Author Topic: PC slowdown (Read 33217 times)

nondaj · « **Reply #15 on:** January 08, 2009, 10:26:59 AM »

more combo file

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^donnajean^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jean^Start Menu^Programs^Startup^Adobe Media Player.lnk]
backup=c:\windows\pss\Adobe Media Player.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smileycons

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-12-21 11:44 2250256 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
--a--c--- 2002-04-22 09:50 28672 c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a--c--- 2005-10-12 11:30 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-02-16 15:15 81920 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook118]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook198]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook740]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook893]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 12:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-12-05 10:59 864256 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-11-26 15:55 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
--a--c--- 2007-03-11 13:37 936960 c:\program files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"SigmatelSysTrayApp"=stsystra.exe
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-04-23 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\system32\drivers\atinewp2.sys [2006-05-12 485888]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-04-23 472320]
R4 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R4 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2008-12-21 98984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2009-01-08 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2008-12-12 12:17]

2009-01-07 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-12-12 12:17]

2009-01-07 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-08 09:06]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\riven\qttask.exe
MSConfigStartUp-SmartRAM - c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: update.microsoft.com

c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1788223648-839522115-1018\Software\Ultisoft\7poker\Æ*NULL*×*NULL*RSÔ*NULL*È*NULL*Õ*NULL*¹*NULL*¬ : ]
"ÖÓˆÇÙÊ»ƒ"="ÖÓ„ÉÐÌ´…Š‰›Ê´ˆ"
"ÍØŠ˜ÂßÍ"="ÜÓ‚ÓßÓ»—˜Ž“Ì¼"
"†Ñˆ”’ÆÓ¨"="„ØÝƒà×"
"‡Ï‚€™ØÊ²"="†ÙÖ"
"ÆÓŠžËÓ’ã˜˜€"="†“"
"Ö™Ñ˜Õ—¶ÙŒ‚–Óµ"="ƒÜÁ’è"
"ÜÄ‚ÌÐÊ"="†“Ú"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC1A39-F0B6-206E-C977-3FC350D757AC}\InProcServer32*NULL*]
"janagkoppploifhjjabf"=hex:6a,61,6d,66,6b,67,61,6e,65,69,70,62,62,68,6a,69,68,\
6b,69,66,00,66
"ianaakepobcenjagoj"=hex:6a,61,6d,66,62,66,62,6c,6e,6c,63,69,6b,6c,6b,64,70,65,\
6a,69,00,f3
"fbnagkoppploifhjjabfmpcbdpgocolgnikdfng iddop"=hex:6a,61,62,67,6a,63,64,65,65,\
66,63,6d,6f,65,67,66,6d,66,6b,66,00,ef
"nanaihfmhbjdomglmiilgoopnhaf"=hex:6d,61,6d,61,70,63,6f,61,63,6c,67,68,6b,67,\
67,65,70,6f,6e,61,6d,6c,69,6d,63,65,00,00
"nanaihfmhbjdomglmiilgoopbfmd"=hex:6f,61,66,66,63,62,6e,61,6c,61,6c,61,61,68,\
67,6e,6d,6e,6b,65,6a,66,6d,6a,6e,63,65,70,67,63,00,7c
"cbnahijpcalcgcapeglaphjcfladeigmnbdnnn"=hex:66,61,62,64,6a,6f,6e,61,68,63,69,\
64,00,00
"bbnahijpcalcgcapeglabipdfgngmbngdmig"=hex:69,61,66,63,64,6c,6a,6a,6b,68,62,6b,\
63,65,66,6a,70,6e,00,00
"manahijpcalcgcapeglaljpnmm"=hex:66,61,65,66,64,6d,63,67,66,6f,64,66,00,00
"fbnahijpcalcgcapeglamhcognkdjklcppoedci mcpii"=hex:6f,61,6c,63,69,66,68,6c,69,\
66,67,6a,67,70,6c,62,6b,67,6c,68,62,61,6a,70,65,70,64,6b,62,64,00,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdxcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-01-08 9:13:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 17:13:12

Pre-Run: 222,110,330,880 bytes free
Post-Run: 222,040,010,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
309

hope I have followed through correctly. Eagerly awaiting your findings:)

CBMatt · « **Reply #16 on:** January 08, 2009, 03:33:22 PM »

Quote from: nondaj on January 08, 2009, 10:26:59 AM

hope I have followed through correctly.

