Avira Warnings, Java, CPU at 100%

11 years ago

The old XP Home SP3 has taken a turn for the worse.

Last week I got a lot of help on this forum to my post asking about Avira Free Warnings, that post is still on page 1 here. I took a number of actions based on that thread.

I also engaged in the discussions on the Java concern and uninstalled Java on that computer - I am on another computer at this time, a W7 which has also had Java uninstalled.

During the Avira investigation I ran a set of scans as suggested in that thread, and I added Advanced System Care, which I updated to version 6. This version "gave" me a performance monitor that upon boot displays on my desktop at the upper right corner. It shows % of use of the CPU, RAM, DISK, and NETWORK. Looking at it I was concerned the CPU was "stuck" at 100%, the other measures looked more reasonable with RAM at about 60% and steady, DISK at a couple of % dropping in and out of 0% and similar for NETWORK which showed very little usage.. all this did raise some concern in my mind about the CPU, but this morning upon boot, and CPU stuck at 100% I did some online email and some surfing and things seemed mostly normal, but the performance got noticeably slower over time, and finally almost stop processing my input. The ASC Performance Monitor showing CPU 100%. At times like these I get concerned something go into my computer and is reading my HDD - the Performance Monitor and the HDD indicator on the Notebook didn't show high HDD activity. In any case as a request for a normal shut down was experiencing the same delay I forced the computer down with the power off button.

Upon reboot the system came back up with the CPU indicating 100% and the system at an almost stand-still. I decided to request a normal shut down and after that I decided to go to another computer to input this story.

Any ideas on how to best proceed? I am inclined to want to disconnect it from my router, the Internet, while trouble shooting. Any word about on the Java problem? Again, I had uninstalled Java last week.

Comments (51)

jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Thanks, I am back on the XP computer, and the CPU still shows 100% on the ASC6 monitor - is there a Windows tool to "see" how much CPU is being used, or anything to check on the result shown by ASC6?

Upon a more-or-less normal boot time I ran ASC6 and this time I could immediately see a difference. I kept up a regular pace of walking through its test and finding the usual bunch of stuff to fix, mainly in the Register... noting in the malware category. I'll look further into the LdZ forum register - boy that's a new one.

At the moment everything seems just fine, my typing is immediately displayed and the browser (FF) scowls responsively. But, ASC6 still indicates CPU 100%.
grandms
11 years ago
last modified: 9 years ago
Jerry, a question for you. Did someone on this forum suggest you install and run Advanced Systems Care? If I recall correctly, a number of us here had concluded that this is not one of the best programs for optimizing the performance of your computer. I would tend not to use this program. In fact, I would uninstall it completely. You can check CPU useage with taskmaster. Right click the taskbar and choose taskmaster which will show running programs, running processes and percentage of CPU usage. For "cleanup" tasks, most of us here use cCleaner for getting rid of temporary files and the like. I even use the registry portion of cCleaner, always saving a backup in case it needs to be restored. I always use the default settings and have never had a problem using it.

