Help please!!! - Split from other user's thread

[jholland1964]

I want you to run HJT again.
Put a checkmark next to this entry;
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINNT\system32\$sys$filesystem\$sys$DRMServer.e xe
When you have placed the checkmark then click the FIX button.
Reboot the computer.
Open HiJackThis and click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens you should then enter this
$sys$DRMServer
Then click OK.
Reboot and run a new HJT scan and post the log.

[bingo]

Hi Judy,

After selected, fix, and reboot the machine, I can not delete NT service $sts$DRMServer. The message popped up is:

The service '$Sys$DRMServer' is enabled and/or running. Disable it first, using HijackThis itself (from the scan results) or the services.msc window.

I guess your first step (scan and fix) is for the same purpose, but somehow it's not working. I tried to find this service from services.msc window, but can not identity which service is corresponding to "$sys$DRMServer".

Bingo

[ShadowPuterDude]

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to $sys$DRMServer or Plug and Play Device Manager (Whichever is present) ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the 'None of the above, just start the program' button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press 'OK':

$sys$DRMServer or Plug and Play Device Manager (Whichever you found above)

[bingo]

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to $sys$DRMServer or Plug and Play Device Manager (Whichever is present) ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the 'None of the above, just start the program' button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press 'OK':

$sys$DRMServer or Plug and Play Device Manager (Whichever you found above)

I can not stop the service. following "Microsoft Management Console" lessage popped out:

Could not stop the Plug and Play Device Manager service on local machine.
The service did not return an error. This could be an internal Windows error or an internal service error.
If the problem persists, contact your system adminstrator.

Any further suggestions?

[bingo]

I can not stop the service. following "Microsoft Management Console" lessage popped out:

Could not stop the Plug and Play Device Manager service on local machine.
The service did not return an error. This could be an internal Windows error or an internal service error.
If the problem persists, contact your system adminstrator.

Any further suggestions?

By disable the service first, then restart computer, then I can use HijackThis to delete $sys$DRMServer NT service. Here is the new HijackThis scan log. Please take a look what's else in my PC. Thanks!!!

[jholland1964]

Bingo you got it this time! SPD was correct as usual!
The log looks pretty good.
I would recommend you uninstall Xsoft. It is not needed. I also recommend that you install SpywareBlaster. Great FREE program, a must today. Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Just download, update and enable.This program DOES NOT run in the background.

I also recommend that you use Mike Lin's StartUpControlPanel to control your autostarts. Free program which, after download and install makes it super easy to disable or re-enable auto starting programs.

Here is a list of the items showing in your log which auto-start and are unnecessary for the smooth running of the computer. They all can be run manually.

ATIModeChange>>>System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
SetDefPrt>>>Used to set a Brother MFC printer/copier/scanner as the default printer after installation
BJCFD>>>BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
IPInSightMonitor 01>>>Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required
Gene USB Monitor>>>Monitors USB ports for insertion of Sandisk USB flashdrives.
SSBkgdUpdate>>>ScanSoft OmniPage auto updater. Can be disabled using the main program's options. Do manual updates
PaperPort PTD>>>"PaperPort" software associated with scanners, can be run manually
IndexSearch>>>Associated with PaperPort scanner software from ScanSoft
QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards
!AVG Anti-Spyware>>>Background scanner of AVG Anti-spy. Unless you purchased the program this portion will cease to function anyway after 30 days. I recommend disabling but keep the program itself for manual scanning. Even though it is the free version it's definitions CAN be updated and the program can be used to scan and remove malware/spyware/trojans.
swg>>>Related to GoogleToolbarNotifier from Google Inc. Disabling or enabling it is down to user preference. Note: Located in a subfolder of C:\Program Files\Google\GoogleToolbarNotifier
HijackThis startup scan>>>Totally unnecessary. Turn this off.
Microsoft Office>>>unnecessary, can very easily be run manually
WinZip Quick Pick>>>Added with WinZip version 8.1. Really unnecessary. You can right-click and close it - choosing to not re-load it at start-up
Ding.exe>>>process associated with DING! from Southwest Airlines. ding.exe is not a critical component
QuickBooks Update Agent>>>Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not
SmartUI.exe>>>This is a component of Scansoft's PaperPort. PaperPort allows you to share paper, PDF, and digital documents over a network. Users choice whether to run all the time or not.
Once you get those programs installed and disable the autostarts then I would set a new Restore Point by right clicking My Computer, choose Properties. Then click on the System Restore Tab and place a checkmark in Turn Off System Restore. Click OK. Your System Restore will shut down. Then go back in and remove the checkmark to turn it back on. You will then have a new, clean restore point.
Judy

[bingo]

Hi Judy,

Thanks for the great help! It's great to hear my computer is clean!

But my computer is still facing lots of "frozen" time when CPU is occupied by services.exe over 99%. It happened at the Window start time (I have to wait a while to allow to type in user name and password), select file to attached to email, save file to a location using the window explorer, start IE,... Could you give me some suggestions?

I appreciate!

Bingo

[jholland1964]

Take a look at this link from ~TL How to configure Windows Services in XP
It sounds to me as if you have some things running in services which are not required.