DrWaton Postmortem Debugger

10 answers Last reply
More about drwaton postmortem debugger
  1. This will keep you busy for a while.

    First you have an amazing amount of stuff running at all times.
    Start with Utorrent. Unless you are actively using it TURN IT OFF..
    Peer Guardian with Utorrent is a good thing.
    A FIREWALL with P2P is also a good idea.
    Enough of that.

    The following may seem harsh but I dont mean for it to be. So please explain where you can.

    I see a WD drive manager. What does that do for you?
    Same with the cronosoft\quickhide hide windows (wife?porno?)

    Most of the following can be turned off until you need it (including Utorrent)
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\drivers\itech4\itech.exe (not sure what this is)
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    ITunes


    Also what is this E:\bootcd\wintools\autorun.exe
    Is this part of Alchohol or are you running Linux?
    And this as it says at the top you are on IExplorer
    C:\Program Files\Mozilla Firefox\firefox.exe why is that running.


    Ok we are at line 48 now if you're keeping track.

    BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    Ill see if I can find more on this cause it seems bad when there is no identity.

    As for bonjour Im not sure what it does. I know it has to do with Apple and Ipods but I have turned it off and the kids havent bitched yet so maybe try it.

    Lines 57 to 70 explain where the program is launced from.(same items as above)
    Most you can goto start|run|msconfig|startup and uncheck them.

    Basically we are at line 70

    I think the malware bytes took care of the trojan that you had but I think the main reason for your slowdown is the maazing amount of stuff you have running all of the time.
    Almost all of the things I mentioned (except the noted ones) can be turned off and will restart when required. eg. real player only needs to start when a real file is encountered and will do it by itself.

    Please turn these things off and repost a hijack this log and we can go from there.
  2. Ok that looks somewhat better, and yes the less things that are running the better off you will be as most of your 2 megs. memory are always in use and therefore so is your HDD swapfile constantly moving things in and out to memory.
    So programs will take longer to load and to function.


    First when I run Utorrent I dont generally seed much. I know it says that you should
    but I havent really seen my speeds go up due to that. In fact my speeds seem to go down as all of my bandwidth is consumed with the uploading.
    I am only on a 2MB connection. Generally if you have many seeds you will get a download rate.
    Also having running 24/7 means you have a much better chance of getting caught as I did. Peer Guardian helps but it isnt foolproof. Going through a proxie is better as it is harder to trace.

    As for the unidentified BHO at line 48 it has something to do with MSN Messenger.
    Being a BHO it probably only runs when Messenger does so no big deal.

    Is your External HDD on a USB setup?
    If so you may be able to disable that (line 25 newest hijack log).
    I have that drive and a Maxtor drive external and dont have that running.
    I think it may have to do with the backup feature of the drive, so you should be able to turn that off until you need it.

    Regarding the programs that you aren't sure how to turn off you can click the start button and then run.
    Type msconfig and ok. Then go to the startup tab and you will see most of the things that start automatically when you turn on your computer. Just uncheck the boxes of the things that you dont want to start.
    If you aren't sure, leave some on and we will deal with them later.
    The worst that can happen is something wont work and we can turn them back on.

    The itech.exe process seems to be missing in the recent hijack log so possibly whatever you turned off took care of it.
    I googled it and didnt really get a satisfying answer but it could have to do with a bluetooth device. Do you have one of those?
    If not look for it in startup and uncheck it.

    Once you uncheck these things in startup and reboot you will see a message
    saying that you have started in a diagnostic setup or some damn thing like that.
    Just tell it OK. It will then take you to the Msconfig page again so just close it.
    You will also see a checbox to "Dont show me this warning again"
    Dont check that box just yet so that if you need to get back there you wont have to look for it. When everything is done, then you can check the box.

    As for everything below line 69 in the newest log dont worry about those just yet as many will disappear when the ones on top disappear.


    The Hirans boot cd looks pretty interesting. Im going to look into that for myself.
    I have several of those things now but to have them in one package would be pretty helpful.

    One last thing. It still shows that you are running both Iexplorer and Firefox.
    Is someone else on the network using that at the same time or do you have that set to come on in some way. Having both at the same time consumes alot of memory.

    Once we get this sorted out you will think you have a new computer.
  3. First of all i'd just like to say thanks once again for taking the time to view my thread.


    uTorrent

    The only reason why I leave uTorrent open for seeding is for the shear fact that I'm a member of a private torrent tracker (a small community) of which I like to seed for (also having my own profile/ratio)

    I really don't care much about my ISP viewing what I am downloading (in all honestly I don't care at all)

    External HDD

    Yes, my External HDD is a on a USB setup.


    Automatic Startup Programs

    Thank you, that gives me a much more advanced interface from which I can set to my own personal settings quite simpler.


    iTech.exe

    Yes, i did in fact take care of that it turns out it was my son running that process
    he claims it was for a game called Runescape.


    Warning Box

    Will do.


    Hiren's BootCD

    Yes, it's been proclaimed as "A profession in one program"


    Iexplorer & Firefox

    I have no idea why both are running, i've just checked my processes 2 seconds ago and iexplorer isn't running.
    (If you have any ideas or anymore advice on this please tell me)


    Once again thanks so much for all your advice & help,


    RevolutionTT.
  4. Possibly you aren't running Iexplorer.
    I just asked because it states that on top of the hijack log so I though that is what you were on.

    As for runescape here is a good description I found in case you wonder what he's doing and the Itech makes sense.
    Maybe Ill turn my kid onto that game. He's pretty into world of Warcraft.
    http://en.wikipedia.org/wiki/RuneScape

    Also I have a few questions about private trackers that maybe we can discuss through the PM feature and not in a open forum because it wasnt my isp that had a problem with it they just told me about it.
    If you arent worried about things there must be a reason. wink wink.

    Also no problem with the help I'm laid off and real bored.
    I like the thought of being helpful.
  5. Lol, as do I 90% of the time i'm just helping out in IRC.

    Regarding the private trackers, we can discuss it via MSN if you like.

    aaron-nagy@hotmail.com


    Though if you prefer PMing from this forum i'm fine with that also.
  6. Yeah on the forum is easier for me as I dont generally run MSN.
    Not to say i wont I just never had a reason so I dont really know how.
    Same with skype. I just use it for phone calls.

    Give me a little while as I booted into XP to try and get some settings for someone else Im trying to help and Ill give it a try.
  7. All good contact me via whichever you like (preferably in the next hour or so since it's 6 am and I have to go out soon)
  8. PMd you from here
  9. Hi there,

    I think you guys should check out OPSWAT.com there are 2 or 3 products that may be a match. I think that OESIS Framework provides a single interface to many antivirus and AVG is in that list. Another option is, I think, Metascan which is more for ISV.
    I also found that AVG is certified by OPSWAT.

    I hope this helps.
    Regards,

    Brian
Ask a new question

Read More

Security Apps