If you continue to have problems, I second Raven's suggestion of visiting and registering at the LanzDown forum, just in case some malware is lurking on that computer. They have helped me when a hijacker took over my search preferences.
Related Discussions
Firewall is not turned on message
Q
Comments (86)
it does take a little getting used to and letting the program learn, it will pop up and ask you do you want to let such and such connect to the internet you will likely know what is asking because you are trying to use something that needs access so in those cases say yes, if it is something that needs to access it regularly like your antivirus check mark where it says remember this so it does not ask each time. Do not give server rights some things will ask but it is not necessary once you say no to server rights it will next pop up asking for access, that you can allow. If it is something you do not recognize asking then say no and see if you can determine what it is, if you had some type of malware that is trying to phone home you would not want to allow that access. I prefer mine to pop up and ask each time with some of the rarely used stuff I like to know what is connecting. When getting zonealarm or any other free firewall or any program actually be very alert during the install period and uncheck or do not allow the addition of any toolbars or extras, Zone alarm unfortunately now does try to include a toolbar with the free version, you do not want that toolbar. and if you have problems or questions just ask. When something like generic win 32 something ask for permission say yes or you will not be able to connect to the internet, that is one to check mark always allow. Yes as grandms said with cable you have a direct connection and with no router in between you and the internet that even more dictates the use of a software firewall. The benefit of a router with built in hardware firewall is great but I use both on my windows machines, actually my linux has guarddog firewall built into it so I even have one on linux. The link I had provided the main reason I do refer that link is that there are such good instructions and pictures for someone new to firewalls.
...See More
Is windows security essentials really that good?
Q
Comments (13)
I found the following very interesting article written by 'imdoody' here:- It really does not matter what antivirus is used, but have it. Even more importantly, be smart when using the web and internet. Here are some very good steps that will prevent almost all Maleware/viruses (The crazy thing is, it's not a program; Its You, the end user!) 1. Don't look at Adult Material (aka Pr0n) on the internet. 2. Don't download kazaa, bear share, limewire, etc, etc.... buy your music for real. You end up spending more money paying "geekpatrol" (trying not to use real names) to fix all the viruses you received because your 13 yr old daughter was trying to download the latest Avril Lavreign song on limewire. 3. Stay away from anything free (i.e. "try this free for 2 weeks, cancel anytime, free acie berry diet pills... the list goes on..." some free stuff is good, like MS security essentials....) 4. Don't click on untrusted "Sponsored adds" or download email attachments from untrusted senders. (UPS, facebook, or ebay will not send an attachment to update your password, or track a package.... EVER!) 5. Facebook is great for catching up with old friends, or staying in touch with new ones. But stay away from all the ads and BS games. 6. Don't click on pop ups or windows that say things like "1200 viruses found click here to clean!" (Wait, how did they find 1200 viruses and when did I start a scan? OH I don't remember installing AntiVirus 2010!!!! ("alt+F4" is your friend it will close fake pop ups like these.) you may loose what you are looking at but it is worth it. 7. DO google search companies that you are unsure about followed by "Consumer reports" or "BBB" (Better Business Bureau) 8. DO use intra site searching when using google. Example: you are searching for Microsoft security essentials, if you put "site: microsoft.com" after your search keywords it will search through Microsofts site first and display those results before any other sites. 9. DO right click and select "Copy shortcut" for any unusual looking links and paste it into notepad, the displayed text for a link can be deceiving... http://www.ebay.com is much different from http://www.ebay.oedl.eds.something.com, websites are ready backwards starting with the .com then the primary domain, this example would be ebay. and.. 10. DO WATCH your kids internet and computer use.... No you are not snooping, or creeping, or invading privacy... you are being a good parent. I cannot stress this enough! The internet can be a dangerous place; I know, I've been there.... Look into http://www.opendns.com for keyword filtering, restricting websites, and many other free options. I hope this helps a bit, as I have been in the IT field for quite a few years I have seen all the different types of users, and one thing they all have in common is that they don't understand the technology. But with a couple easy to remember tips it is easy to stay away from viruses and maleware. one more, search: "uninstall software site: microsoft.com" and "removed Tool bars site: microsoft.com" get rid of un-needed programs and excessive toolbar addins.... if you have more than one tool bar in your internet explorer, you should get rid of them (and watch when installing apps, like yahoo messager, Adobe Reader, java, etc. They all have a prechecked checkbox to install a toolbar. just uncheck it.... ) O and Run an antivirus/antimaleware.... doesn't matter which just make sure some popup said if you buy this now it will fix your problems. Trust the trusted providers,
...See More
Web page has blanks previously included
Q
Comments (34)
OK, here's that log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:55:30 PM, on 8/29/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - (FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: HP Smart Select - (58ECB495-38F0-49cb-A538-10282ABF65E7) - (no file) O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - (DDE87865-83C5-48c4-8357-2F5B1AA84522) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: (7530BFB8-7293-4D34-9923-61A11451AFC5) (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6727 bytes I get a warning on HJT that the publisher is unknown. Also, the version I have requires me to run it as administrator as I have Vista.
...See More
Spyware found
Q
Comments (34)
Yes, I do feel better about my computer security, but truthfully will feel a lot better when I get it all sorted out. Is it just me, or do you have to be a rocket scientist to understand SpywareBlaster? lol First of all, under Protection Status, Internet Explorer Protection, I ticked off both Active X Protection and Cookie Protection not being sure if I should do that. ie. Do I want to protect my PC from ALL Active X and ALL cookies? I just left the 'Block List' alone since SpywareBlaster has 355 items selected, and since I don't know what I want to block or not block. After doing this, Internet Explorer Protection is 'partially enabled'. I don't know if that's what I should have. I have protection enabled for Restricted Sites - that, I think I understand. Do I want to do a System Snapshot? And with the Secunia, when I downloaded it I set it to automatically update out-of-date programs. Should I have selected that option, or should I manually update out-of-date programs that it finds? To respond to your recommendations (and thank you for making them), near: 1. I do have Windows set to automatically update, so I'm good on that. I checked up update history, and the only updates it recommends at this time are 7 optional ones. I never done the optional updates. 2. I'm seeing more and more recommendations for the MSE. So it only updates and runs once a week and not daily. I guess this is sufficient? I'm not sure if I'm going to switch over my AVG for something else, but MSE is in the running. 3. Check, on the MalwareBytes. Do you usually run a full scan or a Quick Scan? I've been running the full scan mostly. 4.Check, on the SpywareBlaster (but I have the above questions on it). I still haven't downloaded the SuperAntispyware. 5. I downloaded the Secunia. 6. I haven't downloaded the WinPatrol yet. I have been wondering if AVG will have a problem with it, or vice versa. But we'll see.
...See More
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
grandms, hello again : ) Thanks, and yes, the taskmaster, I had in fact used it (control/alt/delete) to force down stuck or unresponsive programs just for the issue of this post. Taskmaster show CPU = 100%.

I went to LzD and registered. I read the how to start a study but haven't gone further in part because the XP, now on it, is running at least as good as ever.

I believe ravencajun is another who doesn't trust ASC. If I recall a discussion in the past I think "jane..." is a supporter. I have not been using it but had it on my system and when I was having the problems last week and rand a number of check, including Avira scan I decided to get the update on ASC and got ASC6, which included the performance monitor which put me on to the CPU red-lining.

At the moment I am hovering and will not run anything to LzD or remove ASC6, and still wonder why the CPU is so busy.
DA_Mccoy
11 years ago
Just a thought.

Disconnect the system in question from the Internet and reboot. Check the CPU usage again. Difference? Also, try a reboot in Safe Mode without an Internet connection? Check the CPU usage. Improvement?

DA
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
DA

Thanks I'll run those tests, but I do note the ASC monitor that alerted me to the 100% on the CPU shows next to 0% for Network use - I assume the Internet.

I checked using the Task Manager the CPU usage on another XP (media in this case) Dell Desk Top and after boot the CUP showed between 2 and 0 % while I was watching. During the boot the CPU usage was much higher but only peaked at 100% for short spikes of time.