Yes, you're doing just fine.

There's not a whole lot showing up in your logs. ComboFix did delete a few infections, though, so hopefully that's all there is. How is your computer running now? Is your browser still being redirected? Are you still having issues with your downloads? If so, we may need to dig deeper. Let me know what the current status is and we'll take it from there.

In the meantime, I want you to copy the text below in the code box:

Code: [Select]

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC1A39-F0B6-206E-C977-3FC350D757AC}]

Open up Notepad and paste the text there. Go to File > Save As, then click on Save As Type and select All Files. Save the file to the desktop as remove.reg and close Notepad. Double-click on the file you have just created. If prompted to Run or Cancel, click on Run. When asked if you want to add this to your registry, click on Yes. This will only take a second or two. You can then delete the file.

Follow those steps and then when you can, get back to me with an update on your situation.

nondaj · « **Reply #17 on:** January 08, 2009, 04:39:24 PM »

First of all right after I ran ComboFix file, noted a new icon for IE on my desktop. So deleted the old one on quick start toolbar. Tried the new IE and what a wonder! The internet problem of being so extremely slow has cleared up!!!!!!

Email problems remain
more new emails going to deleted file
not all emails are being downloaded from server when I check there
not sure yet about the ability to download
embedded objects in emails

I also have flash player problems
and cannot view DVD movies on my PC

However, think these two issues may be different post material?

Spy Hunter continues to malfunction and since Combfix turned off Win. Defender and I have been questioning that program all along; I took the risk of deleting it.

So far all as outlined above re the internet continues to work well. Am now thinking of deleting Spy Hunter - does not work anyway and always suspected it also of causing problem - but do not really know.

Accessing the web now is such a pleasure! Thanks to you. What more should I be doing?

nondaj · « **Reply #18 on:** January 08, 2009, 04:41:40 PM »

Forgot to note that I followed your latest instruction re the registry fix and all went well.

CBMatt · « **Reply #19 on:** January 08, 2009, 11:22:11 PM »

I personally don't care for SpyHunter, nor do I really trust it. If I were you, I would stick to using AVG for anti-virus and keeping Malwarebytes' Anti-Malware and SUPERAntiSpyware handy if you ever need them. SpyHunter may be causing some issues, but I doubt it's causing all of them.

You should go ahead and download CCleaner (install without Yahoo! toolbar) and configure it according to this guide. This will clean out your computer some by removing a lot of junk you don't need. Make sure you also let it clear your Temporary Internet Files. Going through this process may help with your internet somewhat.

I'm not sure what to say about your e-mail. It could be a problem with your filters or settings. It's possible that these problems were caused by an infection, but I've honestly never seen this happen. What program do you use for e-mail? Have you tried using a differen program? A lot of people really like Mozilla Thunderbird. If you'd like help with troubleshooting your e-mail problems, I think you would be better off posting over in the Windows or Software section. I don't use any e-mail programs, so I'm not familiar with all of the features. The same goes for your DVD problem.

CCleaner might help with Flash, but if not, you should try updating it to the newest version.

I don't suspect an active infection at this point, but if you would like, we can try digging a little deeper to see if there may be something hiding itself on your computer. If you would to do this, let me know, and I'll give you a couple more programs to scan with.

nondaj · « **Reply #20 on:** January 09, 2009, 10:08:06 AM »

I took it upon myself to delete both Spy Hunter and Windows Defender as for some reason (no real solid proof) just felt they were part of my problem.

Also re Flash Player -since using the 'new' IE icon I do believe that you have resolved that problem also. Went on my server, Verizon, which now demands Flash Player. Though I bet I have installed the silly thing 10 times I tried once more to install and lo and behold it is now working. IE recognizes the Flash Player files and hopefully the next Flash Player demand will be so honored.

Re email, I think I have tried them all GMail, Yahoo, Mozilla Thunderbird, Outlook, Outlook Express. I like the simplicity of OE but it is problematic! I did like Thunderbird very much but had problems in copy/pasting (I never foreward emails), and deleting items in emails especially the red lines. If you can make suggestions how to handle these would be pleased to use Thunderbird. It reminds me of the old Netscape email program.

As for DVD will post on the windows site here and see if I can get a handle on what I need to do.

