Background monitor

Bet51987 · Post by **Bet51987** » Mon Feb 02, 2009 4:24 pm

Is there a program that would run in the background to monitor what processes are running and how much of my cpu it's using while I play Descent? Something I can print out later?

I have an on and off again problem where some days I fly smooth and other days I'm skipping. I can kill most of my processes but not all of them which makes it better...

I have a Dell 4600, 3mb ram, and an nvidia 6200.

Thanks

Bee

Foil · Post by **Foil** » Mon Feb 02, 2009 5:24 pm

I don't know of any apps off the top of my head, but if you turn on the CPU Time column in the Task Manager Processes tab (View -> Select Columns in the menubar), you can compare the before and after CPU times for each process.

Bet51987 · Post by **Bet51987** » Mon Feb 02, 2009 6:14 pm

Foil wrote:I don't know of any apps off the top of my head, but if you turn on the CPU Time column in the Task Manager Processes tab (View -> Select Columns in the menubar), you can compare the before and after CPU times for each process.

Hi Foil..

I did that but it's fairly quiet while I'm viewing it. I want to know what's happening while I'm playing. This is driving me crazy.

Bee

Krom · Post by **Krom** » Mon Feb 02, 2009 8:12 pm

Process Explorer can be made to track the kind of information you want, although its a lot more complicated than task manager.

Duper · Post by **Duper** » Mon Feb 02, 2009 9:57 pm

Krom wrote:Process Explorer can be made to track the kind of information you want, although its a lot more complicated than task manager.

Very cool. Thanks Krom. I'll finally find out what the 2 dozen svchost.exe are.

TechPro · Post by **TechPro** » Mon Feb 02, 2009 10:41 pm

In the Control Panel, in the Administrative Tools, is a thing called 'Performance' which you can use to track the activity of almost ANYTHING the system does.

However, the 'Performane' tool is:
1 - Not user friendly if you've never used it before
2 - Poor at explaining what the different items you can monitor are and what the info means
3 - Poor (to pathetic) in helping you adjust the value ratios that may need adjusting to help the values you see be showing in graph lines that are meaningful.

But ... it does work pretty well. Just be sure you save what you setup, otherwise you have to recreate the settings the next time you run it.

Duper · Post by **Duper** » Tue Feb 03, 2009 1:07 am

On that note, if you don't know what you're doing, DON'T mess with it. You can really fubar your system.

.. i speak from xp

Foil · Post by **Foil** » Tue Feb 03, 2009 2:22 pm

Bet51987 wrote:I did that but it's fairly quiet while I'm viewing it. I want to know what's happening while I'm playing. This is driving me crazy.

No, no, no, not the 'CPU' column; I'm referring to the 'CPU Time' column (it's hidden by default). You don't have to monitor it, because it's a cumulative measure.

Just make note of the cpu times for each process before you start playing... play for a couple of hours... and then go back and look at the difference after you're done. The time for the process that's eating up your cpu cycles will have increased considerably more than the rest.

Bet51987 · Post by **Bet51987** » Tue Feb 03, 2009 4:30 pm

Foil wrote: No, no, no, not the 'CPU' column; I'm referring to the 'CPU Time' column (it's hidden by default). You don't have to monitor it, because it's a cumulative measure.

Just make note of the cpu times for each process before you start playing... play for a couple of hours... and then go back and look at the difference after you're done. The time for the process that's eating up your cpu cycles will have increased considerably more than the rest.

Ok, ok, ok,

I like the Process Explorer that Krom linked (Thank you) and made that one my default task manager because it's much more informative and cool. Anyway, I turned on the cpu time column.

If I leave Task Manager running, then play D3, how do I make Task Manager keep a record of what it's doing while I play and where would it keep this log. I only need to play for a few minutes to notice the jumpiness.

------------------

Duper, TechPro... I know how to change a Duplex outlet, wire a ceiling fan, and change our tractor oil, but the computer makes me nervous especially since he wasn't too happy last time I messed with the network. I'm careful what I delete now.

However, I've always been able to kill the processes in Task Manager on my computer using "enditall" but it's time consuming. Some of them come back and I have to kill them a few more times before they stay off. This takes about 6 full minutes before I can start playing.

