Dialup connections tabs

[highup]

Recently the confuzer's CPU has been pegged while not doing much of anything. It's done this a few times. The computer is slowed nearly to the point of freezing up.
There's two graphs, maybe because it's a dual core processor?

Here's what it looked like with only this forum running on the fully loaded up....... nothing else, no other web pages up, no other processes running.
This website was fully loaded up and I was reading something.
At this time, Firefox was hogging 50% of the CPU

The third image is December 9th, same issue. The computer slowed a lot so each of these times, so I opened the task manager to find this going on.

In the past 6 months or so, ..........maybe a year, the computer has frozen a few times and needed to be shut down or rebooted with the buttons on the front of the computer.
If I had looked at the task manager during those episodes, (had I been able to) I bet the graph would have looked like this then too.

 

[highup]

If it helps, I have an old "Everest Ultimate Edition" program installed to feed you computer data.
Somewhere on it, I remember reading stuff like power supply voltages, fan speed and temperature. ........plus the obvious data.

 

[Nick]

Don't need that Hi. Did you try updating in safe mode ?

You can also try running it in safe mode .

 

[highup]

Don't need that Hi. Did you try updating in safe mode ?

You can also try running it in safe mode .

My modem doesn't show up in safe mode. I can't dial up. I use an external USB modem.
The ethernet connection shows up, but that doesn't do me any good.

I'll try to update to the new version when I get home tonight. With 20 mb it will take a couple hours.

 

[highup]

Don't need that Hi. Did you try updating in safe mode ?

You can also try running it in safe mode .

Updated the program to 2.2.0.1024 then it updated the database. I clicked on the free trail period....... assuming it may scan for more data for you.
Here's the scan.
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/15/2015
Scan Time: 8:20:48 PM
Logfile: First run 12 15 12.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.09.22.05
Rootkit Database: v2015.12.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: roy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 723469
Time Elapsed: 44 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Nick]

My GUESS is it did not like the sign in pop up.

If that is the bank's IP address, add it and that should stop that noise.

When the 30 day trail expires, use Revo uninstaller , using the most advanced option, to get rid of it.

https://www.google.com/url?q=http:/...ds-cse&usg=AFQjCNE0uUChnlZFsKu-KKyOkKNJicmaNA

 

[Nick]

Run Temp File Cleaner by OldTimer.

See how much junk , temp files, it can remove.
My record is 7200 MB

http://api.viglink.com/api/click?fo...s/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

[highup]

I was hoping there would be a retrievable record of how much was removed.
From just one location, the temp, temp internet and JAVA, there were 17,346,222kb were removed.
I wished I had checked the amount of used space in the C drive prior to running this program so I'd know how much space I gained.
The program probably ran for probably 5 minutes....... it just kept running and running.
I have no clue how much was removed.
Much of it was probably from the previous owners.

 

[Nick]

There are 1000kB in 1MB.

 

[Nick]

If you have a XP cd, the fix for the mbr is easy.

http://api.viglink.com/api/click?fo...ngcomputer.com/forums/t/138692/xp-boot-fixes/

 

[highup]

I still have the XP Pro that I borrowed back from the business owner. When I put it into the confuzer, it says that it's not compatible with the XP Pro version that's installed on this confuzer.
The CD has version 2002, copywrite 2004 printed on it. Confuzer is 2008ish. When I looked in the files at the office, this CD was in the file they saved/labled from this employee. I didn't see any others.

 

[Nick]

Download Combo Fix Hi,And post the log for me .

http://www.google.com/url?sa=t&rct=...IR0NKZdnds9Tmpf2EF1zxBQ&bvm=bv.82001339,d.cWc

 

[highup]

When it loads I assume I click "run" ?

 

[highup]

