TheLandScapper Posted January 11, 2006 CID Share Posted January 11, 2006 Does anybody have any ideas? i'm on a 6Mbs Comcast connection. i was running at 2.5 but ran cable nut did a few tweeks and got it up to 3.9mbs i ran Hijack this but couldnt see anything wrong. did CCleaner virus adware spyware malware scans all clean. Comcast check my modem and its connected at 6.6mbs. Their sending out a teck but i want to make sure its not my comp befor he comes out. here are my scores :::.. Download Stats ..::: Connection is:: 3911 Kbps about 3.9 Mbps (tested with 2992 kB) Download Speed is:: 477 kB/s Tested From:: https://testmy.net/ (server2) Test Time:: Tue Jan 10 2006 21:25:52 GMT-0600 (Central Standard Time) Bottom Line:: 70X faster than 56K 1MB download in 2.15 sec Diagnosis: May need help : running at only 82.68 % of your hosts average (comcast.net) Validation Link:: https://testmy.net/stats/id-BE6DZU8FM Logfile of HijackThis v1.99.1 Scan saved at 9:31:13 PM, on 1/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32ACS.exe C:WINDOWSsystem32spoolsv.exe C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe C:PROGRA~1GrisoftAVGFRE~1avgemc.exe C:Program FilesTOSHIBAConfigFreeCFSvcs.exe C:WINDOWSsystem32DVDRAMSV.exe C:Program Filesewido anti-malwareewidoctrl.exe C:Program Filesewido anti-malwareewidoguard.exe c:TOSHIBAIVPswupdateswupdtmr.exe C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32TCtrlIOHook.exe C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe C:WINDOWSsystem32dlatfswctrl.exe C:WINDOWSAGRSMMSG.exe C:Program FilesTOSHIBAConfigFreeNDSTray.exe C:Program FilesToshibaTvsTvsTray.exe C:Program FilesTOSHIBAE-KEYCeEKey.exe C:WINDOWSsystem32TPSMain.exe C:WINDOWSsystem32TPSBattM.exe C:WINDOWSsystem32ZoomingHook.exe C:Program FilesTOSHIBATouchPadTPTray.exe C:toshibaivpismpinger.exe C:PROGRA~1GrisoftAVGFRE~1avgcc.exe C:Program FilesMicrosoft IntelliPointpoint32.exe C:Program FilesSoftSwiftEnhanced Windows BackupEWBackup.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:program filessoftwinbitdefender8bdnagent.exe C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:Program FilesSpybot - Search & DestroyTeaTimer.exe C:Program FilesAIMaim.exe C:Program FilesCommon FilesAheadlibNMBgMonitor.exe C:WINDOWSsystem32RAMASST.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:PROGRA~1MOZILL~1FIREFOX.EXE C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe c:program filessoftwinbitdefender8bdmcon.exe C:Program FilesWinampwinamp.exe C:Documents and Settingscrhis franzettiMy DocumentsHijack thisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.toshiba.com/search R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstart O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:WINDOWSsystem32mlljk.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM..Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM..Run: [TFncKy] TFncKy.exe O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM..Run: [NDSTray.exe] NDSTray.exe O4 - HKLM..Run: [HWSetup] C:Program FilesTOSHIBATOSHIBA AppletHWSetup.exe hwSetUP O4 - HKLM..Run: [sVPWUTIL] C:Program FilesToshibaWindows UtilitiesSVPWUTIL.exe SVPwUTIL O4 - HKLM..Run: [Tvs] C:Program FilesToshibaTvsTvsTray.exe O4 - HKLM..Run: [CeEKEY] C:Program FilesTOSHIBAE-KEYCeEKey.exe O4 - HKLM..Run: [TPSMain] TPSMain.exe O4 - HKLM..Run: [PadTouch] C:Program FilesTOSHIBATouch and LaunchPadExe.exe O4 - HKLM..Run: [ZoomingHook] ZoomingHook.exe O4 - HKLM..Run: [TPNF] C:Program FilesTOSHIBATouchPadTPTray.exe O4 - HKLM..Run: [Pinger] c:toshibaivpismpinger.exe /run O4 - HKLM..Run: [Notebook Maximizer] C:Program FilesNotebook Maximizermaximizer_startup.exe O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP O4 - HKLM..Run: [intelliPoint] "C:Program FilesMicrosoft IntelliPointpoint32.exe" O4 - HKLM..Run: [EWBACKUP] "C:Program FilesSoftSwiftEnhanced Windows BackupEWBackup.exe" /Q /START O4 - HKLM..Run: [DeadAIM] rundll32.exe "C:PROGRA~1AIMDeadAIM.ocm",ExportedCheckODLs O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay O4 - HKLM..Run: [bDMCon] "C:Program FilesSoftwinBitDefender8bdmcon.exe" O4 - HKLM..Run: [bDNewsAgent] "c:program filessoftwinbitdefender8bdnagent.exe" O4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe" O4 - Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab O20 - Winlogon Notify: mlljk - mlljk.dll (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32ACS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgemc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe" /service (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:WINDOWSsystem32DVDRAMSV.exe O23 - Service: ewido security suite control - ewido networks - C:Program Filesewido anti-malwareewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:Program Filesewido anti-malwareewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus Personalkavsvc.exe O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:WINDOWSmsoevc.exe (file missing) O23 - Service: Swupdtmr - Unknown owner - c:TOSHIBAIVPswupdateswupdtmr.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe" /service (file missing) Anybody have any other ideas on what i can do or see something i missed please help thanks for help Quote Link to comment Share on other sites More sharing options...