So, now I'm on a mission to find the specific culprit.

I don't know if I mentioned it but we have Cox Cable, a Motorola modem, and a Netgear WGR614v9 router. I removed the router one time but the problem was still there.

Bettina

Foil · Post by **Foil** » Tue Feb 03, 2009 5:05 pm

Bet51987 wrote:Anyway, I turned on the cpu time column.

If I leave Task Manager running, then play D3, how do I make Task Manager keep a record of what it's doing while I play and where would it keep this log.

You don't have to leave it running while you play D3. Windows keeps track of the CPU Time measure whether Task Manager is running or not.

Also, it may be as simple as pen & paper. Just compare the CPU Time before and after for each process... if abc.exe was at 00:22 before you played, and is at 02:47 afterward, then it used the difference (2:25) in cpu cycles while you were playing.

Krom · Post by **Krom** » Tue Feb 03, 2009 5:07 pm

Rather than just straight killing the process responsible, find out what it is, where it came from and how to prevent it from running in the first place (if possible). In terms of safety, that is by far a better option than terminating processes from task manager or any other utility.

Bet51987 · Post by **Bet51987** » Tue Feb 03, 2009 8:12 pm

Ok, here is what I got. I took the image (game start), then joined Subway Dancer in less than a minute, played a few minutes, then left and took another image (Game End).

I only listed the processes that had more time than 00:00:00 so the other 25 processes aren't listed.

Bee

Krom · Post by **Krom** » Tue Feb 03, 2009 8:24 pm

Disable your antivirus program while playing D3 and see if it still happens.

AceCombat · Post by **AceCombat** » Tue Feb 03, 2009 8:59 pm

i see McAfee running, thats a huge resource hog.

Foil · Post by **Foil** » Wed Feb 04, 2009 10:02 am

x2 on that.

McAfee is a huge resource hog; since that mcshield process used 16 full seconds of cpu time during only a few minutes of gaming, I think that confirms it's your culprit.

Any chance you can switch to another antivirus?

Bet51987 · Post by **Bet51987** » Wed Feb 04, 2009 1:53 pm

Last night I shutdown McAfee and my game play was smooth but I want to try it again tonight to make sure....but here's the problem.

I used to use \"enditall\" to kill McAfee (and some others) but after a few minutes McAfee would pop back in again. After killing them twice more over several minutes they would finally stay dead. Then I could play D3 with just a minimal, but acceptable, choppiness.

But last night I used MSconfig to shut down the McAfee services which I noticed had more items than TaskMgr displayed. This required a reboot only to find that McShield was still there which I had to shoot three times in TaskMgr before it would stay dead. With McAfee completely gone I had a very smooth game with no choppiness noticed. After the game I have to go to Msconfig and turn them back on.

There is no option to close McAfee in it's security center so I have to go through this entire routine which I really hate doing.

McAfee comes along as part of Cox Cable and I don't know what other virus scanners are good. Any suggestions?

Bee

woodchip · Post by **woodchip** » Wed Feb 04, 2009 2:10 pm

Bee, try this:

http://www.avira.com/en/download/index.html

Foil · Post by **Foil** » Wed Feb 04, 2009 2:25 pm

I've also heard Avast! is good. Personally, I use AVG (free version) for all my machines. Both are much less resource-hungry, and from what I've read, consistently out-perform both McAfee and Norton.

[Edit: If/when you uninstall McAfee, go back and check the installed programs and services... I've seen their uninstallers leave stuff behind.]

AceCombat · Post by **AceCombat** » Wed Feb 04, 2009 2:36 pm

just because it came with a ISP doesnt mean you HAVE to use it. but your still learning

captain_twinkie · Post by **captain_twinkie** » Wed Feb 04, 2009 2:49 pm

Foil wrote:I've also heard Avast! is good. Personally, I use AVG (free version) for all my machines. Both are much less resource-hungry, and from what I've read, consistently out-perform both McAfee and Norton.

[Edit: If/when you uninstall McAfee, go back and check the installed programs and services... I've seen their uninstallers leave stuff behind.]