Scary........... after I logged back on here, the page was Internet explorer..... I never use Internet Explorer. I had to go check Firefox as my default browser. All Ok other than that I think.
Here ya go.
ComboFix 15-12-16.01 - roy 12/17/2015 1:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1160 [GMT -8:00]
Running from: c:\documents and settings\Roy\My Documents\Downloads\Combo Fix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\Roy\g2mdlhlpx.exe
c:\documents and settings\Roy\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Roy\WINDOWS
C:\Install.exe
c:\windows\system32\FAST2003.ocx
c:\windows\system32\FAST2006.ocx
.
.
((((((((((((((((((((((((( Files Created from 2015-11-17 to 2015-12-17 )))))))))))))))))))))))))))))))
.
.
2015-12-13 21:11 . 2015-12-13 22:10 -------- d-----w- C:\AdwCleaner
2015-12-13 11:36 . 2015-12-13 11:36 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-13 11:36 . 2015-12-13 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2015-12-12 05:55 . 2015-12-17 02:08 -------- d-----w- C:\FRST
2015-12-08 04:51 . 2015-12-08 04:51 -------- d-----w- c:\windows\system32\wbem\Repository
2015-12-03 19:31 . 2015-12-03 19:31 -------- d-----w- c:\documents and settings\Roy\Application Data\Oracle
2015-12-03 08:12 . 2015-12-03 08:12 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-17 07:02 . 2014-11-28 10:19 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-04 00:37 . 2015-06-29 01:47 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-04 00:37 . 2015-06-29 01:47 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-06 15:58 . 2013-07-05 04:36 435464 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-11-06 15:58 . 2013-07-05 04:36 794952 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-10-05 17:50 . 2014-11-28 10:19 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 17:50 . 2014-11-28 10:19 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-29 21:33 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-06 6111312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-18 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-17 15:32 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Roy^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Roy\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 12:42 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-07-24 22:22 450560 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"scan"=3 (0x3)
"bddepsrv"=3 (0x3)
"ERSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Zoom\\Config\\MOHConfig.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7/4/2013 8:35 PM 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7/4/2013 8:36 PM 208664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [7/4/2013 8:36 PM 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7/4/2013 8:36 PM 435464]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/4/2014 10:35 AM 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7/4/2013 8:35 PM 76000]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [7/26/2013 5:48 AM 196624]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]
R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [9/26/2015 10:01 PM 87040]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [8/29/2015 1:33 PM 161472]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [9/26/2015 10:01 PM 28928]
S0 gdxwdm;GDXWDM;c:\windows\system32\DRIVERS\GDXWDM.sys --> c:\windows\system32\DRIVERS\GDXWDM.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [11/28/2014 2:19 AM 1513784]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [11/28/2014 2:19 AM 1135416]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [11/28/2014 2:19 AM 121560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/28/2014 2:19 AM 23256]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/4/2013 2:45 PM 606056]
S4 bddepsrv;BitDefender Deployment Service;"c:\windows\_BDDEP_\bddepsrv.exe" /service --> c:\windows\_BDDEP_\bddepsrv.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-29 21:33]
.
2015-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0453e42803f0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:44]
.
2015-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0453e471ec79.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:44]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: google.com\www
Trusted Zone: live.com\blu177.mail
Trusted Zone: outlook.com
TCP: Interfaces\{6E426E0E-BEEE-40F5-A44C-42312776BD0F}: NameServer = 64.136.173.147 64.136.164.146
TCP: Interfaces\{8B134E05-811E-4F1B-A5EC-542702CFBB08}: NameServer = 192.168.0.4
FF - ProfilePath - c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\oms9zlzf.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
AddRemove-Adobe Flash Player NPAPI - c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_Plugin.exe
AddRemove-PDF-XChange 3_is1 - c:\program files\Apex Software\Apex Medina\PDF Exchange\unins000.exe
AddRemove-Terrain Navigator Pro - c:\documents and settings\All Users\Application Data\{2D942E8C-A21E-490F-ABA1-D8E1E025892B}\Setup.exe
AddRemove-{75080CC2-D65D-4EEB-83C1-888322CCF356} - c:\documents and settings\All Users\Application Data\{2D942E8C-A21E-490F-ABA1-D8E1E025892B}\Setup.exe
AddRemove-WinDirStat - c:\downloads\1Newdownloads\WinDirStat\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-17 01:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2101575691-1799400712-1289588436-1109\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2015-12-17 01:54:59
ComboFix-quarantined-files.txt 2015-12-17 09:54
.
Pre-Run: 74,267,684,864 bytes free
Post-Run: 74,229,477,376 bytes free
.
- - End Of File - - 2F8D375876E5AABDE4CB6831F4F62E2B
8F558EB6672622401DA993E1E865C861

 

[highup]

Run Temp File Cleaner by OldTimer.

See how much junk , temp files, it can remove.
My record is 7200 MB

http://api.viglink.com/api/click?fo...s/file/187-tfc-temp-file-cleaner-by-oldtimer/

How about an even 10GB
59.23 free space before, and 69.1GB free space after running that program........ and my confuzer is still afloat?
The HD is 149.02GB total

 

[Nick]

Running any better ?

 

[Nick]

Boot to the cd and select the first R

If I remember right that will be the recovery command line console.

I remember running the fixmbr from there. Which worked for me. Been a bunch of years ago, so I forget all the exact steps.

 

[highup]

Running any better ?

It's been a gradual getting better process Nick.
Computer was running like crap just past Thanksgiving. Then the graphics were screwing up and one fine morning, a pop up appeared saying it "found new hardware"......... um....... my graphics card?
Oh well, I dug up the info and downloaded the NVIDIA graphics driver and The problems seemed fixed. Other issues, so I then downloaded the latest Adobe shockwave player.
The confuzer was doing better and better. Next was checking out my modems techincal info, and of course its 57,200 like they all are, so I did two thngs.
I changed my connection speed from 115,000 back to 57,200, and I also opened up the firewall and added my USB modem to the "exceptions" list.
Seems from then on my connection speed has been more consistent, 44,200 to 48,000
Prior to this it was getting hit and miss........ even down to 12,000 and occasionally into the single digits. I had to redial time and time and time again, or reboot the modem......... shut down the confuzer and reboot the modem. Grrr......... I never knew when I'd get back near 48,000. Sometimes it would do that for a day or two, then get better.

That's why I started this topic. Resetting the connection speed and adding the modem to the firewall's exceptions list seemed to be the beginning of good things to happen. The speed is better and more consistent and the connection doesn't seem to drop like it did before.
If my connection issues stay good, I'll know that it was problems on my end and not the phone company or MSN screwing with me.

The settings you have helped me change and the TFCleaner has sped things up, so this has definitely been a great help. Hats off to you.

 

[highup]

Boot to the cd and select the first R

If I remember right that will be the recovery command line console.

I remember running the fixmbr from there. Which worked for me. Been a bunch of years ago, so I forget all the exact steps.

CD says it isn't compatible with the installed XP program. The CD I got from the owner is an older XP version.

 

[Nick]

Run Combofix Hi. Post the log.