Re digging deeper to find issues with my PC - hey would love to IF you have the time and inclination. You have no idea how much you have helped me by getting my PC back on track. Is there anyway I can repay for this help as you have saved me quite a bit of money. The desert area of CA where I live is short of resources particularly tech help. What is here either costs the proverbial'arm and a leg' and is offered by people claiming to be techs but are not that well versed in what they are doing.

Does this site accept donations? Guess the workers here do not? but the site must cost someone to keep it active.

And re going on to find more issues on my PC have to tell you I fell in love with PCs when I was in my forties. My son who has is own PC business introduced me to Windows as I was at the time learning computer languages (Basic/Cobalt) to handle programming. After windows I never looked back and the PC industry and its advances has only increased my addiction to the technology.

Am now twice the age as when I started and my PC is my lifeline both for pleasure and for work as I teach at our local college. Your help has aided me in coordinating my work responsibilities with the main frame computer at the college. A necessity for my classes. So again I thank you very much and ready to dig away deeper into my PC:)

nondaj · « **Reply #21 on:** January 09, 2009, 10:25:24 AM »

Rambled on in the last post so now am following your instructions re protection programs to use:

AVG
Malwarebytes
Super AntiSpy
CCleaner

Do you have an opinion on Obit's Advanced System Care (have bought the pro version so would like to keep unless it too causes problems. Also last tech installed RegScrub and Smart Defrag. Really do not need either as far as I am concerned. Have no problems defragging\scan discing on my own. Do I need Windows Malicious Tool Remover?

Think my biggest problem might be the fact I am womanly fanatic re cleaning my PC - almost do it on a daily basis. Also where fools tread, I also clean the registry quite often. Have been told novices should stay clear of Registry tampering:)

In changing antivirus programs want to make sure I do it correctly - is this the method?:

1 - download AVG but do not install
2 - unplug my modem
3 - delete ESET NOD32
4 - install AVG
5 - turn on modem
6 - update AVG
7 - off and running

And last I have 17 icons re all programs you have referred me to so I take it I can now delete all except for the above which you recommended I keep?

CBMatt · « **Reply #22 on:** January 09, 2009, 12:08:43 PM »

I'm very glad I have been able to help some. I appreciate the offer, but it really isn't necessary. After all, you did all of the work. I just showed you how. Because so many people ask, I have a donation link, but I never ask for money in return for my help on here, and neither does the owner of Computer Hope. All we really want is for you to try to keep your computer in good shape.

Now, with that said...if you would like to dig a little deeper, I'd be happy to help. This is going to be a very large log (and the scan may take awhile), so I will also instruct you on uploading the file to a filehost. Because these logs are often so large, I likely won't be able to go through the entire thing, but it will give me a good idea of what's on your computer. Simply follow the below steps if you wish to give it a try...
Download to your desktop ISeeYouXP.exe by ShadowPuterDude
Next double-click on ISeeYouXP.exe on your Desktop.

ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP and place a .bat file on your Desktop.

Double-click ISeeYouXP.bat to run the script.

Once complete a log will be saved to the Desktop named ISeeYouXP.txt.

Post the following logs in your next reply:
ISeeYouXP.txt

If the ISeeYouXP .bat file does not extract to the Desktop. Double-click My Computer on the Desktop and navigate to the ISeeYouXP folder located in the C: drive. Double-click the ISeeYouXP.bat file to run the program.

Upload the file to Savefile.com
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.

Quote

Re email, I think I have tried them all GMail, Yahoo, Mozilla Thunderbird, Outlook, Outlook Express. I like the simplicity of OE but it is problematic! I did like Thunderbird very much but had problems in copy/pasting (I never foreward emails), and deleting items in emails especially the red lines. If you can make suggestions how to handle these would be pleased to use Thunderbird. It reminds me of the old Netscape email program.

This is another thing that would be better for one of the other sections because frankly, my experience is limited. I have used AOL exclusively for several years now. The only other program I have sufficient experience with is Microsoft Office Outlook 2007, as I had to take a course on it to go towards my AS degree. I honestly haven't used Outlook Express in about 5-8 years! If I looked hard enough, I could perhaps find the appropriate information online, but someone else may be able to do it quicker.

Quote

Do you have an opinion on Obit's Advanced System Care (have bought the pro version so would like to keep unless it too causes problems. Also last tech installed RegScrub and Smart Defrag. Really do not need either as far as I am concerned. Have no problems defragging\scan discing on my own. Do I need Windows Malicious Tool Remover?