FallowEarth Posted January 11, 2006 CID Share Posted January 11, 2006 I'm not totally thrilled about this: C:WINDOWSsystem32TCtrlIOHook.exe ...anybody got any ideas? TheLandScapper ....first of all, what's a scapper? Ok back to business, is your PC a Toshiba? Looks like you've got some good security in there...Bit Defender, AVG, Ewido, Spybot S&D....none of these find anything? Have you tried CableNut? Read our sticky: http://www.testmy.net/forum/index.php?topic=2097.0 Quote Link to comment Share on other sites More sharing options...
TheLandScapper Posted January 11, 2006 Author CID Share Posted January 11, 2006 didn't didnt even realize i put scaPPer lol .... anyway i do have a Toshiba M55 ..... when i look up TCtrlIOHook.exe this is what it says Name: tctrliohook.exe Process Name: TOSHIBA Control Utility Hotkey Hook Description: tctrliohook.exe TOSHIBA Control Utility Hotkey Hook Author: TOSHIBA Part of: NA Virus: No Trojan: No Spyware: No Security Risk: 0 i think its the driver for my one touch dvd buttons or something like that on the Toshiba site thats what they said i could be wrong thou. Nope none of my security programs find anything ,maybe once in while a tracking cookie but thats about it but alittle while ago i did download the Generic trojan downloader MUM virus i did get rid of it thou within 5 min or so but maybe i missed something from this virus or my scanners aren't picking up maybe a part of it that might be left? i did read somewhere online that it isn't the easiest virus to get rid of ? whats every1 else think ? and i did try cable nut i used the 1500 cable setting from the downloads in the sticky. And to be completely honest with you i'm not quite sure what the numbers mean in the settings name can any1 tell me . i picked that setting cause it gave the the fastest and most consistent speed.(even thou today i'm running at around 2.9 to 3.5) thanks again for all your guys help Quote Link to comment Share on other sites More sharing options...
FallowEarth Posted January 11, 2006 CID Share Posted January 11, 2006 Check out securityresponse.symantec.com if you know the virus name. They have a lot that you can read up on about technicalities, removal, etc. Otherwise, if none of your security picks anything up, you can always try others. If nothing works, and your system seems to be suffering, usually you can get away with isolating and replacing files (ie. dirty install of OS/software). As a last resort, back up your stuff, format and reinstall. Quote Link to comment Share on other sites More sharing options...
