svchost.exe with PID 1368

For the moment, I can give you the System Information you asked, hoping I had made the right chooise (I have titles in italian language).
Unfortunately, the columns are not mantained, so it is a bit more difficult to read.
Note that Avira entry has been disabled.

ACU c:\programmi\atheros\acu.exe -nogui All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
APSDaemon "c:\programmi\file comuni\apple\apple application support\apsdaemon.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe ARM "c:\programmi\file comuni\adobe\arm\1.0\adobearm.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Gamma Loader.exe c:\progra~1\fileco~1\adobe\calibr~2\adobeg~1.exe All Users Esecuzione automatica (Comune)
Alcmtr alcmtr.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CDAServer c:\programmi\file comuni\common desktop agent\cdasrv.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\SERVIZIO LOCALE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\SERVIZIO DI RETE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Collegamento a OUTLOOK collegamento a outlook.lnk MSI-9621470E81\Stefano Avvio
Google Update "c:\windows\system32\config\systemprofile\impostazioni locali\dati applicazioni\google\update\googleupdate.exe" /c NT AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Google Update "c:\windows\system32\config\systemprofile\impostazioni locali\dati applicazioni\google\update\googleupdate.exe" /c .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray c:\windows\system32\igfxtray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ImageBrowser EX Agent c:\progra~1\canon\imageb~1\mfmana~1.exe All Users Esecuzione automatica (Comune)
LwbWheel lwbwheel.lnk MSI-9621470E81\Stefano Avvio
MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSMSGS "c:\programmi\messenger\msmsgs.exe" /background MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck c:\windows\system32\nerocheck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Persistence c:\windows\system32\igfxpers.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task "c:\programmi\quicktime\qttask.exe" -atboottime All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RTHDCPL rthdcpl.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SearchEngineProtection c:\programmi\gamesbar\searchengineprotection.exe MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Skype "c:\programmi\skype\phone\skype.exe" /nosplash /minimized MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avgnt "c:\programmi\avira\antivir desktop\avgnt.exe" /min All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini NT AUTHORITY\SYSTEM Avvio
desktop desktop.ini MSI-9621470E81\Stefano Avvio
desktop desktop.ini .DEFAULT Avvio
swg "c:\programmi\google\googletoolbarnotifier\googletoolbarnotifier.exe" MSI-9621470E81\Stefano HKU\S-1-5-21-2152793195-2183735808-3527195152-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

To the next,
Sir Oliver
 
https://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html
http://www.hardwareforums.com/search/search
http://startups.glarysoft.com/ImageBrowser EX Agent/MFMANA~1.EXE/88413/

the above websites are some of the ones you can use to search for startup programs and whether they are needed or not

----------------------


Atheros, network adapter, there should be no reason to be in startup as that should be hardware, disable and see if you can still connect to the internet if you can , then delete the entry from startup

------------

https://www.bleepingcomputer.com/startups/APSDaemon.exe-27028.html

decide if you need it on startup , go to above and check out the description

----------

NOTE: most services will come on as you need them and do not need to be running in the background

--------------

adobearm.exe, you should not need this to run, you should check for updates manually,

---------

http://www.hardwareforums.com/startup-list/adobeg-1-exe-adobe-gamma.599/

adobeg~1.exe

do not need

-----------

alcmtr ALCMTR.EXE X = delete!! Realtek AC97 Audio - Event Monitor. Spyware file used surreptitiously to monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers.

----------

CDAServer CDASrv.exe U = user decide Installed with certain Samsung printers and scanners, this file is part of the Samsung Easy Printer Manager which can also be installed as a separate software. Unless you are sharing this printer on a network or use the printer to scan, this file does not need to run.

-----------

ctfmon.exe

https://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html

not needed

do not know why you have it listed 5 times, but read through a few of the search hits from the below link:

https://www.google.com/search?q=CTF...0..0.0....0...1..64.psy-ab..0.0.0.MYVaPItoeRc

----------
google update, delete, and did you know that google no longer supports xp, you should go with firefox 52 ESR for xp

-----------

igfxtray, delete

--------

mfmana~1.exe

http://www.shouldiremoveit.com/Canon-Utilities-ImageBrowser-EX-17141-program.aspx

this does not need to run on startup

--------

msmsgs.exe

do you use windows messenger?? you should delete this!!