X2 on AVG

And when you do uninstall McAfee use the McAfee uninstaller tool.

Bet51987 · Post by **Bet51987** » Wed Feb 04, 2009 6:57 pm

Thanks for the help.

I'm going to try the AVG one on my desktop tommorrow (I have studies tonight) and run the same test. I'll report back.

Bee

Bet51987 · Post by **Bet51987** » Thu Feb 12, 2009 7:07 pm

Well, I still have problems. I got rid of McAfee and loaded AVG but my skipping is still the same. The good thing is that when I use \"enditall\" to kill all services that aren't critical to windows, I only have to do it once, instead of spending time killing McAfee two more times. They stay off for the entire game.

Since the list is small, I think I will kill them in groups until I find the culprit.

Another point with this problem is that it's worse if I'm in the middle of a lot of napalm explosions.

Again, I run smooth in all situations if I kill processes.

Bee

Krom · Post by **Krom** » Thu Feb 12, 2009 7:23 pm

Just out of curiosity, post a hijack this log file. ( Download: http://www.download.com/Trend-Micro-Hij ... 27353.html )

Also right off the bat, there are some programs I would get rid of, starting with: sightspeed.exe (unless you actually use it).

Msiexec.exe is a valid windows program, but it shouldn't be running all the time. Actually it is unusual for it to be running for any great length of time. I would find out why it is running and make some effort to correct whatever is causing it so the program exits like it should.

Internet explorer, if you aren't using it and do not have any windows open there should be no copies of it left in memory. Don't play with IE open, but if it is still there even after closing all windows, find out why and fix that too.

Wmpnetwk.exe is also a valid windows program (part of windows media player), but it likely provides functionality that you have never and will never use, if so it should be disabled.

At the very least you should prevent these programs from automatically starting with the computer since they will slow down the startup. When you post the hijack this log I may list off some more programs that you need to remove or disable.

Bet51987 · Post by **Bet51987** » Thu Feb 12, 2009 8:39 pm

Ok, thanks...

How do I post my log file here without making an image of it?

My IE is open because I launch using the exe function in the D3 descent.cx tracker.

Bee

Krom · Post by **Krom** » Thu Feb 12, 2009 8:46 pm

Click \"do a system scan and save a log file\", it should pop up a notepad window with the log in it, then just copy and paste.

Bet51987 · Post by **Bet51987** » Thu Feb 12, 2009 8:58 pm

Ok, here it is.....

Logfile of HijackThis v1.99.1
Scan saved at 9:45:15 PM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\WINDOWS\\system32\\RUNDLL32.EXE
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\SightSpeed\\SightSpeed.exe
C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe
C:\\WINDOWS\\Nhksrv.exe
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\WINDOWS\\system32\\CTsvcCDA.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
C:\\Program Files\\MagicTune Premium\\MagicTuneEngine.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\System32\\MsPMSPSv.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe
C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe
C:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqSTE08.exe
C:\\WINDOWS\\system32\\HPZinw12.exe
C:\\Apps\\HijackThis.exe

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0

\\ActiveX\\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [HPDJ Taskbar Utility] C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [DXM6Patch_981116] C:\\WINDOWS\\p_981116.exe /Q:A
O4 - HKLM\\..\\Run: [AppleSyncNotifier] C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
O4 - HKCU\\..\\Run: [H/PC Connection Agent] \"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\"
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [SightSpeed] \"C:\\Program Files\\SightSpeed\\SightSpeed.exe\" -bootmode
O4 - Startup: d3erase.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\\Program Files\\ieSpell\\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\\Program Files\\ieSpell\\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05

\\bin\\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network

Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\\program files\\bonjour\\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.cnn.com
O15 - Trusted Zone: http://www.intellicast.com
O15 - Trusted Zone: http://www.msnbc.msn.com
O15 - Trusted Zone: http://www.nurseconnect.com
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -

http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-

JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) -

http://zone.msn.com/bingame/fotg/defaul ... 0.0.37.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-

us/1,0,0,2/mcmysec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\\WINDOWS\\SYSTEM32\\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\\System32\\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device

Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\\WINDOWS\\system32\\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google
Updater\\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common

Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program

Files\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\SrvLnch\\SrvLnch.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\\Program Files\\MagicTune Premium\\MagicTuneEngine.exe
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\\WINDOWS\\Nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe

Bee

Krom · Post by **Krom** » Thu Feb 12, 2009 9:35 pm

Good. I'll go over the log a bit more tomorrow and find out how much of it you may want to disable or uninstall. At the least it will cut down on the tasks you have to end before playing a game.

