help with processess, zog u better post!

[DocTrebor Profile]

my laptop is runnin slow and has to many processes going in my opinion, so could you guys tell me which of these processes i dont need and how to keep em from poppin up? im sure i could just take a screen shot but i dont know where to upload it at, oh well, so here it is

mcagent.exe owner

explorer.exe owner

radimgr.exe owner

svchost. exe system

googletoolbarnotifier.exe owner

brmfcmon.exe owner

taskmgr.exe owner

alg.exe local service

brmfcwnd.exe owner

ctfmon.exe owner

wcescomm.exe owner

MSASCui.exe owner

siteadv.exe owner

brctrcen.exe owner

lexpps.exe system

spoolsv.exe system

brss01a.exe system

mpfsrv.exe system

jusched.exe owner

pptd40nt.exe owner

mcssysmon.exe system

iexplore.exe owner

svchost.exe local service

mcshield.exe system

svchost.exe network service

redirsvc.ext system

svchost.exe system

mcpromgr.exe system

msmpeng.exe system

mcods.exe system

eabservr.exe owner

svchost.exe newtowrk service

mcnasvc.exe system

svchost.exe system

mcmscvc.exe system

lsass.exe system

services.exe system

winlogon.exe system

csrss.exe system

smss.exe system

wdfmgr.exe local service

svchost.exe system

hwapi.exe system

brmfrmps.exe system

saservice.exe system

syntplpr.exe owner

viewmgr.exe owner

nvsvc32.exe system

syntpenh.exe owner

system system

system idle procesws system



thanks guys, sorry for the long post!

[Lord ZOG Profile]

Typical off-the-shelf shovelware victim. It's tough to tell you exactly what to get rid of, but if it were my machine I'd hose the following;

McAfee - Latin for useless. Resource hog. Easily 6-7 different processes in that list. Uninstall completely, then install AVG Free Edition (http://free.grisoft.com).

viewmgr.exe is useless (thank you Steve Case).
jusched.exe is useless (RealPlayer updater).
redirsvc.ext sounds like a URL\DNS hijacker. Disable or uninstall.
eabservr.exe is for quick launch\customizable buttons on your laptop. I'd heave it.
radimgr.exe No idea what this is, sounds suspiscious.
msmpeng.exe is related to Windows Live Care. Does similar things to McAfee. Make your decision which to keep and heave (I trust AVG implicitely).
msmpeng.exe is related to Windows Defender. How many effin Anti-Spyware apps does one need?
pptd40nt.exe is a scanner driver, not needed for your system to run.
brss01a.exe is a printer drive (Brother), as is brmfrmps.exe. In reality there's no need for this shit to be running.
lexpps.exe is for a Lexmark printer (how many effin pritners do you have??).

All the svchost.exe's are applications running as services, which is normal. Some applications install themselves as services (a service is a program that runs on its own with no input from the end user, and doesn't need a user to logon to run).

I like using AutoRuns to disable AND remove entries from my registry\startup. It's a free download from Microsoft's Technet site. Do a Google search for AutoRuns and you'll find it.

Typically, I run Autoruns, then scan each process not labeled Microsoft...then think long and hard about if I really need that process to be running. Anything that shows up with a blank "Company" entry is immediately suspiscious to me, but not necessarily un-needed...so don't delete the entries, just uncheck them (in case you screw up you can easily re-enable the process).

Let me make a wild guess, too. This is a Gateway?

[Lord ZOG Profile]

By the way, quick print screen method;

Alt+ PrntScrn.

That sends a bitmap copy of ONLY the open window (more specifically the window in focus) to your clipboard. Open Paint or Word and just click "Edit" then "Paste" and Viola! A neat, bitmap of ONLY the window you want.

How many times do my clients send me screen shots of their entire desktops!?!?

[DocTrebor Profile]

hp...lol, btw if this means anything i took a logfile from hijackthis


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:51:16 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Spfaudu - Sony Corporation - (no file)

--
End of file - 10284 bytes

[DocTrebor Profile]

once i figure out how to uninstall mcaffee..lol, i take your word on avg all the way, if it keeps shit off my computer im happy.

im gonna take a look at this autorun, any more helpful tools i can use with my computer to make it run as fast and smooth as possible? thanks zog, you are the man! if you need a lawyer someday, like for your will or somethin let me know!


in the meantime, the omen is on hbo and i havent seen it, so peace!

[Lord ZOG Profile]

Using HijackThis, anything that reports a "missing file" can be removed (or "Fixed", as HiJackThis says).

You can see from the HiJackThis log, that McAfee occupies nearly 10 seperate services (why the fuck use a computer anymore? I'll just go watch TV).

Get rid of McAfee from your Add\Remove applet under your Control Panel (Start, Control Panel or Start, Settings, Control Panel).

Some versions of McAfee are tough to uninstall, even using their own uninstall feature (all the more reason to never use it). It may ask you to turn off running services, at which point you'll have to dig through your System Tray and right-click any McAfee related icon and choose "Exit"...all the while wishing cancer upon the scumbags who developed this over-rated bloatware.

Good luck.

Your HiJackThis log indicates several other things needing attention, but we can tackle this one by one.

[Lord ZOG Profile]

While you're in your Add\Remove applet, scan the list for printing related software for printers you no longer use.

I clearly saw LexMark and Brother related software in those logs.

[DocTrebor Profile]

brother is the printer/fax i use, i have no need for the lexmark...zog, we can move this to messages to clear up forums if ya want. btw, how much should i paypal ya??

[BladeRunner Profile]

"we can move this to messages to clear up forums if ya want"
imo, keep it public, its good information for everyone that wants to clean
up their computer.
BTW, AVG is some of the best free/donation type software out there.
I have used it for years and I recommend it for everyone.

[DocTrebor Profile]

"we can move this to messages to clear up forums if ya want"
imo, keep it public, its good information for everyone that wants to clean
up their computer.
BTW, AVG is some of the best free/donation type software out there.
I have used it for years and I recommend it for everyone.

just thought about that, not a bad idea actually...plus its easier for me

[Lord ZOG Profile]

90% of software today is absolute crap. AVG is the exception, in my opinion. It's small, it's fast, it's efficient and it's frikin free. They do have a pay for version, which I sell to my clients with servers, but the free version is fully functional and effective.

Symantec, McAfee and TrendMicro are useless resources hogs. I see TrendMicro using 40MB of memory on people's machines and my spine wants to curl up in a ball.

I see McAfee running 12 services and four other registry launched applications and I wonder, "Why bother using a computer?"

I see freshly configured machines suddenly slow to a crawl and stop functioning correctly after installing Symantec's "latest and greatest" shitware, and Symantec's Tech Support's only response is, "Credit Card number?"

There isn't a hole deep enough for these dregs to fall in.

[smikey Profile]

Go to techspot.com they have a list of thing you don't need-just compare your list to theirs and take out what you don't need or want.

[Ldsmith104 Profile]

Thanks for all the info ZOG. I usually just reformat and do a clean install about once a year, which I'm in the middle of right now with my laptop. As for anti virus I use Norton corporate edition 7.6, I might try the AVG this time. Many years ago I bought Norton system works and installed the whole package, then wondered why my system started running slow. I used all of their tools to "optimize" my computer. Mysteriously after uninstalling it, my computer started running faster. The optimization must have worked

[Lord ZOG Profile]

Norton hides their most effective "optimization" in their Uninstall applet.

[Ldsmith104 Profile]

Zog you could do a great stand up routine at a tech conference