MSMSGS msmsgs.exe U Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
---------------

NeroFilterCheck NeroCheck.exe U Associated with "Nero Burning Rom" CD writing software. Checks for driver issues

do not need this to startup

------------

igfxpers.exe do not need this

persistence igfxpers.exe N Associated with the Common User Interface module for Intel graphics cards

---------

QuickTime Task Qttask.exe N System Tray access to Apple's "Quick Time" viewer from version 5 onwards

not needed at startup
------

rthdcpl RTHDCPL.EXE N Realtek HD Audio Sound Effect Manager

Realtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemes

------------

searchengineprotection.exe

you should delete this, and you NEVER need extra toolbars so you should delete any toolbars from your browsers

----------

Skype Skype.exe N "Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"

do not need on startup

------------

avguard AVGNT.EXE Y Background task of the AntiVir antivirus program which scans files transparently in the background
avgctrl AVGNT.EXE Y Background task of the AntiVir antivirus program which scans files transparently in the background
avgnt avgnt.exe Y Background task of the AntiVir antivirus program which scans files transparently in the background

your antivirus should always go on startup, it is your protection

-------------

swg "c:\programmi\google\googletoolbarnotifier\googletoolbarnotifier.exe" MSI-9621470E81\Stefano HKU\S-

delete above

----------
 
Hallo!
Before doing the things you told me about uninstalling avira ecc., I started with the things you told me about deleting items from msconfig.
I have done all of them you list, and at in the end the msconfig had only two or three items flagged on.
Incredibly, when I opened the tab, the "Avire" item, that I had un-flagged before, was again on. I am sur I saved the changing.
Well. After all this deleting, I booted again the pc. My first check was to lok for "that" svchost, and it was still there, 50%. Just after, an avira warning with the usual ad about TR/Trash.Gen and the Luke filewalker" running.
Just to complete the picture, I checked the msconfig tab of automatic startin programs; do you believe me ? ALL the items I had previously un-flagged was flagged again, even if I did nothingor not saved the changings.
Never mind.
I went on to download the avira removal tool. Not. Internet did not work any more.
I turned off the pc, the router, waited ten minutes, turned on the router, turned on pc: internet worked.
I can not understaend.
Where did I make a mistake ?
Now I'll read the pdf that explains the avira removal tool.
But I prefer to wait for your answer before going on.
--
Thank you in advance,
Sir Oliver
 
P.S.: There is not any way to download avira removal tool. The lik you wrote only allows to open a page for dowloading a .pdf that explains how the procedure must be performed. BUT on the page itself is written that avira gives no more any executable software to do that function, and that the user should only use the ordinary procedure with control panel.:(
 
sorry about that link, you will just have to use the control panel/add or remove programs, I would do this from safe mode, and when back in normal boot I would do a search for Avira and delete anything about avira antivirus

just another way to show that avira no longer supports xp, :)

NOTE: when you remove your antivirus do it with the internet disconnected and do not reconnect to the internet until you have install a antivirus. :)

in msconfig, you removed the checkmark, correct?

you may also have to go to start/control panel/administrative tools/ services and look for any service pertaining to these items and either set the service to disabled or manual. disabled if you do not need this service at all, (updaters, and the like) other services can be set to manual as they will come on as needed such as when you open the program inherent to the service.

and you do need to disable system restore service

when working with the services, even though it is time consuming, it is better to do a couple at a time, reboot, then check to see if the pc has been affected by your actions, a good website to check on the usefulness of services is black viper:

http://www.blackviper.com/service-c...32-bit-service-pack-3-service-configurations/

also when you work with the msconfig, when you reboot msconfig will open and then you just need to place a check mark where it says do not display this again.
 