To be continued.

Grendel · Post by **Grendel** » Fri Feb 13, 2009 1:28 am

Urgh, ActiveSync, iTunes, nhksrv (must be a Dell), CTsvcCDA (? gee, havn't seen that since W98

), LightScribe, got a QuickCam ?, Nvidia & Ati drivers ?, HP stuff (yuck !)..

I think I will leave this one to Krom

Spidey · Post by **Spidey** » Fri Feb 13, 2009 8:33 am

What does LightScribe have to do with QuickCam?

Grendel · Post by **Grendel** » Fri Feb 13, 2009 12:56 pm

Nothing. The above is just a list of things I recognized when skimming over the log.

Krom · Post by **Krom** » Fri Feb 13, 2009 12:57 pm

Oh sure, run off and leave me alone to clean up that mess...

Canuck · Post by **Canuck** » Fri Feb 13, 2009 2:24 pm

That HP software is awful, and I'm with Grendel with dumping all those running processes. Here is a great little application to help you in the startup wars;
http://www.mlin.net/StartupCPL.shtml

Run this app to help clean up files and backup/clean your registry of dead junk;
http://www.ccleaner.com/

There are several BHO objects and dead registry items that should go too. I suspect malware on the system... I read the hijak this log too but I'll leave that up to Krom as well

Was a fan of AVG for years but found Avast to be the better. Better detection rates and better plug-ins.

Krom · Post by **Krom** » Fri Feb 13, 2009 8:49 pm

Before disabling anything, I highly recommend either setting a system restore point, or making a backup of all the registry and startup settings you are going to change.

****************************************************

First: There are signs of Nvidia drivers on there, and signs of ATI drivers on there. And if anything is going to cause problems with video stuttering, having conflicting driver apps from different video cards would sure be one likely culprit. Find out what your current video card is, and clean up / remove all drivers for the other brand. Don't just kill the processes, remove the software completely.

Now for the rest:
Anything in that log marked \"O23 - Service:\" has to be disabled from services.msc, just hit run from windows and type \"services.msc\" without the quotes, run it and then find the service you are looking for, right click on it then select properties, then under startup type select \"Disabled\" or \"Manual\".
For anything marked \"O4 - HKCU\\..\\Run:\", \"O4 - HKLM\\..\\Run:\" or \"O4 - (Global/)Startup:\" use that StartupCPL that Canuck linked, the entries will be in the HKLM/HKCU or Startup(user/common) tabs. And don't worry, on most of these services and startup entries you can disable or delete them without even breaking the associated programs.

For the iTunes stuff: try setting its services to \"Manual\" including: Bonjour Service, Apple Mobile Device Service, and the iPodService. Then delete the iTunesHelper and AppleSyncNotifier O4 entries.

For everything else:
In the O4 block: Delete the Adobe Speed Launcher startup shortcut, SightSpeed, Microsoft ActiveSync (H/PC Connection Agent), DXM6Patch_981116 and the QuickTime Task.

In services set the startup type to \"Disabled\" for: Creative CDROM Access Service, MagicTuneEngine, LightScribe Service, NBService, Netropa NHK Server (Nhksrv), and the NMIndexingService.
Set the startup type to \"Manual\" for: InstallDriver Table Manager, LVCOMSer, Process Montior (LVPrvSrv), and LVSrvLauncher.

You can also try disabling/deleting everything from HP Digital Imaging software (pretty much everything that is from Hewlett-Packard in O4 or O23).

After all that, reboot and see how it works. If anything you use often errors out or otherwise doesn't work properly let us know.

