> Just click Delete.
  8. Click OK on the Disk Cleanup Screen.
  9. Click Delete Files on the Confirmation screen.
image6.png

It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
 
Thanks for all your help Bobbye and patience.

I'll have to keep a closer eye on the plugins on my computer and try to rein them in. I know that the Bing bar has be nigh on impossible to remove. It says its gone from the Add/Remove programs but its still there in Firefox.

Plugins that somehow got in even when I swore I wouldn't have any are:
2007 Microsoft Office System 12.0.4518.1014
Adobe Acrobat 9.4.4.235
iTunes Application Detector 1.0.1.1
Microsoft Office Live Plug-in for Firefox 2.0.4024.1
Mozilla Default Plug-in 1.0.0.15
QuickTime Plug-in 7.6.9
RealPlayer Version Plugin 6.0.12.1662
RealPlayer(tm) G2 LiveConnect-Enable Plug-In (32-bit) 6.0.11.2852
Shockwave Flash 10.2.152.32
Shockwave for Director 11.5.7.609
Silverlight Plug-in 4.0.51204.0
Windows Live Photo Gallery 15.4.3502.922
Yahoo Application State Plugin 1.0.0.7

Once I've gone over the autoruns and the services again (I swear I've done that twice already but they kept turning on) I intend to do a clean install of the latest Firefox. I don't use Silverlight or have a Windows Live ID or anything like that so that should clear some of the junk up.

Thanks again.
 
You might find some of those 'plug-ins' in the 'Manage Addons' section. Sometimes, a browser will 'trick' you with a message something like: "........needs a plugin or latest version of the software...". And of course one of the most common way for these to get on the system is from a pre-checked box on a download screen.

For Internet Explorer: Tools> Manage Addons> Win XP had 2 sections here: 1. Addons currently on system, 2. Addons previously used> If Win 7 has these 2, you will need to check both sections> IF you see an addon that you don't recognize, search to identify> for any addons you want to disable> Highlight> Disable.

Firefox has a similar feature: Tools> Addons> you can see Extensions & plugins in this section also. The same treatment applies: Highlight and either Disable or Uninstall.

Some of these programs may 'need' the plugin to work when using the Firefox browser: Check each on a Mozilla plugin support age to see if your OS needs the plugin.

  1. 2007 Microsoft Office System 12.0.4518.1014
  2. Adobe Acrobat 9.4.4.235
  3. iTunes Application Detector 1.0.1.1
  4. Microsoft Office Live Plug-in for Firefox 2.0.4024.1
  5. Mozilla Default Plug-in 1.0.0.15
  6. QuickTime Plug-in 7.6.9
  7. RealPlayer Version Plugin 6.0.12.1662
  8. RealPlayer(tm) G2 LiveConnect-Enable Plug-In (32-bit) 6.0.11.2852
  9. Shockwave Flash 10.2.152.32list]
  10. Shockwave for Director 11.5.7.609
  11. Silverlight Plug-in 4.0.51204.0
  12. Windows Live Photo Gallery 15.4.3502.922
  13. Yahoo Application State Plugin 1.0.0.7

Contrary what these programs would have us believe, most of the time, most of these addons or plugins aren't necessary. Of this list, I only have #5, 9, and 10- but It' on Win XP.

One good thing about disabling these is that if you find you do need it, you can just go back an enable it again!
 
Status
Not open for further replies.
Back