Hallo.
And excuse me for my late.
Really, I have been undecided about what to do.
So I tried again to follow all your previos tips, obviously with the same results, except that for a short time the disabled msconfig sturt-up items kept disabled at the first two reboots time (but not now: I really can not understaend)
I tried to execute with the maximum attention what you wrote, but always arriving at a point that I can not follow.
For example, when you say:
you may also have to go to start/control panel/administrative tools/ services and look for any service pertaining to these items and either set the service to disabled or manual. disabled if you do not need this service at all, (updaters, and the like) other services can be set to manual as they will come on as needed such as when you open the program inherent to the service.
I am not able to recognize what service is pertaining to what activity; I do not know what each activity does, and above all, as if I knew, I can not find any way in the shown options, to set some of that to disabled state. Ant the list is a very long one, about one hundred lines.
---
As a second, I am strongly scared about uninstall avira from control panel, and deleting all what I see, without the removal tools, as I have already made the experience that this way does not work, as the antivirus suites always are linked to such a lot of routines, dll, register entries, and so on, that some remains, so that the antivirus you try to install after you deleted the first in that way, does not install, installation aborts.
If something like that happens now to me, it would impossible for me to get backward, as avira for xp is no more available, and so I woul remain without any protection and with an infected pc, and a troyan inside it that is just waiting to make damages.
--
So I need to be more conscious about what to do, as a "lame" pc, a partially working pc, is always better than a dead pc.;)
--
To sum up:
can you help me in finding the genuine avira removal tool, as I can try to remove avira in a safe way ?
or - as an alternative - can you teach me all what the things I could be care of about manually delete from control panel ordirectly from "resources" exploration ?
------
I really hope you are not disappointed with this mine behaviur, but I would be very, very damaged if I remain without my pc in this moment.
Waiting for a new post of yours,
Sir Oliver:)
 
do you know how to use add/remove??

1. there is no removal tool for avira for xp, I have looked, you are free to contact avira and see if they will assist you.

2. did you go to the black viper site in my last reply?? that explains all the services and in another link within the site is one for oddball services and any others after that you can search online for descriptions.

http://www.dummies.com/computers/op...d-share-files-with-other-pcs-on-your-network/

above link has some clarified instructions.

3. when I remove a program either with it's removal tool or from the add/remove program these are the steps I follow:

--remove program and reboot
--open Folder Options and choose Show hidden files and folders, remove check from Hide extensions for known file types, and uncheck Hide protected operating system files
--I like to use search companion :), open search ensure that under options that you have search hidden folders
--then choose search all files and folders
--type Avira into search box
--then choose search
--in the results box when/if items come up you can right click on them and choose open containing folder, then you can insure that it is an avira product and delete it.
--do this for all avira folders and/or files
--reboot

-------------------------

now I do the same in the registry

start/run/ type in regedit
click ok
go to edit, click on find
in search box you would type avira
click on find next

NOTE: if you have never worked the registry you can look at the link below, you have to be very careful in the registry.

https://www.lifewire.com/how-to-add-change-delete-registry-keys-values-2625145

please read through the link

-----------------------

I have given you a link to download an antivirus should you choose to remove and replace avira. before you ever remove an antivirus, ensure you have an offline installer for a replacement, that you have disconnected from the internet and have the time to spare to uninstall/reboot/install and scan ALL before reconnecting to the internet

---------------------

I do not mind assisting you but it would be better if you actually read some of the links I provide. In this way you will actually learn what it is that I am asking you to do and understand why. :)
 
Hallo, Elizabeth.
I just want to thank you for all your efforts and advices and tips and link.
I think you had just hit squarely, as I need to get more skill about many of the points you indicated, so that I can move a little more skilled and a little less scared when leaving avira.:mad:
So I decided to keep the current situation for a little time, studing things, using pc (killing "that" svchost) for my jobs that in these days are a lot.
I will get in touch with you again when I am ready.
Just a thing I am thinking to: do you think that the antivirus you suggested me to use (360...) will support xp for enough time, or do I have to think about moving to something new ? And, in this case, what ? I have a very, very little practice of Win-10, and I must say I really don't like it.
Please, let me know your opinion.
Thank you very very much, and to the next time.
:):):)
 
I use 360 myself and plan to keep it for awhile as the company has no plans as of yet to stop support for xp. I am pretty sure that I will still be here if and when you need more assistance. :)
 
You must log in or register to reply here.
Back
Top