Solved Get to step 4 start scan, blue screen, and shut down

[Bobbye]

'Running' and starting on boot aren't the same thing:

If a program, application or 'other' starts on boot, it will continue to run in the background. As you surf, you pickup temporary internet files or temp files from downloads and adding these tot he startup can slow you down.

The only programs that are needed on the Startup menu are:
Antivirus program
Firewall if you have a third party firewall
Touchpad if you're on a desktop
Network process is you have something like Network Magic installed.
Nothing else> including a printer.

All those other processes, including Java will 1. Start as needed or 2. can be started through All Programs.

Basically, every process on the system puts itself on the Startup menu. And many have Services set to automatic startup. This is an unnecessary waste of resources. Auto updates can be stopped except for AV and Windows if you chose it.

If you can wait a bit, I'll set up the HijackThis log with entries to remove and stop. It will include changing Service startup and uninstalling some processes. It will take a while though so be patient- okay?

Don't make any changes yet.

 

[blairman]

got nothing but time. thanks for your help
blairman

 

[Bobbye]

Thanks for your patience! I just go a new Dell Mini and have been trying to set it up between replies here.

I've copied the HJT log so I can work right from it.

 

[Bobbye]

Suggest you print this to refer to it later. You will need the process names to take off of Startup.

Please reopen HijackThis to 'do system scan only.' Check each of the following, if present. Do not click on Fix All until all entries are checked:

C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\ctfmon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx>>
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" x
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe x
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe x
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime x
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

Close all Windows except HJT and click on "Fix Checked"
=================================
Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Click on Start> Run> type in services.msc> double click on each of the follow and set as instructed:
Java QuickStarter> set Startup type to Disabled> Stop the Service
LexBceS> Set Startup type to Manual
Exit Services

Click on Start> Run> type in msconfig> enter> Selective startup> Startup tab> find the processes that are checked matching those you checked in the HJT log for removal and Uncheck each of them. When finished> Apply> OK.
Reboot into Normal Mode:
NOTE: The first reboot after making changes in mscongig gives a nag message. Ignore and close after checking 'don't show this message again.' Stay in Selective Startup to keep the changes.

Adobe needs to be updated to v9.xx: Visit this Adobe Reader site and make sure you have the most current update.(now v6u20) Uninstall any earlier updates as they are vulnerabilities.

Have the problem been resolved?

 

[blairman]

thanks Bobbye, i have company today, so i will complete this task wednesday morning with the fresh pot. (of coffee)
blairman

 

[Bobbye]

Enjoy your company- and the pot of coffee tomorrow! Don't leave though because we still have couple of things to do. Let me know if you have any questions.

 

[blairman]

Bobbye, good morning, i printed the list. ran hijack do system scan only, i compared the list you gave me to the results of the scan. i checked the boxes on the scan of items that were on your list. i did not check any other boxes. i checked 20 boxes, about half of the available boxes, and there were about 20 items on your list that did not show up on the scan.
i selected fix checked
rebooted into safe mode, made the 2 changes in services.msc, clicked apply then ok
in msconfig i selected the dot selective startup, then went to the startup tab. i only had one item there, not matching anything on list, so i exited that. i rebooted, but i did not get any 'nag' message.
i updated adobe to v9.3.
computer seems to have a lot less thrashing when starting. my antivirus does not start, i probably can fix that.
where do we go from here???
thanks
blairman

 

[Bobbye]

my antivirus does not start, i probably can fix that.

My fault! I forgot to remove the antivirus program when I copied you log back. I had you uncheck the following in the HijackThis log:
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

My apology- that was a mistake. Please go back to msconfig Startup menu and make sure all the processes for Avira are checked. If you need to expand the command column to see more, click on the crosshair, as in image below> hold left mouse button down and move to the right:

Do that now please.

 

[blairman]

Hi Bobbye, well, i went back into msconfig, but i only have 3 items there, 2 appear to be adobe related. i went into services and rechecked the 2 lines that dealt with avira. what is wierd, is that when i open avira, it appears to be working and activated, but no little icon in the lower rh corner of desktop. also my wireless connection icon has a red x on it, but i am connected just fine. other than those 2 items, everything seems to be functioning just fine.
anything else to do, or have i graduated to "clean"
blairman

 

[blairman]

another update, after 3rd reboot, red x is gone from wireless network connection, cool.
antivirus is running, still not little icon, but that is not a big deal.
i ran an anti virus scan, found 5 files to quarantine
was able to get to microsoft update website, went thru registering and got error message, however, i see that my little yellow shield in the lower rh corner is telling me i have MS updates ready to instal, that is also cool.
what are your thoughts?
blairman

 

[blairman]

Bobbye, yet another update, MS just installed 15 updates. all seems to be back on track.
blairman

 

[Bobbye]

Okay, if problems have been resolved:

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Open the AV program and see if there is a place to check for the icon in toolbar.

If you have any more questions, let me know.

 

[blairman]

Extremely happy camper!!!

Bobbye, I can't thank you enough for you percervierence thru the process of debugging my laptop. i have completed all of the steps you recommended and my laptop is working much better than it ever has.
about the tray icon for Avira anti virus, i went to the support board for Avira, and there seems to be an issue with the disappearing tray icon. sometimes it comes back too. so i am not worried, i can open the console and verify that it is working. i created a new restore point, named it Rebirth. deleted the old ones.
you have been incredibly helpful and very patient and pleasant to work with.
thank you so much. my brother in law will be overjoyed to be able to get his email again without having to traverse a stairway.
thanks again
blairman

 

[Bobbye]

You're very welcome! Keep in mind that it's best to remove old files, folders and programs. They do occupy 'space' and if running, memory.

I'll close the thread since problems have been resolved.