compuworm Posted January 12, 2006 CID Share Posted January 12, 2006 I parsed your Hijackthis date and it didn't see anything in red. Anywasy, I would download, Spybot Search and Destroy and run scan. Also, download CCleaner and remove all temp files and do reg scan. Further, when was the last time you defragged your system? Are you behind a router? When was the last time you updated your NIC driver? compuworm http://Bad - Remove almost always OK Most of the time - don't need to touch Probably not needed - Safe to remove Generally harmless - third party applications Bad if you don't know what it is Unknown Item - Investigate further You can reference this log by going to: http://hjt.iamnotageek.com/parse.php?log=158181Logfile of HijackThis v1.99.1 Up To Date Version of HijackThis You are using the latest version of HijackThis. Check www.merijn.org frequently for updates. Scan saved at 9:31:13 PM, on 1/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe Smss.exe What is it? Session Manager SubSystem - smss.exe What does it do? smss.exe - This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang). Additional Reading: Smss.exe does not resolve forward references in environment You will not be able to end this through task manager! More info Virus Precaution: The smss.exe which is from Microsoft is located at c:windowsSystem32smss.exe . We've been able to find several viruses that run as smss to trick you. Adware.Advision - Symantec Corporation Adware.DreamAd - Symantec Corporation Backdoor.IRC.Aladinz.O - Symantec Corporation Backdoor.IRC.Flood.F - Symantec Corporation W32.Dalbug.Worm - Symantec Corporation W32.Resdoc - Symantec Corporation C:WINDOWSsystem32winlogon.exe Winlogon.exe What is it? Windows Logon Process - Winlogon.exe What does it do? Direct Quote from here: This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box. Search MS for more info: Link Virus Precaution: The original Winlogon.exe from Microsoft gets placed in the C:WINDOWSSystem32 directory. if you find it anywhere else then you should be suspicious for sure. You'll want to keep an eye on this google search for any known viruses. We've been able to find only 1 report of a virus so far. Troj/Madr-B @ Sophos Netsky.D @ Trend Micro C:WINDOWSsystem32services.exe services.exe services.exe is a part of Windows that manages the processes. Anytime a service starts or stops it is through services.exe. During system startup and shutdown is when this process sees most of its action. You should never end this process unless it is running outside of your windows system folder. C:WINDOWSsystem32lsass.exe lsass.exe What is it? Local Security Authentication Server - lsass.exe What does it do? lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token. You will not be able to end this through task manager! From MS The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you. C:WINDOWSsystem32Ati2evxx.exe ati2evxx.exe What is it? ATI External Event Utility EXE Module AKA ATI Hotkey Poller - ati2evxx.exe What does it do? ati2evxx.exe - This process provides optional features that the majority of us really couldn't care less about. The XT's overdrive feature uses this. If you have an XT you'll probably want to leave this on. This is installed as a service so you'll need to do the following to disable: Start --> Run --> services.msc Find ATI Hotkey Poller and double click it. Change the startup type to disabled According to ATI this process is supposed to have 2 instances running. ( link ) The best explanation I've managed to find for this is: (Source) We have to have the 2 instances to support multisession (fast user switch) support. A system service does not have access to change per user settings on a any session other than the default session. In fast user switch, multiple sessions get created. To be able to change the settings on non-default session we need to create a per user instance of the external event. Many users have reported this process to slow their boot time down. Virus Precaution: The original ati2evxx.exe from ATI gets placed at C:WINDOWSSystem32ati2evxx.exe . If you find it anywhere else then you should be suspicious for sure. You'll want to keep an eye on this google search for any known viruses. At this time I have not found ANY viruses that run themselves using this filename. All of the results currently affect this file in some way, but do not actually run as this filename. C:WINDOWSsystem32svchost.exe Svchost.exe What is it? Service Host Process - svchost.exe What does it do? Here's a direct quote from MS about this: (source) Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging. Svchost.exe groups are identified in the following registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it. 1.) Start --> Run --> cmd 2.) Tasklist /svc >C:ianaginfo.txt Here's an example of what I got when I issued this command if you'd like to take a look at an example. A Description of Svchost.exe in Windows XP: http://support.microsoft.com/?kbid=314056 More Info More Info Virus Precaution: The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure. You'll want to keep an eye on this google search for any known viruses. C:WINDOWSSystem32svchost.exe Svchost.exe What is it? Service Host Process - svchost.exe What does it do? Here's a direct quote from