Bet51987 · Post by **Bet51987** » Sat Feb 14, 2009 9:17 am

I don't believe I have any malware. I use CCleaner, EasyCleaner, and Spybot S&D at least once every two weeks and McAfee never came up with any viruses and neither has AVG. I like cleaning.

Krom... I will try everything you suggested but I have a couple of questions. We have a HP wireless printer in my dad's office that has no physical network cable and he prints to it from his wireless laptop which is the only computer he uses. In our computer room we have a HP laserjet hard-wired to the desktop computer where the cable modem, router, and two external backup drives are. This is where I play D3. I also have a wireless laptop in my room.

After I do all this will he still be able to print? I don't want a nail board raked across my face.

Bee

Krom · Post by **Krom** » Sat Feb 14, 2009 9:23 am

Yeah it shouldn't be a problem for the printer, but remember to keep all the settings for HP apps handy just in case.

Bet51987 · Post by **Bet51987** » Sun Feb 15, 2009 5:37 pm

Hi Krom... I'm doing this in stages and I made the following changes except for Sightspeed and the HP stuff. After the changes and without using my enditall program my D3 play was much better but still skipped when there was a lot of action. However, it was a noticeable improvement. Next time I play I will use enditall to close Sightspeed and HP and see what happens. I attached the new Hijack log at the bottom.

Thanks again...

Bee

Changed to Manual...

O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
Installdriver Table Manager
ProcessMonitor
LVSrvlaunch

Deleted...

Ituneshelper
AppleSyncNotifier entries
Adobe Speed Launcher
Microsoft Activesync connection agent
DXM6Patch
QuicktimeTask

Disabled...

Creative CDROM Access Service
Magictune Engine
LightScribe
Netropa
NMindexing

Logfile of HijackThis v1.99.1
Scan saved at 5:29:33 PM, on 2/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\Explorer.EXE
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\SightSpeed\\SightSpeed.exe
C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\System32\\MsPMSPSv.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
C:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe
C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe
C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqSTE08.exe
C:\\WINDOWS\\System32\\msiexec.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Apps\\HijackThis.exe

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [HPDJ Taskbar Utility] C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [SightSpeed] \"C:\\Program Files\\SightSpeed\\SightSpeed.exe\" -bootmode
O4 - Startup: d3erase.bat
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\\Program Files\\ieSpell\\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\\Program Files\\ieSpell\\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\\program files\\bonjour\\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.cnn.com
O15 - Trusted Zone: http://www.intellicast.com
O15 - Trusted Zone: http://www.msnbc.msn.com
O15 - Trusted Zone: http://www.nurseconnect.com
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/defaul ... 0.0.37.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/share ... cmysec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\\WINDOWS\\SYSTEM32\\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\\System32\\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\SrvLnch\\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe

Krom · Post by **Krom** » Sun Feb 15, 2009 6:06 pm

Yeah, just keep chipping away at it. Sometimes problems like that are the result of more than one program at a time interacting with others. Something else you might wanna try is if you have the little nvidia systray icon, right click that and hit exit (it shouldn't come back). Just one more little utility that doesn't need to be running.

Bet51987 · Post by **Bet51987** » Tue Feb 24, 2009 3:14 pm

Krom wrote:...You can also try disabling/deleting everything from HP Digital Imaging software (pretty much everything that is from Hewlett-Packard in O4 or O23).

Krom, This was the culprit..

C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe

If I go close it then go to D3 everything is smooth. Leave it in and I'm jumpy. I tested it for three nights.

This works for me. I just do a Ctrl-alt-Del to bring up task manager and close it out and then go to D3. It's quick and saves me from deleting it permanently and risk getting dad upset...again.

Thank you very much for the awesome help.

Bettina

Krom · Post by **Krom** » Tue Feb 24, 2009 4:15 pm

Cool.

Remember disabling stuff has the added benefit of making the computer startup faster. So even if it does no harm otherwise if its something you don't use or need you should still prevent it from starting automatically.

Background monitor

Background monitor

Re: Background monitor

Re: Background monitor

Re:

Re: Background monitor

Re: Background monitor

Re: Background monitor

Re:

Re: