svchost.exe with PID 1368

Discussion in 'Windows XP General Discussion' started by Sir Oliver, Aug 22, 2017.

  1. Sir Oliver

    Sir Oliver

    Joined:
    Aug 22, 2017
    Messages:
    16
    Likes Received:
    0
    For the moment, I can give you the System Information you asked, hoping I had made the right chooise (I have titles in italian language).
    Unfortunately, the columns are not mantained, so it is a bit more difficult to read.
    Note that Avira entry has been disabled.

    ACU c:\programmi\atheros\acu.exe -nogui All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    APSDaemon "c:\programmi\file comuni\apple\apple application support\apsdaemon.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Adobe ARM "c:\programmi\file comuni\adobe\arm\1.0\adobearm.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Adobe Gamma Loader.exe c:\progra~1\fileco~1\adobe\calibr~2\adobeg~1.exe All Users Esecuzione automatica (Comune)
    Alcmtr alcmtr.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CDAServer c:\programmi\file comuni\common desktop agent\cdasrv.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\SERVIZIO LOCALE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\SERVIZIO DI RETE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CTFMON.EXE c:\windows\system32\ctfmon.exe MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Collegamento a OUTLOOK collegamento a outlook.lnk MSI-9621470E81\Stefano Avvio
    Google Update "c:\windows\system32\config\systemprofile\impostazioni locali\dati applicazioni\google\update\googleupdate.exe" /c NT AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Google Update "c:\windows\system32\config\systemprofile\impostazioni locali\dati applicazioni\google\update\googleupdate.exe" /c .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    IgfxTray c:\windows\system32\igfxtray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ImageBrowser EX Agent c:\progra~1\canon\imageb~1\mfmana~1.exe All Users Esecuzione automatica (Comune)
    LwbWheel lwbwheel.lnk MSI-9621470E81\Stefano Avvio
    MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MSMSGS "c:\programmi\messenger\msmsgs.exe" /background MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NeroFilterCheck c:\windows\system32\nerocheck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Persistence c:\windows\system32\igfxpers.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    QuickTime Task "c:\programmi\quicktime\qttask.exe" -atboottime All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    RTHDCPL rthdcpl.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SearchEngineProtection c:\programmi\gamesbar\searchengineprotection.exe MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Skype "c:\programmi\skype\phone\skype.exe" /nosplash /minimized MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    avgnt "c:\programmi\avira\antivir desktop\avgnt.exe" /min All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    desktop desktop.ini NT AUTHORITY\SYSTEM Avvio
    desktop desktop.ini MSI-9621470E81\Stefano Avvio
    desktop desktop.ini .DEFAULT Avvio
    swg "c:\programmi\google\googletoolbarnotifier\googletoolbarnotifier.exe" MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    To the next,
    Sir Oliver
     
    Sir Oliver, Aug 27, 2017
    #21
    1. Advertisements

  2. Sir Oliver

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,006
    Likes Received:
    380
    Location:
    Florida
    https://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html
    http://www.hardwareforums.com/search/search
    http://startups.glarysoft.com/ImageBrowser EX Agent/MFMANA~1.EXE/88413/

    the above websites are some of the ones you can use to search for startup programs and whether they are needed or not

    ----------------------


    Atheros, network adapter, there should be no reason to be in startup as that should be hardware, disable and see if you can still connect to the internet if you can , then delete the entry from startup

    ------------

    https://www.bleepingcomputer.com/startups/APSDaemon.exe-27028.html

    decide if you need it on startup , go to above and check out the description

    ----------

    NOTE: most services will come on as you need them and do not need to be running in the background

    --------------

    adobearm.exe, you should not need this to run, you should check for updates manually,

    ---------

    http://www.hardwareforums.com/startup-list/adobeg-1-exe-adobe-gamma.599/

    adobeg~1.exe

    do not need

    -----------

    alcmtr ALCMTR.EXE X = delete!! Realtek AC97 Audio - Event Monitor. Spyware file used surreptitiously to monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers.

    ----------

    CDAServer CDASrv.exe U = user decide Installed with certain Samsung printers and scanners, this file is part of the Samsung Easy Printer Manager which can also be installed as a separate software. Unless you are sharing this printer on a network or use the printer to scan, this file does not need to run.

    -----------

    ctfmon.exe

    https://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html

    not needed

    do not know why you have it listed 5 times, but read through a few of the search hits from the below link:

    https://www.google.com/search?q=CTF...0..0.0....0...1..64.psy-ab..0.0.0.MYVaPItoeRc

    ----------
    google update, delete, and did you know that google no longer supports xp, you should go with firefox 52 ESR for xp

    -----------

    igfxtray, delete

    --------

    mfmana~1.exe

    http://www.shouldiremoveit.com/Canon-Utilities-ImageBrowser-EX-17141-program.aspx

    this does not need to run on startup

    --------

    msmsgs.exe

    do you use windows messenger?? you should delete this!!

    MSMSGS msmsgs.exe U Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
    ---------------

    NeroFilterCheck NeroCheck.exe U Associated with "Nero Burning Rom" CD writing software. Checks for driver issues

    do not need this to startup

    ------------

    igfxpers.exe do not need this

    persistence igfxpers.exe N Associated with the Common User Interface module for Intel graphics cards

    ---------

    QuickTime Task Qttask.exe N System Tray access to Apple's "Quick Time" viewer from version 5 onwards

    not needed at startup
    ------

    rthdcpl RTHDCPL.EXE N Realtek HD Audio Sound Effect Manager

    Realtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemes

    ------------

    searchengineprotection.exe

    you should delete this, and you NEVER need extra toolbars so you should delete any toolbars from your browsers

    ----------

    Skype Skype.exe N "Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"

    do not need on startup

    ------------

    avguard AVGNT.EXE Y Background task of the AntiVir antivirus program which scans files transparently in the background
    avgctrl AVGNT.EXE Y Background task of the AntiVir antivirus program which scans files transparently in the background
    avgnt avgnt.exe Y Background task of the AntiVir antivirus program which scans files transparently in the background

    your antivirus should always go on startup, it is your protection

    -------------

    swg "c:\programmi\google\googletoolbarnotifier\googletoolbarnotifier.exe" MSI-9621470E81\Stefano HKU\S-

    delete above

    ----------
     
    Elizabeth23, Aug 28, 2017
    #22
    1. Advertisements

  3. Sir Oliver

    Sir Oliver

    Joined:
    Aug 22, 2017
    Messages:
    16
    Likes Received:
    0
    Hallo!
    Before doing the things you told me about uninstalling avira ecc., I started with the things you told me about deleting items from msconfig.
    I have done all of them you list, and at in the end the msconfig had only two or three items flagged on.
    Incredibly, when I opened the tab, the "Avire" item, that I had un-flagged before, was again on. I am sur I saved the changing.
    Well. After all this deleting, I booted again the pc. My first check was to lok for "that" svchost, and it was still there, 50%. Just after, an avira warning with the usual ad about TR/Trash.Gen and the Luke filewalker" running.
    Just to complete the picture, I checked the msconfig tab of automatic startin programs; do you believe me ? ALL the items I had previously un-flagged was flagged again, even if I did nothingor not saved the changings.
    Never mind.
    I went on to download the avira removal tool. Not. Internet did not work any more.
    I turned off the pc, the router, waited ten minutes, turned on the router, turned on pc: internet worked.
    I can not understaend.
    Where did I make a mistake ?
    Now I'll read the pdf that explains the avira removal tool.
    But I prefer to wait for your answer before going on.
    --
    Thank you in advance,
    Sir Oliver
     
    Sir Oliver, Aug 28, 2017
    #23
  4. Sir Oliver

    Sir Oliver

    Joined:
    Aug 22, 2017
    Messages:
    16
    Likes Received:
    0
    P.S.: There is not any way to download avira removal tool. The lik you wrote only allows to open a page for dowloading a .pdf that explains how the procedure must be performed. BUT on the page itself is written that avira gives no more any executable software to do that function, and that the user should only use the ordinary procedure with control panel.:(
     
    Sir Oliver, Aug 28, 2017
    #24
  5. Sir Oliver

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,006
    Likes Received:
    380
    Location:
    Florida
    sorry about that link, you will just have to use the control panel/add or remove programs, I would do this from safe mode, and when back in normal boot I would do a search for Avira and delete anything about avira antivirus

    just another way to show that avira no longer supports xp, :)

    NOTE: when you remove your antivirus do it with the internet disconnected and do not reconnect to the internet until you have install a antivirus. :)

    in msconfig, you removed the checkmark, correct?

    you may also have to go to start/control panel/administrative tools/ services and look for any service pertaining to these items and either set the service to disabled or manual. disabled if you do not need this service at all, (updaters, and the like) other services can be set to manual as they will come on as needed such as when you open the program inherent to the service.

    and you do need to disable system restore service

    when working with the services, even though it is time consuming, it is better to do a couple at a time, reboot, then check to see if the pc has been affected by your actions, a good website to check on the usefulness of services is black viper:

    http://www.blackviper.com/service-c...32-bit-service-pack-3-service-configurations/

    also when you work with the msconfig, when you reboot msconfig will open and then you just need to place a check mark where it says do not display this again.
     