MS about this: (source) Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging. Svchost.exe groups are identified in the following registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it. 1.) Start --> Run --> cmd 2.) Tasklist /svc >C:ianaginfo.txt Here's an example of what I got when I issued this command if you'd like to take a look at an example. A Description of Svchost.exe in Windows XP: http://support.microsoft.com/?kbid=314056 More Info More Info Virus Precaution: The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure. You'll want to keep an eye on this google search for any known viruses. C:WINDOWSsystem32ACS.exe acs.exe What is it? acs.exe is associated with the Atheros configuration service. What does it do? used for configuring wireless network connections. More info: C:WINDOWSsystem32spoolsv.exe Spoolsv.exe What is it? SPOOLer SerVice - spoolsv.exe What does it do? spoolsv.exe - The spooler service is responsible for managing spooled print/fax jobs You will be able to end this through task manager! More info Virus Precaution: The spoolsv.exe which is from Microsoft is located at c:windowsSystem32spoolsv.exe . We've been able to find several viruses that run as spoolsv to trick you. Backdoor.Ciadoor.B - Symantec Corporation Hacktool.Privshell - Symantec Corporation VBS.Masscal.Worm (vbs) - Symantec Corporation Graybird-A @ Sophos C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe avgamsvr.exe avgamsvr.exe is a part of AVG antivirus. More information can be found here. Quote: AVG for workstations provide comprehensive antivirus protection for personal computers. The unique combination of detection methods (heueristic analysis, generic detection, scanning and integrity checking) ensures that your computer receives the maximum protection possible on multiple levels (Resident Shield, Email Scanner plug-ins, Personal Email Scanner, On-Demand and other tests, etc.). It is available as AVG Professional Single Edition for single workstation protection and AVG SoHo Edition (Small office - Home office) for home or small offices. C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe avgupsvc.exe avgupsvc.exe is a part of AVG antivirus. More information can be found here. Quote: AVG for workstations provide comprehensive antivirus protection for personal computers. The unique combination of detection methods (heueristic analysis, generic detection, scanning and integrity checking) ensures that your computer receives the maximum protection possible on multiple levels (Resident Shield, Email Scanner plug-ins, Personal Email Scanner, On-Demand and other tests, etc.). It is available as AVG Professional Single Edition for single workstation protection and AVG SoHo Edition (Small office - Home office) for home or small offices. C:PROGRA~1GrisoftAVGFRE~1avgemc.exe avgemc.exe AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses C:Program FilesTOSHIBAConfigFreeCFSvcs.exe CFSvcs.exe CFSvcs.exe - This is a process installed with Toshiba Notebooks it provides configuration options for these devices, this is non essential only terminate if causing problems. C:WINDOWSsystem32DVDRAMSV.exe DVDRAMSV.exe DVDRAMSV.exe - is a program acompanied by the DVD-RAM Utility Helper Service from Matsushita Electric Industrial. C:Program Filesewido anti-malwareewidoctrl.exe ewidoctrl.exe Part of Ewido security suite which is an anti spyware product. C:Program Filesewido anti-malwareewidoguard.exe ewidoguard.exe Part of Ewido security suite which is an anti spyware product. c:TOSHIBAIVPswupdateswupdtmr.exe swupdtmr.exe swupdtmr.exe - This is installed on Toshiba systems this provides additional configuration options for devices, this is non essential only terminate if causing problems. C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe xcommsvr.exe What is it? xcommsvr.exe is part of an antivirus application called bit defender. What does it do? Bit defender helps protect the PC against virus infections More info: Read more at www.bitdefender.com C:WINDOWSsystem32Ati2evxx.exe ati2evxx.exe What is it? ATI External Event Utility EXE Module AKA ATI Hotkey Poller - ati2evxx.exe What does it do? ati2evxx.exe - This process provides optional features that the majority of us really couldn't care less about. The XT's overdrive feature uses this. If you have an XT you'll probably want to leave this on. This is installed as a service so you'll need to do the following to disable: Start --> Run --> services.msc Find ATI Hotkey Poller and double click it. Change the startup type to disabled According to ATI this process is supposed to have 2 instances running. ( link ) The best explanation I've managed to find for this is: (Source) We have to have the 2 instances to support multisession (fast user switch) support. A system service does not have access to change per user settings on a any session other than the default session. In fast user switch, multiple sessions get created. To be able to change the settings on non-default session we need to create a per user instance of the external event. Many users have reported this process to slow their boot time down. Virus Precaution: The original ati2evxx.exe from ATI gets placed at C:WINDOWSSystem32ati2evxx.exe . If you find it anywhere else then you should be suspicious for