I suppose this is also something I can "offer" to the LzD group.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Here are the DA test results

Normal boot, Wireless off and on, CPU stuck at 100%

Safe boot, Wireless of and on, CPU low single digit % after boot.

Seem the wireless/internet not connected to problem, I am happy to report.

I have no idea what is off in the safe mode that puts a end to the overdrive on the CPU.
jane__ny
11 years ago
last modified: 9 years ago
I would uninstall the program you installed. I am not the 'Jane' who supported your choice. I've never heard of the program. If it were my machine and this CPU usage spike occurred after installing a program, I'd get rid of it immediately.

Jane
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Hum, Jane, it was you I thought liked Advanced System Care, sorry for the mistake. Or may be there is another blogger who uses Jane-something-else. This is not a anything I need to carry forward.

The 100% problem was reported by a ASC monitor, not caused by it.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
My mind works slowly but I finally made the connection on using the Task Manager "processor" report to see which processes are using CPU time... a MaxBack.. was using 99%. I shut that off and the CPU usage dropped to single digit % numbers.

I had install on this computer a Maxtor USB HDD for backup and had it set up to backup key files. Somehow it gets activated (need to look at start up list - how is that done?).

The Maxtor drive has not been connected for many months.

Well for the ASC detractors, its version 6 forces a Performance Monitor on me (which I can manually turn off) and it stuck the 100% useage right in my face. Thank you.
zep516
11 years ago
last modified: 9 years ago
"MaxBack.. was using 99%. I shut that off and the CPU usage dropped to single digit % numbers."

Can you tell us how you turned that off, was it through the task manager or was it through MSCONFIG.

When you reboot the computer is MaxBack restarting and using CPU again.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Exactly, I deleted the Maxtor Backup from the task manager to see what would happen, as said the CPU usage became more normal. Not wanting to uninstall the Maxtor application (why not? Not sure I may yet do that) I went to "msconfig" in the Start > Run box. Then went into the list of start up, removed the one that came closest (not an exact match) and while there removed check on "Tea Timer" (a SpyBot active Registry monitor) which was also a high CPU user, and while there removed the check on Open Office and a couple of other suspects I don't need to have waiting in the "wings". When I booted I got a XP Popup warning me I had changed the start up (no kidding) and I went on only to find for some reason my WiFi connection was not working. I couldn't get it going short of a reinstall - so I clicked on restore the start up and reboot got me back on line with the 100% CPU. It appears the only clean way forward is to uninstall the Maxtor backup application. This XP computer is a back up and does not have my critical realtime data.

I seem to recall I had an application that would allow editing of the startup list, not so system level as msconfig. I can't find it on this machine. I also wonder if I should remove Spybot, I can't say I run it ofter, but the on-line Tea Timer function may be too good to lose. Is there a consensus on this computer forum about the esential nature (or not) of Spybot? It is an old-timer (tell me about it) and was the first anti spyware application I put on a computer.
zep516
11 years ago
last modified: 9 years ago
You can't use msconfig to control start ups. Very bad idea, and that's why I asked if you had used it!!

Many people frequently use MSconfig as a long term solution to control startup processes and services. You will also see many websites condoning use of MSconfig and teaching you how to use it for controlling startups. This is a very bad idea for many reasons.

1 MSconfig was designed to be used only as a temporary debugging/troubleshooting tool. It was not meant to be used for long term solutions.

2 MSconfig does not show all startups anyway.

3 If you uninstall programs while they are being disabled with MSconfig, they will not be uninstall properly and you will have to resort to manual registry editing to properly get everything removed. MSconfig will leave orphan entries if/when installed software is uninstalled while under the control of MSconfig . When/if MSconfig is turned back to normal startup, it will give errors on boot due to those orphan entries.

4 MSconfig and Services:
If you uninstall programs while you have some of the programs services being controlled with MSconfig, the programs will not be uninstall properly and you will have to resort to manual registry editing to get everything properly removed.

When you uncheck a service in msconfig, you completely disable it. If you uncheck the wrong one, you may not be able to restart your computer.
It is safer to control services by using Control Panel, Administrative Tools, Services (this runs services.msc).

5 You can lock malware items into your registry that you may not see anymore until some point in time where you switch back to Normal Startup mode and now you can cause total reinfection of your PC with the malware. You need to remove the malware not mask it.

If you still don't understand why not to use MSconfig, see what Microsoft writes here: http://support.microsoft.com/kb/310560 The key point is stated as such:

The System Configuration utility helps you find problems with your Windows configuration. It does not manage the programs that run when Windows starts.

I suggest if you want to follow through on this problem in a systematic fashion, put everything back on in msconfig, uninstall spybot for now, and post a Hijackthis log, so we can create some base line to start to work with, if you leave the items you unchecked in msconfig I will not see them in hijackthis.
Elmer J Fudd
11 years ago
last modified: 9 years ago
Many swear by the benefit of using multiple independent utilities on PCs. Personally, I've never thought anything was needed beyond a highly rated and integrated antivirus/security system. Many lone wolf utilities have been found to be incompatible with others and to cause problems you may be seeking to avoid.

Some otherwise trustworthy installations/downloads will heavyhandedly change default settings, causing other apps to behave differently or stop working. I think they're best avoided. I treat download wanna-be's like telephone solicitors. Unless they can convince me in 10 seconds, the answer is "No".
zep516
11 years ago
last modified: 9 years ago
I'd have to agree for the most part, especially if you have that type of Anti Virus protection.
zep516
11 years ago
last modified: 9 years ago
Hi jerry,
After you put everything back to normal in msconfig and unistalled spybot, spybot will interfere with the fixes if any needed, I would have asked you to uninstall that anyway, you can reinstall when we complete if you wanted.