    Elizabeth23, Aug 28, 2017
    #25
  6. Sir Oliver

    Sir Oliver

    Joined:
    Aug 22, 2017
    Messages:
    16
    Likes Received:
    0
    Hallo.
    And excuse me for my late.
    Really, I have been undecided about what to do.
    So I tried again to follow all your previos tips, obviously with the same results, except that for a short time the disabled msconfig sturt-up items kept disabled at the first two reboots time (but not now: I really can not understaend)
    I tried to execute with the maximum attention what you wrote, but always arriving at a point that I can not follow.
    For example, when you say:
    you may also have to go to start/control panel/administrative tools/ services and look for any service pertaining to these items and either set the service to disabled or manual. disabled if you do not need this service at all, (updaters, and the like) other services can be set to manual as they will come on as needed such as when you open the program inherent to the service.
    I am not able to recognize what service is pertaining to what activity; I do not know what each activity does, and above all, as if I knew, I can not find any way in the shown options, to set some of that to disabled state. Ant the list is a very long one, about one hundred lines.
    ---
    As a second, I am strongly scared about uninstall avira from control panel, and deleting all what I see, without the removal tools, as I have already made the experience that this way does not work, as the antivirus suites always are linked to such a lot of routines, dll, register entries, and so on, that some remains, so that the antivirus you try to install after you deleted the first in that way, does not install, installation aborts.
    If something like that happens now to me, it would impossible for me to get backward, as avira for xp is no more available, and so I woul remain without any protection and with an infected pc, and a troyan inside it that is just waiting to make damages.
    --
    So I need to be more conscious about what to do, as a "lame" pc, a partially working pc, is always better than a dead pc.;)
    --
    To sum up:
    can you help me in finding the genuine avira removal tool, as I can try to remove avira in a safe way ?
    or - as an alternative - can you teach me all what the things I could be care of about manually delete from control panel ordirectly from "resources" exploration ?
    ------
    I really hope you are not disappointed with this mine behaviur, but I would be very, very damaged if I remain without my pc in this moment.
    Waiting for a new post of yours,
    Sir Oliver:)
     
    Sir Oliver, Aug 29, 2017
    #26
  7. Sir Oliver

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,006
    Likes Received:
    380
    Location:
    Florida
    do you know how to use add/remove??

    1. there is no removal tool for avira for xp, I have looked, you are free to contact avira and see if they will assist you.

    2. did you go to the black viper site in my last reply?? that explains all the services and in another link within the site is one for oddball services and any others after that you can search online for descriptions.

    http://www.dummies.com/computers/op...d-share-files-with-other-pcs-on-your-network/

    above link has some clarified instructions.

    3. when I remove a program either with it's removal tool or from the add/remove program these are the steps I follow:

    --remove program and reboot
    --open Folder Options and choose Show hidden files and folders, remove check from Hide extensions for known file types, and uncheck Hide protected operating system files
    --I like to use search companion :), open search ensure that under options that you have search hidden folders
    --then choose search all files and folders
    --type Avira into search box
    --then choose search
    --in the results box when/if items come up you can right click on them and choose open containing folder, then you can insure that it is an avira product and delete it.
    --do this for all avira folders and/or files
    --reboot

    -------------------------

    now I do the same in the registry

    start/run/ type in regedit
    click ok
    go to edit, click on find
    in search box you would type avira
    click on find next

    NOTE: if you have never worked the registry you can look at the link below, you have to be very careful in the registry.

    https://www.lifewire.com/how-to-add-change-delete-registry-keys-values-2625145

    please read through the link

    -----------------------

    I have given you a link to download an antivirus should you choose to remove and replace avira. before you ever remove an antivirus, ensure you have an offline installer for a replacement, that you have disconnected from the internet and have the time to spare to uninstall/reboot/install and scan ALL before reconnecting to the internet

    ---------------------

    I do not mind assisting you but it would be better if you actually read some of the links I provide. In this way you will actually learn what it is that I am asking you to do and understand why. :)
     
    Elizabeth23, Aug 29, 2017
    #27
  8. Sir Oliver

    Sir Oliver

    Joined:
    Aug 22, 2017
    Messages:
    16
    Likes Received:
    0
    Hallo, Elizabeth.
    I just want to thank you for all your efforts and advices and tips and link.
    I think you had just hit squarely, as I need to get more skill about many of the points you indicated, so that I can move a little more skilled and a little less scared when leaving avira.:mad:
    So I decided to keep the current situation for a little time, studing things, using pc (killing "that" svchost) for my jobs that in these days are a lot.
    I will get in touch with you again when I am ready.
    Just a thing I am thinking to: do you think that the antivirus you suggested me to use (360...) will support xp for enough time, or do I have to think about moving to something new ? And, in this case, what ? I have a very, very little practice of Win-10, and I must say I really don't like it.
    Please, let me know your opinion.
    Thank you very very much, and to the next time.
    :):):)
     
    Sir Oliver, Aug 30, 2017
    #28
  9. Sir Oliver

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,006
    Likes Received:
    380
    Location:
    Florida
    I use 360 myself and plan to keep it for awhile as the company has no plans as of yet to stop support for xp. I am pretty sure that I will still be here if and when you need more assistance. :)
     
    Elizabeth23, Aug 30, 2017
    #29
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.