I haven't personally used IObit, but I don't normally hear anything bad about it. It has conflicts with certain programs, but it should be fine with everything you have. And feel free to ditch RegScrub and Smart Defrag. CCleaner can take RegScrub's place and I really see no reason to replace the Windows defrag utility. Go ahead and keep the Windows MTR. It's not the most versatile program, but it's good to keep as a backup.

Quote

In changing antivirus programs want to make sure I do it correctly - is this the method?:

1 - download AVG but do not install
2 - unplug my modem
3 - delete ESET NOD32
4 - install AVG
5 - turn on modem
6 - update AVG
7 - off and running

Those steps sound good, but forget what I said about AVG. I forgot that you already have ESET installed. It's one of the best programs available. AVG is a great free alternative (it's what I use), but many feel that ESET is better. Either way, you will have sufficient protection. If you wish to switch to AVG, then it looks like you know just how to do it.

Quote

And last I have 17 icons re all programs you have referred me to so I take it I can now delete all except for the above which you recommended I keep?

Definitely keep Malwarebytes and SUPERAntiSpyware and CCleaner. If you're worried about desktop clutter, you can simply delete the icons. The programs should be in your Start menu, in the Programs section. Feel free to uninstall HijackThis. And you should uninstall ComboFix. To do this, simply go to Start > Run and type in combofix /u (note the space) and click OK.

You should also clear out your System Restore points by turning it off and then turning it back on...
http://support.microsoft.com/kb/310405

If you want to try ISeeYouXP, post the log whenever you're ready. And if you have any other questions, feel free to ask.

nondaj · « **Reply #23 on:** January 09, 2009, 12:24:01 PM »

Have typed out all your instructions and will be following through. May take me a bit as the semester start is fast approaching and am caught up in lesson planning, syllabus development etc. But will keep you posted.

Re donation will consider Paypal. Do not yet have an account but son said Paypal is quite secure. Just had my ID stolen and so am very careful about online use when it comes to money. Again keep you posted re this matter.

nondaj · « **Reply #24 on:** January 09, 2009, 11:31:55 PM »

The ISeeYouXP.exe file did not self-extract, could not find on my C drive to double click a bat file. But something went right because next thing I knew when I double clicked the exe file, it did its thing and I now have a long log txt to send you.

At this point I got rather lost in the uloading the file to Savefile.com because could not find the bat file.

Am sending the log I do have and awaiting further support as to what to do next.

nondaj · « **Reply #25 on:** January 09, 2009, 11:38:50 PM »

Windows/Browser/Java Versions:

Microsoft Windows XP Professional
Version:    5.1.2600
Service Pack: 2.0
Windows Directory: C:\WINDOWS

Internet Explorer
Version: 6.0.2900.2180
Build: 62900.2180
Language: English (United States)
Path:    C:\Program Files\Internet Explorer

Boot State: Normal boot

Scan done at 22:25:22.26, Fri 01/09/2009

------------------------------------------------------------------------------------

ISeeYouXP installation folder and files

"C:\ISeeYouXP\"
bootst~1.vbs May 28 2007    359 "bootstate.vbs"
change.log Jun 8 2008 5012 "change.log"
chodefix.bat Apr 18 2007 5387 "chodefix.bat"
fixchode.reg Apr 18 2007    528 "fixChode.reg"
fixexp~1.bat Feb 24 2007    487 "FixExplorerPolicies.bat"
getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"
grep.exe Dec 24 2004 160768 "grep.exe"
hideit.bat Oct 17 2007 1072 "HideIT.bat"
ieinfo.vbs May 28 2007    514 "ieinfo.vbs"
iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat"
iesecu~1.vbs Nov 8 2007 2399 "IESecurityZones.vbs"
iseeyo~1.bat Jun 8 2008 211377 "ISeeYouXP.bat"
libico~1.dll Mar 16 2004 898048 "libiconv2.dll"
libintl3.dll Oct 9 2004 101888 "libintl3.dll"
locate.com Jan 14 2005    11254 "locate.com"
md5sum.exe Aug 5 2007    49152 "md5sum.exe"
msconf~1.bat Feb 24 2007    578 "MSConfigFix.bat"
osinfo.vbs May 28 2007    598 "osinfo.vbs"
pcbutts.txt   Mar 25 2007 5167 "PCBUTTS.TXT"
pcre.dll Nov 14 2004 183313 "pcre.dll"
pv.exe Mar 3 2006    73728 "pv.exe"
regedi~1.bat Mar 30 2007    650 "RegEditFix.bat"
regfix.bat Apr 18 2007    145 "Regfix.bat"
servic~1.vbs May 28 2007    672 "servicesinfo.vbs"
showit.bat Oct 17 2007 1013 "ShowIT.bat"
swreg.exe    Apr 5 2007 139776 "swreg.exe"
system~1.bat Feb 28 2007    369 "SystemRestoreFix.bat"
taskmg~1.bat Feb 24 2007    288 "TaskMgrFix.bat"