sure. You'll want to keep an eye on this google search for any known viruses. At this time I have not found ANY viruses that run themselves using this filename. All of the results currently affect this file in some way, but do not actually run as this filename. C:WINDOWSExplorer.EXE explorer.exe What is it? Windows Explorer - explorer.exe What does it do? explorer.exe - Below is a direct quote from Microsoft found on THIS page: This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system. I have found that stopping this process is needed sometimes to stop some other processes. More Info More Info Virus Precaution: The original file from Microsoft gets placed at C:WINDOWSSystem32explorer.exe . if you find it anywhere else then you should be suspicious for sure. You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus. Deloder-A @ Sophos MyDoom.B @ Symantec C:WINDOWSsystem32TCtrlIOHook.exe Unknown Item Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it. C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe TFncKy.exe TFncKy.exe - This program made by Toshiba makes keys(F1-F12) functionable. C:WINDOWSsystem32dlatfswctrl.exe tfswctrl.exe tfswctrl.exe is HP's packet writing software. It is similiar in function to Adaptec's DIrectCD. Basically you can copy files in windows explorer to the CD drive and it will write them straight to the CD. Windows XP has CD writing functions built in so programs like this are slowly going away. C:WINDOWSAGRSMMSG.exe agrsmmsg.exe agrsmmsg.exe is installed as a part of an IBM AMR modem driver. Since this is a software modem your connection probably won't work correctly without this process running. C:Program FilesTOSHIBAConfigFreeNDSTray.exe NDSTray.exe NDSTray.exe - This is a process from the Configfree traybar utility on Toshiba laptops, this allows you to be able to click between network devices by clicking an icon. C:Program FilesToshibaTvsTvsTray.exe Unknown Item Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it. C:Program FilesTOSHIBAE-KEYCeEKey.exe CeEKey.exe CeEKey.exe - This is a program with the satelite E-Key software from Toshiba, this is non essential. C:WINDOWSsystem32TPSMain.exe TPSMain.exe TPSMain.exe - This process is fro mToshiba laptops/desktops, this takes care of saving power when your system is not in use it saves power, this is non essential. C:WINDOWSsystem32TPSBattM.exe TPSBattM.exe The process belongs to the software TOSHIBA Power Saver by TOSHIBA Corporation (www.toshiba.com). Description: TPSBattM.exe is located in the folder C:WindowsSystem32. Known file sizes on Windows XP are 45056 bytes (69% of all occurrence), 40960 bytes, 36864 bytes. File TPSBattM.exe is a file without information about the maker of this file. The program has no visible window. The file is not a Windows core file. File TPSBattM.exe is located in the Windows folder, but it is not a Windows core file. Therefore the technical security rating is 6% dangerous, however also read the users reviews. Important: Some malware can camouflage themselves as TPSBattM.exe, particularly if they are located in c:windows or c:windowssystem32 folder. Thus check the TPSBattM.exe process on your pc whether it is pest. C:WINDOWSsystem32ZoomingHook.exe ZoomingHook.exe ZoomingHook.exe - This is assiciated with Toshiba zooming utility for Tablet PC. C:Program FilesTOSHIBATouchPadTPTray.exe TPTray.exe TPTray.exe - This is a process from the traybar for Toshiba laptops, it provides easy access to the configurations on the touchpad. C:toshibaivpismpinger.exe pinger.exe pinger.exe - This brlongs to Toshiba it checks for software updates, this is non essential only terminate if causing problems. C:PROGRA~1GrisoftAVGFRE~1avgcc.exe avgcc.exe AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates C:Program FilesMicrosoft IntelliPointpoint32.exe point32.exe What is it? Microsoft Intellimouse Monitor - point32.exe What does point32.exe do? This is the mouse settings tray icon. Some people report that you must have this running for the programmed extra button support. If you don't program those buttons for special tasks then you'll want to shut this process down. Virus Precautions: You'll want to keep an eye on this google search for any known viruses. The normal location of point32.exe is C:Program FilesMicrosoft HardwarePoint32.exe At this time I did not find anything using this filename! Also . C:Program FilesSoftSwiftEnhanced Windows BackupEWBackup.exe Unknown Item Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it. C:Program FilesATI TechnologiesATI.ACEcli.exe cli.exe What is it? ATI Catalyst - cli.exe What does cli.exe do? cli.exe quote's are from the startup DB. There are 2 primary listings. One is called cli.exe systemtray and it is: "System Tray access to ATI's CATALYST Quote Link to comment Share on other sites More sharing options...
cdf216 Posted January 12, 2006 CID Share Posted January 12, 2006 To be honest that's a lot of unnecessary stuff running in the background that could potentially be slowing your connection by either using bandwidth or making data go through unneeded processes. Look for a little application called "Enditall" run it and use it to "kill" all non critical processes running on your computer, then try another speed test. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.