I have grouped process according to their use and described most. If you aren't using the programs, each should be checked for removal by HijackThis, then on the reboot into Safe Mode, each should be UNCHECKED on Startup. If you do not use or plan to use any of ther, they should be uninstalled in Add/Remove Programs in the Control Panel and finally, the Services either chnaged to Manual or Disabled..
Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below according to the information I gave about their use. To remove, check:
1.
You are loading processes related to remote control of the system. If you are not actively using these processes, they should be stopped and/or removed. They are legitimate programs but should only have limited use:
C:\WINDOWS\system32\RemoteControlService.exe>> This is a legitimate process. ***Please see note at end>
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
RemotelyAnywhere: RemotelyAnywhere is a remote administration and remote control applications for Windows.
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe>>
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
CHECK all of the following for removal:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
(This is the BackWeb updater. It is bundled with Logitech (and other) products, installed with their programs and makes frequent accesses to the internet. It checks for software upgrades from Logitech.It does not need to run and should be removed)
File Sharing or P2P sites constantly expose the system to adware/spyware and viruses. I encourage you to remove BitComet:
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
Start> Run> tyoe in 'msconfig' without quotes> Selective Startup> Startup tab: IF you stopped these processes and are not actively using them, they should be UNCHEKED:
Any entry for Remote Control Service
Any entry for RemotelyAnywhere or LogMeIn
BitComet
Asus start up
Control Panel? Add/Remove Programs> UNINSTALL any of the following for which you have removed the running processes:
RemoteControl\Service
LogMeIn or RemotelyAnywhere
BitComet
Start> Run> services.msc> right click> Properties on each Service and set as follows:
RemoteControlService or ITECIRService> Disable
LogMeIn Maintenance Service > Manual or Disabbled
LogMeIn > Manual or Disabled
Search for each of the following files. IF found> right click> Delete. Please do this before the search: Tools> Folder Options> View tab> CHECK 'show hidden files ad folders'.
When through, go back and UNCHECK 'show hidden files and folders'.
Reboot the system into Normal Mode. You will get a nag message that you can close after checking 'don't show this message again'. Stay in Selective Startup.
***RemoteControlService.exe is able to record inputs. Therefore the technical security rating is 36% dangerous. There is an icon for this program on the taskbar next to the clock. The program has a visible window. There is no file information. The file is located in the Windows folder, but it is not a Windows core file.
*** Re: msconfig/auto:
Download a fix from Doug's site:
http://www.dougknox.com/xp/scripts_..._nomsconfig.htm
Please give system status.