28 items found: 28 files, 0 directories.
   Total of file sizes: 1,856,092 bytes 1.77 M
   3 Dir(s) 221,861,486,592 bytes free

------------------------------------------------------------------------------------

System Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jean\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DONNA
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jean
LOGONSERVER=\\DONNA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;;C:\Program Files\VDMSound
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jean\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jean\LOCALS~1\Temp
USERDOMAIN=DONNA
USERNAME=Jean
USERPROFILE=C:\Documents and Settings\Jean
VDMSPath=C:\Program Files\VDMSound
windir=C:\WINDOWS

------------------------------------------------------------------------------------

Showing any Pocket Killbox backup files

No matches found.

------------------------------------------------------------------------------------

Displaying BOOT.INI:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

------------------------------------------------------------------------------------

Displaying SYSTEM.INI:

[driver32]
[WINRECWINDSP]
Driver=windspli.dll
Address=345
[WINRECWIN32DSP]
Driver=windspli.dll
Address=666
[386enh]
device=DVA.386
woafont=dosapp.FON
CGA40WOA.FON=CGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
EGA80WOA.FON=EGA80WOA.FON

------------------------------------------------------------------------------------

Displaying WIN.INI:

[I.R.I.S.]
reg_n=30000
[Readiris]
Scanner32=Twaino38,23
[DPE]
Toolbar=1
SN75=43011702
[MCI Extensions.BAK]
m2v=MPEGVideo
mod=MPEGVideo
[drawdib]
vga.drv 1024x768x32(BGR 0)=0,0,0,0
[personal data removed]
MAPI=1
CMC=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[PowerUp]
PowerUp=C:\WINDOWS\POWERUP.INI
[IRIS_IPE]
menu=1
[CybDefKeepSafe]
ClientID={CDAEC88F-1D60-4237-AEBA-F2A1610A6BC1}

------------------------------------------------------------------------------------

Displaying AUTOEXEC.BAT:

------------------------------------------------------------------------------------

Displaying CONFIG.SYS:

nondaj · « **Reply #26 on:** January 09, 2009, 11:39:29 PM »

Displaying Running Processes:

PROCESS PID PRIO PATH
smss.exe 724 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 772 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 796 High C:\WINDOWS\system32\winlogon.exe
services.exe 840 Normal C:\WINDOWS\system32\services.exe
lsass.exe 852 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1024 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1092 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1192 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1284 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1388 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1552 Normal C:\WINDOWS\system32\spoolsv.exe
ekrn.exe 1668 Normal C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
GoogleUpdaterService.exe 1704 Normal C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
iaantmon.exe 1744 Normal C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
jqs.exe 1792 Idle C:\Program Files\Java\jre6\bin\jqs.exe
lxdxserv.exe 1852 Normal C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
lxdxcoms.exe 1880 Normal C:\WINDOWS\system32\lxdxcoms.exe
nvsvc32.exe 1908 Normal C:\WINDOWS\system32\nvsvc32.exe
tcpsvcs.exe 232 Normal C:\WINDOWS\system32\tcpsvcs.exe
MsPMSPSv.exe 284 Normal C:\WINDOWS\system32\MsPMSPSv.exe
Explorer.EXE 1168 Normal C:\WINDOWS\Explorer.EXE
egui.exe 1724 Normal C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
rundll32.exe 1816 Normal C:\WINDOWS\system32\rundll32.exe
lxdxmon.exe 1840 Normal C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
ezprint.exe 2028 Normal C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
RUNDLL32.EXE 1328 Normal C:\WINDOWS\system32\RUNDLL32.EXE
jusched.exe 328 Normal C:\Program Files\Java\jre6\bin\jusched.exe
SUPERAntiSpyware.exe 432 Normal C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe 1640 Normal C:\WINDOWS\system32\svchost.exe
alg.exe 2224 Normal C:\WINDOWS\System32\alg.exe
wuauclt.exe 3932 Normal C:\WINDOWS\system32\wuauclt.exe
ntvdm.exe 444 Normal C:\WINDOWS\system32\ntvdm.exe
iexplore.exe 3864 Normal C:\Program Files\internet explorer\iexplore.exe
cmd.exe 1304 Normal C:\WINDOWS\system32\cmd.exe
ntvdm.exe 2140 Normal C:\WINDOWS\system32\ntvdm.exe
wmiprvse.exe 3952 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
pv.exe 2484 Normal C:\ISEEYO~1\pv.exe
WOWEXEC.EXE 2260 --- C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