This is what I'd like you to do for us,

Download HijackThis from click Here to the Desktop. Click on the blue download box on that web page second box down exe version, when the little box opens save the file to the desktop then:
1. Double-click on HJTInstall.
2. Click on the Install button.
3. It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
4. Upon install, HijackThis should open for you.
5. Click on the Do a system scan and save a log file button
6. HijackThis will scan and then a log will open in notepad.
7. Copy and then paste the entire contents of the log in your thread.
8. Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

unistall list,

1. Open HijackThis
2. Select Open the Misc Tools section.
3. Select Open Uninstall Manager....
4. Select Save List...
5. Save it to your desktop for easy access.
6. A notepad will pop up with the contents of the list.
7. Copy and paste the contents of the notepad into your thread

Start up list

1. Open HijackThis.
2. Select Open the Misc Tools section.
3. Next to the button Generate Startuplist log, there are two boxes. Check both boxes.
4. Select Generate Startuplist log.
5. A prompt will come up asking if you want to continue; select Yes.
6. A notepad will pop up after it has finished generating the list.
7. Copy and paste the contents into your thread.

So when you get time we need 3 log reports from you in order to better help you.

1.The Hijackthis log

2.The uninstall list.

3.The Start up list.

Post all 3 of those and we will have a much better idea on how to advise you with your computer issues

Here is a link that might be useful: hijackthis bleeping
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Wow, this is a lot of support, you folks really have a big outreach...thanks.

Buried in my last post I said I restored the MSconfig start-up list. One thing I did learn there is there is a lot of "stuff" going on that can (do) eat resources - suppose that's why the RAM sits at 70% when I am not directly demanding any computer actions.

If I read correctly Spybot is not needed if I have, say, Avira, is that right? I understood Avira to be an antivirus and Spybot to be antispywear. As noted, Spybot does have an active (TeaTimer) process that "watches" requests to make changes in the Register. I went after Tea Timer only because of an sudden interest in what was using CPU resource.

I'll have to print out your great instructions on further trouble shooting. In fact I will print or otherwise store this thread (then likely forget I have it : ( )
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
I still have not stepped up to the full test, but plan to. But, taking a minute here and there I did look at:

Control Panel > Performance and Maintenance > Admin tools > Services

to look at start up programs. There I do find both the subject MaxBackServ as well as MaxSynService both listed as "automatic" and "local system". It is not clear to me how one either deletes them from that location, or how they are changed from "automatic" to "manual", which could address the CPU hogging for this currently unused function of Maxtor Back Up external HDD.

This case is on an older (at least 6 years old) Gateway Notebook so the battery must be near end-of-life, still I bet the CPU running at 100% had something to do with the short battery life, no more than an hour of just on, not playing games and very little surfing.
mikie_gw
11 years ago
last modified: 9 years ago
Just double click the Services you want to change to manual or disable. Easy to change things there and easy to forget you did that too :)

If you want to delete those services after uninstalling its program, from an Elevated Command Prompt:
sc delete serviceName

...you can see the proper service name on top of the window when you double click the service.. usually its shortened version of the friendly name.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Oh, yes, the old double click trick. I amaze myself the thing that I don't think of. I put the two processes associated with Maxtor in the manual start mode. I haven't yet re-booted but I expect the CPU to be near normal. Right now when I'm not typing the CPU shows between 10 and 0 %
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
StartUpLite
you were asking about a program for this.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Ouch, I downloaded StartUpLite and moved the 10 or so (estimate) processes it identified as candidate for "disable" or "delete". I read the description on each, and to my poor understanding concluded none needed to be loaded automatically. I did not delete, thanks for that. On a reboot my computer came up without the benefit of an automatic connect to my WiFi (or any WiFi). I used the Control Panel ...System to look at what was disabled and found a two or three (forgot already) that looked like they might be needed for WiFi. I changed those back to "automatic" and rebooted, my WiFi connection was automatic, enabling me to make this post.
Elmer J Fudd
11 years ago
last modified: 9 years ago
If you don't know exactly what you're doing and what the consequences are, the best thing to do is nothing.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Thanks Snidely, if I knew "exactly" what I was "doing" I wouldn't be here.

I took precaution, as noted, I clicked "disable" not "delete", followed immediately with a test. When I didn't like the test results I went back and changed "disable" to "automatic".
zep516
11 years ago
last modified: 9 years ago
You should at least create a restore point, so you know you have one. Even better back up the windows registry.

http://www.larshederer.homepage.t-online.de/erunt/
Back up the windows registry above.

Here is a link that might be useful: Create a system restore.

This post was edited by zep516 on Thu, Jan 17, 13 at 22:08
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Zep, thanks. I always have in the back of my mind that I can go to the last system saved restore point, guess that is often the last Windows Update. But, I do not know what restore restores. In my recent problem area I needed to restore the start up list. Would doing a restore to a point just before the start up list is revised restore that list?

On the subject of knowing everything, who knows what all the processes are that are in the Start Up? On the laptop I am using right now the "service" start up list has 110 processes, many of which have "programer" names, meaningless to the first time reader. Guess that's what the restore and backup are all about : )

Thanks again,
owbist
11 years ago
last modified: 9 years ago
who knows what all the processes are that are in the Start Up?

At 110 you seem to have plenty of things running Jerry. I have 53 and have that many running now for several months.

Your only sure way is very time consuming. Pacs Portal has been around for years and is a very good place to start your task. If you have never visited then read a little on the linked page before clicking to go to the "PROGRAMS" page.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Thanks, and right "read before using" which I should have applied before using StartUpLite. The small reset I had to go through on that came out well, but reading first would have been a better approach. This is not a complaint to ravencajun, I very much appreciate and benefit from her valuable responses.

Speaking of what's on the computer, this latest investigation in which I saw "trojan" flash by in the scan by Avira (who has the time to watch an Avira scan, ha!) got me to do a search/find on "trojan" I got 13 finds most ending in a .sbi and all associated with Spybot (sounds more like a virus issue than a spy issue). It appears all are related to update and perhaps quarantine - I'll look farther, and this may yet result in my removal of Spybot from this machine.
DA_Mccoy
11 years ago
Besides O's referral to the well-respected Pacs_Portal here's another longtime respected site with it's "our famous Task List".

DA

Here is a link that might be useful: Answers That Work
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
The one place I have gone for years has been to BlackViper, he is the resource most other resources use.
And for sure always read and understand how any program works before using it.

Black Viper : www.blackviper.com
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
ravencagun, thanks, this is my go-to forum for help because of people like you. The links and support referred to increase that value. I took a peek at the Pacs Portal and it appears that's the StartUP resource guide/help. I'll read tonight as my before bedtime reading :)

As is easy to see, I am a "babe in the woods" when it comes to trouble shooting (even using) the home PC. So I come here for help, rarely to add anything other than the results of application of advice I get here. I grew up with computers, going back to the room full size main frames with vacuum tubes for the electronics. I am a retired electrical engineer. I think this has just made me more amazed than the English Lit major with what has happened to computers and software.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Zep516

Here is the log from HijackThis. Spybot was uninstalled. The Maxtor programs that were causing the 100% CPU were changed to "manual" and were thus not running.
Here are the HyjackThis first test:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:09 PM, on 1/18/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\MagicMus\MulMouse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\UCS\VIRTUA~1\CitiUCS.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\WINDOWS\system32\OBroker.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6216
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurylink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - "02478D38-C3F9-4EFB-9B51-7695ECA05670> - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - "18DF081C-E8AD-4283-A596-FA578C2EBDC3> - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - "3CA2F312-6F6E-4B53-A66E-4E65E497C8C0> - (no file)
O2 - BHO: Citi UCS Helper - "7AED0DC9-374E-440D-B966-BE292971225B> - C:\Program Files\UCS\Virtual Account Numbers\CitiUCSHelper.dll
O2 - BHO: Google Toolbar Helper - "AA58ED58-01DD-4d91-8333-CF10577473F7> - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - "AE7CD045-E861-484f-8273-0445EE161910> - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBrowserHelperObject Object - "CA6319C0-31B7-401E-A518-A07C3DB8F777> - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - "D4027C7F-154A-4066-A1AD-4243D8127440> - (no file)
O2 - BHO: JQSIEStartDetectorImpl - "E7E6F031-17CE-4C07-BC86-EABFE594F69C> - (no file)
O3 - Toolbar: Adobe PDF - "47833539-D0C5-4125-9FA8-0819E2EAAC93> - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - "2318C2B1-4965-11d4-9B18-009027A5CD4F> - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Virtual Account Numbers - "A1BDF46B-9DE6-4090-8791-84F26E00934C> - C:\Program Files\UCS\Virtual Account Numbers\CitiUCSToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [UCS Virtual Account Numbers] C:\PROGRA~1\UCS\VIRTUA~1\CitiUCS.exe /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Real.com - "CD67F990-D8E9-11d2-98FE-00C0F0318AFE> - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: "6414512B-B978-451D-A0D8-FCFDF33E833C> (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341410157171
O16 - DPF: "6E32070A-766D-4EE6-879C-DC1FA91D2FC3> (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341410133812
O16 - DPF: "7530BFB8-7293-4D34-9923-61A11451AFC5> (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: "CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA> -
O16 - DPF: "CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA> -
O16 - DPF: "CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA> -
O16 - DPF: "CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA> -
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - "438755C2-A8BA-11D1-B96B-00A0C90312E1> - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - "8C7461EF-2B13-11d2-BE35-3078302C2030> - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13077 bytes

****************************************************
Sorry here's were I got lost. You said "uninstall" list, I closed the clip board. You said Open HijackThis, I closed HijackThis and opened it again. Select Misc Tool Section, I think I did and it put me on a Trend Micro home page. You said select Uninstall Manager, I could not find Uninstall Manger on Trend Micro.. somewhere else?

I post the first step in case it stands on its own, but I need help if we are to go to the second step.

Thanks,
Jerry
zep516
11 years ago
last modified: 9 years ago
No you should have not been sent to trend micro,

Take you time and see instructions again,

1. Open HijackThis
2. Select Open the Misc Tools section.
3. Select Open Uninstall Manager
4. Select Save List
5. Save it to your desktop for easy access.
6. A notepad will pop up with the contents of the list.
7. Copy and paste the contents of the notepad into your thread
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Must have been too late last night.

Here is step two: Uninstall List and Start Up List
Boy, this is taking up some space on the forum, Thanks for asking and for looking/checking.

Jerry
******************************************************

Uninstall List

7-Zip 4.65
Adobe Acrobat 7.0.9 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
AstroViewer 3.1.5
Audacity 1.2.6
Autostar Suite
Autostar Suite Astronomers Edition
Avira Free Antivirus
Blackhawk Striker 2
Blasterball 2 Revolution
Bonjour
Broadcom 802.11 Network Adapter
Browser Address Error Redirector
Browser MOUSE
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
DiMAGE Viewer
DVD Solution
EPSON Attach To Email
EPSON Perfection V100 Photo Scanner Driver Update
EPSON Perfection V100P User's Guide
EPSON Printer Software
EPSON Scan
Eraser
Eraser
ESET Online Scanner v3
EZ Vinyl Converter 2.0.0 by MixMeister
Garmin City Navigator North America NT 2010.20
Garmin Communicator Plugin
Garmin USB Drivers
Gateway Game Console
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
Intel Matrix Storage Manager
IrfanView (remove only)
iTunes
Japanese Fonts Support For Adobe Reader 9
Lexmark 8300 Series
Malwarebytes Anti-Malware version 1.70.0.1100
Maxtor Backup
Maxtor Encryption
Maxtor OneTouch III
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Outlook 2002
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (2.0.0.24)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
OpenOffice.org 3.3
Palm
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
Print to Fax
QuickTime
RealPlayer Basic
Registry Mechanic 6.0
SCRABBLE
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
Synaptics Pointing Device Driver
TaxACT 2008
TaxACT 2009
TaxACT 2010
TaxACT 2011 - 1040 Edition
TaxCut Premium 2007
Texas Instruments PCIxx21/x515/xx12 drivers.
Tradewinds
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewMate Desktop Mouse CC2201 Uninstaller
Viewpoint Media Player
Virtual Account Numbers
Virtual Moon Atlas
Windows Backup Utility
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar
*************************************************
Start up list

StartupList report, 1/19/2013, 8:38:14 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\MagicMus\MulMouse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\UCS\VIRTUA~1\CitiUCS.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\WINDOWS\system32\OBroker.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Acrobat Speed Launcher.lnk = ?
McAfee Security Scan Plus.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
Broadcom Wireless Manager UI = C:\WINDOWS\system32\WLTRAY.exe
lxcjmon.exe = "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
EzPrint = "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
FLMOFFICE4DMOUSE = C:\Program Files\Browser MOUSE\mouse32a.exe
SMSERIAL = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
VersatoMs = C:\Program Files\MagicMus\MulMouse.exe
LXCJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
mxomssmenu = "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
UCS Virtual Account Numbers = C:\PROGRA~1\UCS\VIRTUA~1\CitiUCS.exe /lang=en_RG /dontopenmycards
IntelliPoint = "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
MaxtorOneTouch = C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Power2GoExpress = NA
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Advanced SystemCare 6 = "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
Eraser = C:\Program Files\Eraser\Eraser.exe -hide

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINDOWS\system32\gtw_logo.scr
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - "02478D38-C3F9-4EFB-9B51-7695ECA05670>
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - "18DF081C-E8AD-4283-A596-FA578C2EBDC3>
WormRadar.com IESiteBlocker.NavFilter - (no file) - "3CA2F312-6F6E-4B53-A66E-4E65E497C8C0>
Citi UCS Helper - C:\Program Files\UCS\Virtual Account Numbers\CitiUCSHelper.dll - "7AED0DC9-374E-440D-B966-BE292971225B>
(no name) - c:\program files\google\googletoolbar2.dll - "AA58ED58-01DD-4d91-8333-CF10577473F7>
(no name) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - "AE7CD045-E861-484f-8273-0445EE161910>
(no name) - c:\windows\system32\BAE.dll - "CA6319C0-31B7-401E-A518-A07C3DB8F777>
(no name) - (no file) - "D4027C7F-154A-4066-A1AD-4243D8127440>
JQSIEStartDetectorImpl - (no file) - "E7E6F031-17CE-4C07-BC86-EABFE594F69C>

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
AppleSoftwareUpdate.job
ASC6_PerformanceMonitor.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
MP Scheduled Scan.job
SmartDefrag.job

--------------------------------------------------

Enumerating Download Program Files:

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341410157171

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341410133812

[OnlineScanner Control]
InProcServer32 = C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX
CODEBASE = http://download.eset.com/special/eos/OnlineScanner.cab

["CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA>]

["CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA>]

["CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA>]

["CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA>]

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe:::e

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 10,277 bytes
Report generated in 0.390 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
zep516
11 years ago
last modified: 9 years ago
Thanks Jerry,

This is my fault but we need to move Hijackthis to a permanent folder, like the programs file folder, if you look at yours it's running from the Downloads folder, look under your first log you posted for me, under Running Processes and you will see that entry below it's the last entry under Running processes.

C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

We want hijackthis to look like this C:\programfiles\Hijackthis\Hijackthis.exe

So how do we do it,

Best way is to uninstall Hijackthis form the add /remove programs list, Then go back to my first instructions above where I told you to first download hijackthis, and I gave you the link that says "clickhere" then I told you to download the second one down on the Bleeping computer page, that was wrong. I need you to download the first one, that is the hijackthis installer that will install hijackthis into the programs file folder for you. We need it there cause Hijackthis makes backups, running from the downloads folder is risky cause we could loose those backups.

Everything else you posted is great. Once you do that, do a scan again and check the last entry under running processes, make sure hijackthis is in the programs file folder, you don't need to post it.

See if you can do that for me, I'm off to work be back later.

I have a lot of questions on your add remove program list or uninstall list, a lot of those items are in fact running, so we will look at that stuff first and start removing programs you're not using and start that way.

This post was edited by zep516 on Sat, Jan 19, 13 at 15:07
zep516
11 years ago
last modified: 9 years ago
I would uninstall these programs,

1.Adobe Reader 9.5.3 -----> Far out of date infection risk. We will put a new Adobe in when we are done

2. Advanced SystemCare 6

3.Browser Address Error Redirector

4.Browser MOUSE -----> Do you know what that is?

5 Eraser------>Did you install these? if so keep them.

6.Google Toolbar for Internet Explorer

7.Google Update Helper

8.McAfee Security Scan Plus-----> Gets installed on it's own without user consent does nothing...

9.Napster

10.Napster Burn Engine

11. Palm -----> Do you use that software?

12. RealPlayer Basic

13.Registry Mechanic 6.0 Never use a registry cleaner

14. Viewpoint Media Player----> Border line spyware

This post was edited by zep516 on Sat, Jan 19, 13 at 17:15
DA_Mccoy
11 years ago
Jerry,

Besides the above,

If you like the current installed games fine. If not, they could go.

I agree to removing AR. However, I would replace it with a alternative such as Foxit Reader.

I am not a fan of Advanced System Care either.

Do you use iTunes and anything related? If not, they could go.

DA
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Thanks 1)

1.Adobe Reader 9.5.3 -----> Far out of date infection risk. We will put a new Adobe in when we are done
[[okay, I thought this was automatically kept up to date]]

2. Advanced SystemCare 6
[[this is what put me on to the CPU 100% run problem I believe it is run on manual only, no automatic running]]

3.Browser Address Error Redirector
[[okay, no idea what this is]]

4.Browser MOUSE -----> Do you know what that is?
[[I figured this had something to do with my MS optical mouse, guess not - I can remove]]

5 Eraser------>Did you install these? if so keep them.
[[yes I installed to clean out records, i.e., not just delete data but to replace it with all 1 or 0, not sure which - I have never used it]]

6.Google Toolbar for Internet Explorer
[[okay I try to avoide "google anything" - must have been part of an IE update]]

7.Google Update Helper
[[okay, not sure who it is helping]]

8.McAfee Security Scan Plus-----> Gets installed on it's own without user consent does nothing...
[[okay, that's what I figured, I know on boot I have gotten McAfee warnings asking be to approve some action, I have never approved]]

9.Napster
[[Okay, I think I installed this, isn't it a CD or DVD write program?]]

10.Napster Burn Engine
[[Okay, this seems to confirm my suspicion about]]

11. Palm -----> Do you use that software?
[[Yes, I still use the memo content of the Palm Desktop, I do not use this version for my calendar, but I do on my main computer]]

12. RealPlayer Basic
[[Okay, a game? Looks familiar but I don't remember what it was used for]]

13.Registry Mechanic 6.0 Never use a registry cleaner
[[Okay]]

14. Viewpoint Media Player----> Border line spyware
[[Okay,no idea where it came from, don't use it anyway, I think a MS or Apple program is my default media viewer]]

From DA

If you like the current installed games fine. If not, they could go.[[play hearts often and chess occasionally]]

I agree to removing AR. However, I would replace it with a alternative such as Foxit Reader.
[[I think the proposal is to remove and update AR]]

I am not a fan of Advanced System Care either.

Do you use iTunes and anything related? If not, they could go. [[I assumed iTunes to be a default sound player - I have never made a manual call to it]]

Jerry
zep516
11 years ago
last modified: 9 years ago
Hi Jerry,

When you completed all those removals, reboot the computer and post a fresh Hijackthis log. Do a system scan and save a log file like you did before. Post it to the forum, we will then stop a lot of programs that are starting up with windows that are unnecessary, those are the 04 Entries in the log, I'll tell you what ones to fix..
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
zep516, DA, et al.

Back to report on homework assignment.

Summary:
1) Below is a list of what I have don't based on inputs from zep and DA, some were not carried out for various reasons
2) Using the XP Add/Remove tool I noted a number of errors on the reported "last used on date", that data appears to be bogus. I also note I don't see that reported on W7 Add/Remove support.
3) I removed a number of programs that appeared to be games that were not listed in zep's list.
4) I note the ASC6 Performance Monitor does not "see" any reduction in RAM usage at idle, I expect to see a couple percent.
5) I'll not do the data collection until I get a passing grade on what I have removed.

Removed:
AdobeReader Note: I checked update and it showed me current
Browser Address Error Redirector
Browser Mouse
Google Tool Bar for IE
McAfee Security
Napster
Registry Mechanic
ViewPoint Media Player

Could not find
Google Update Helper
Napster Burn Engine
Real Player Basic

Did not remove
ASC6
Eraser (not active and I'd like to keep)
Palm (I use the desk top memo section for notes)

I think that is about it, if any of the didn't remove are game stoppers let me know.

Tx, Jerry
zep516
11 years ago
last modified: 9 years ago
Hi Jerry,

Post a new Hijackthis log when you get a chance.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Current Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:49:45 PM, on 1/20/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\MagicMus\MulMouse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\PROGRA~1\UCS\VIRTUA~1\CitiUCS.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\OBroker.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6216
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurylink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - (no file)
O2 - BHO: Citi UCS Helper - (7AED0DC9-374E-440D-B966-BE292971225B) - C:\Program Files\UCS\Virtual Account Numbers\CitiUCSHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8273-0445EE161910) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - (D4027C7F-154A-4066-A1AD-4243D8127440) - (no file)
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - (no file)
O3 - Toolbar: Adobe PDF - (47833539-D0C5-4125-9FA8-0819E2EAAC93) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Virtual Account Numbers - (A1BDF46B-9DE6-4090-8791-84F26E00934C) - C:\Program Files\UCS\Virtual Account Numbers\CitiUCSToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [UCS Virtual Account Numbers] C:\PROGRA~1\UCS\VIRTUA~1\CitiUCS.exe /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341410157171
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341410133812
O16 - DPF: (7530BFB8-7293-4D34-9923-61A11451AFC5) (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) -
O16 - DPF: (CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA) -
O16 - DPF: (CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA) -
O16 - DPF: (CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA) -
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11677 bytes
zep516
11 years ago
last modified: 9 years ago
Hi Jerry,

We are not deleting anything here just stopping it from starting up with Windows when it boots.

Close all browser windows, double click Hijackthis on the desktop, this time do a System Scan Only wait for the scan results to show. Place a check mark in each entry I have listed below in bold

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8273-0445EE161910) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - (D4027C7F-154A-4066-A1AD-4243D8127440) - (no file)
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - (no file)
O3 - Toolbar: Adobe PDF - (47833539-D0C5-4125-9FA8-0819E2EAAC93) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Click Fix checked
Close Hijackthis.
Reboot the computer.

Post 1 more Hijackthis so we can see the entries are gone. Remember we are not deleting anything, anyone of the programs listed can be still accessed by simply opening the program. They don't need to start up with windows.
zep516
11 years ago
last modified: 9 years ago
Hi Jerry,

Are you still with us? I'd like to complete the fix above before to many things change on the computer.

Joe
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Yes, sorry I somehow overlooked you post above the one tonight. I'll look it over and take action. I need to print it out from my other computer. This I will do tonight.
zep516
11 years ago
last modified: 9 years ago
OK. Then post a new Hijackthis log when you get time..

Joe
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Zip, here's the log after removing the lines you indicated. Can you give us any general (or specific) strategy you used in selecting the lines to remove? Some, such as the first one had a (no file) ending. A few others were also somewhat understandable but most were totally incomprehensible to me.

Here the Scan Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:11 PM, on 1/23/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MagicMus\MulMouse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\UCS\VIRTUA~1\CitiUCS.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\OBroker.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6216
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurylink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Citi UCS Helper - (7AED0DC9-374E-440D-B966-BE292971225B) - C:\Program Files\UCS\Virtual Account Numbers\CitiUCSHelper.dll
O3 - Toolbar: Virtual Account Numbers - (A1BDF46B-9DE6-4090-8791-84F26E00934C) - C:\Program Files\UCS\Virtual Account Numbers\CitiUCSToolbar.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UCS Virtual Account Numbers] C:\PROGRA~1\UCS\VIRTUA~1\CitiUCS.exe /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341410157171
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341410133812
O16 - DPF: (7530BFB8-7293-4D34-9923-61A11451AFC5) (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) -
O16 - DPF: (CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA) -
O16 - DPF: (CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA) -
O16 - DPF: (CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA) -
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8533 bytes
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Zip,

One thing I notice after the deletes above the touch pad on the subject notebook is more sensitive - causes some minor problems.

Is it possible the changes increased the sensitivity? I'm sure I can adjust that, but haven't yet looked...possibly via the Control Panel.

I notice far fewer icons on the lower tool bar, but the wireless information is still there, I like the size/detail.
zep516
11 years ago
last modified: 9 years ago
Hi jerry,

If you're unable to fix the touch pad see below.

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Open HijackThis click View list of backups

Place a check mark in the above entries and then click restore See if that helps with touch pad issue.

"I notice far fewer icons on the lower tool bar"

The icons on the lower tool bar indicates a program is running, we turned a few off that were unneeded.
jerry_nj
Original Author
11 years ago
last modified: 9 years ago
Thanks I restored the two items, and it appears the touch pad is back to "normal". Among the problems were unwanted highlights and unwanted clicks. So far I do not see this any longer. Using Control Panel I got a mouse-style dialog that provided exclusively for Synaptic the definition of left or right handed user(for the two buttons). The only thing this did that I can see is allow the left handed person to use the outside button, right side, as click and the left side as properties. Seem unnecessary to me, but provided.

For me and the unknown readers, what is the message here? It appears that Hijack along with your knowledge of what the entries did allow you to select a number of application that would no longer be loaded at boot...thus giving back some RAM (right?) and reducing run time on the CPU to carry out unneeded application operations in the background.

I installed Java 7 / 11 so that an astronomy interactive sky map could be used. That is the only application to come up needing Java since I uninstalled Jave a few days back.
zep516
11 years ago
last modified: 9 years ago
"Thanks I restored the two items, and it appears the touch pad is back to "normal"

Sorry about that, glad we had hijackthis in it's proper location so we could get the backups

Exactly. Windows does not need programs to boot or run in the background except an Anti Virus and firewall. The 04 Entries show us all the programs that start up with windows from a registry run key, a lot of downloaded programs create the run key when installed. Every icon you saw was a program running, no need for that, if you need the program double click that particular program and run it.

Yes your boot time should be a bit quicker now, and more Ram available to you too.

Avira Warnings, Java, CPU at 100%

Comments (51)

jerry_njOriginal Author

Related Discussions

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

jerry_njOriginal Author

COMPANY

BUSINESS SERVICES

GET HELP

CONNECT WITH US

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author

jerry_nj
Original Author