------------------------------------------------------------------------------------

Displaying Windows Services:

nondaj · « **Reply #27 on:** January 09, 2009, 11:41:28 PM »

Displaying Windows Services:

Name: 6to4
Display Name: IPv6 Helper Service
Description: Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Alerter
Display Name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: ALG
Display Name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Path Name: C:\WINDOWS\System32\alg.exe
Start Mode: Manual
State: Running

Name: AppMgmt
Display Name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: aspnet_state
Display Name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Start Mode: Manual
State: Stopped

Name: AudioSrv
Display Name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: BITS
Display Name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Browser
Display Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped

Name: CiSvc
Display Name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Path Name: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual
State: Stopped

Name: ClipSrv
Display Name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled
State: Stopped

Name: clr_optimization_v2.0.50727_32
Display Name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Start Mode: Manual
State: Stopped

Name: COMSysApp
Display Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual
State: Stopped

Name: CryptSvc
Display Name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: DcomLaunch
Display Name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto
State: Running

Name: Dhcp
Display Name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: dmadmin
Display Name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Path Name: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual
State: Stopped

Name: dmserver
Display Name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Dnscache
Display Name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Auto
State: Running

Name: EhttpSrv
Display Name: Eset HTTP Server
Description: Eset HTTP Server
Path Name: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
Start Mode: Manual
State: Stopped

Name: ekrn
Display Name: Eset Service
Description: Eset Service
Path Name: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
Start Mode: Auto
State: Running

Name: ERSvc
Display Name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Eventlog
Display Name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running

Name: EventSystem
Display Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: FastUserSwitchingCompatibility
Display Name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: gusvc
Display Name: Google Updater Service
Description:
Path Name: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Start Mode: Auto
State: Running

Name: helpsvc
Display Name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: HidServ
Display Name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: HTTPFilter
Display Name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual
State: Stopped

Name: IAANTMon
Display Name: Intel(R) Matrix Storage Event Monitor
Description:
Path Name: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
Start Mode: Auto
State: Running

Name: ImapiService
Display Name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual
State: Stopped

Name: JavaQuickStarterService
Display Name: Java Quick Starter
Description: Prefetches JRE files for faster startup of Java applets and applications
Path Name: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Start Mode: Auto
State: Running

Name: lanmanserver
Display Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: lanmanworkstation

nondaj · « **Reply #28 on:** January 09, 2009, 11:43:36 PM »

Name: lanmanworkstation
Display Name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: LmHosts
Display Name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: lxdxCATSCustConnectService
Display Name: lxdxCATSCustConnectService
Description:
Path Name: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
Start Mode: Auto
State: Running

Name: lxdx_device
Display Name: lxdx_device
Description:
Path Name: C:\WINDOWS\system32\lxdxcoms.exe -service
Start Mode: Auto
State: Running

Name: Messenger
Display Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: mnmsrvc
Display Name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Disabled
State: Stopped

Name: MSDTC
Display Name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\msdtc.exe
Start Mode: Manual
State: Stopped

Name: MSIServer
Display Name: Windows installer
Description:
Path Name: C:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual
State: Stopped

Name: NetDDE
Display Name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped

Name: NetDDEdsdm
Display Name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped

Name: Netlogon
Display Name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped

Name: Netman
Display Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: Nla
Display Name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: NtLmSsp
Display Name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Disabled
State: Stopped

Name: NtmsSvc
Display Name: Removable Storage
Description:
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: NVSvc
Display Name: NVIDIA Display Driver Service
Description: Provides system and desktop level support to the NVIDIA display driver
Path Name: C:\WINDOWS\system32\nvsvc32.exe
Start Mode: Auto
State: Running

Name: p2pgasvc
Display Name: Peer Networking Group Authentication
Description: Provides Network Authentication for Peer Group Members.
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped

Name: p2pimsvc
Display Name: Peer Networking Identity Manager
Description: Provides Identity service for Peer Networking
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped

Name: p2psvc
Display Name: Peer Networking
Description: Provides Peer Networking services
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped

Name: PlugPlay
Display Name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running

Name: Pml Driver HPZ12
Display Name: Pml Driver HPZ12
Description:
Path Name: C:\WINDOWS\system32\HPZipm12.exe
Start Mode: Manual
State: Stopped

Name: PNRPSvc
Display Name: Peer Name Resolution Protocol
Description: Enables Serverless Peer Name Resolution over the Internet
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped

Name: PolicyAgent
Display Name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped

Name: ProtectedStorage
Display Name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: RasAuto
Display Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manua

nondaj · « **Reply #29 on:** January 09, 2009, 11:47:14 PM »

Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: RDSessMgr
Display Name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Path Name: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual
State: Stopped

Name: RemoteAccess
Display Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: RemoteRegistry
Display Name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: RpcLocator
Display Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Path Name: C:\WINDOWS\system32\locator.exe
Start Mode: Manual
State: Stopped

Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Path Name: C:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto
State: Running

Name: RSVP
Display Name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Path Name: C:\WINDOWS\system32\rsvp.exe
Start Mode: Manual
State: Stopped

Name: SamSs
Display Name: Security Accounts Manager
Description: Stores security information for local user accounts.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: SCardSvr
Display Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual
State: Stopped

Name: Schedule
Display Name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: seclogon
Display Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SENS
Display Name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: ShellHWDetection
Display Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SimpTcp
Display Name: Simple TCP/IP Services
Description: Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day.
Path Name: C:\WINDOWS\system32\tcpsvcs.exe
Start Mode: Auto
State: Running

Name: SNMP
Display Name: SNMP Service
Description: Includes agents that monitor the activity in network devices and report to the network console workstation.
Path Name: C:\WINDOWS\System32\snmp.exe
Start Mode: Manual
State: Stopped

Name: SNMPTRAP
Display Name: SNMP Trap Service
Description: Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
Path Name: C:\WINDOWS\System32\snmptrap.exe
Start Mode: Manual
State: Stopped

Name: Spooler
Display Name: Print Spooler
Description: Loads files to memory for later printing.
Path Name: C:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto
State: Running

Name: srservice
Display Name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SSDPSRV
Display Name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: stisvc
Display Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Manual
State: Running

Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{C60638D9-AFD7-4998-B499-46E70492E0B0}
Start Mode: Manual
State: Stopped

Name: SysmonLog
Display Name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Disabled
State: Stopped

Name: TapiSrv
Display Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: TermService
Display Name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Path Name: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual
State: Running

Name: Themes
Display Name: Themes
Description: Provides user experience theme management.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: TlntSvr
Display Name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\tlntsvr.exe
Start Mode: Disabled
State: Stopped

Name: TrkWks
Display Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: uploadmgr
Display Name: Upload Manager
Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: upnphost
Display Name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: UPS
Display Name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Path Name: C:\WINDOWS\System32\ups.exe
Start Mode: Manual
State: Stopped

Name: VSS
Display Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual
State: Stopped

Name: W32Time
Display Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WebClient
Display Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Stopped

Name: WinDefend
Display Name: Windows Defender
Description: Helps protect users from malicious software, spyware, and other potentially unwanted software
Path Name: "C:\Program Files\Windows Defender\MsMpEng.exe"
Start Mode: Auto
State: Stopped

Name: winmgmt
Display Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WMDM PMSP Service
Display Name: WMDM PMSP Service
Description:
Path Name: C:\WINDOWS\system32\MsPMSPSv.exe
Start Mode: Auto
State: Running

Computer Hope Forum

News:

Author Topic: PC slowdown (Read 33217 times)

nondaj

Re: PC slowdown

CBMatt

Re: PC slowdown

nondaj

Re: PC slowdown

nondaj

Re: PC slowdown

CBMatt

Re: PC slowdown

nondaj

Re: PC slowdown

nondaj

Re: PC slowdown

CBMatt

Re: PC slowdown

nondaj

Re: PC slowdown

nondaj

Re: PC slowdown

nondaj

Re: PC slowdown

nondaj

Re: PC slowdown

nondaj

Re: PC slowdown

nondaj

Re: PC slowdown

nondaj

Re: PC slowdown