Jump to content

Recommended Posts

Does anybody have any ideas? i'm on a 6Mbs Comcast connection. i was running at 2.5 but ran cable nut did a few tweeks and got it up to 3.9mbs i ran Hijack this but couldnt see anything wrong. did CCleaner virus adware spyware malware scans all clean. Comcast check my modem and its connected at 6.6mbs. Their sending out a teck but i want to make sure its not my comp befor he comes out.

here are my scores

:::.. Download Stats ..:::

Connection is:: 3911 Kbps about 3.9 Mbps (tested with 2992 kB)

Download Speed is:: 477 kB/s

Tested From:: https://testmy.net/ (server2)

Test Time:: Tue Jan 10 2006 21:25:52 GMT-0600 (Central Standard Time)

Bottom Line:: 70X faster than 56K 1MB download in 2.15 sec

Diagnosis: May need help : running at only 82.68 % of your hosts average (comcast.net)

Validation Link:: https://testmy.net/stats/id-BE6DZU8FM

Logfile of HijackThis v1.99.1

Scan saved at 9:31:13 PM, on 1/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:













C:Program FilesTOSHIBAConfigFreeCFSvcs.exe


C:Program Filesewido anti-malwareewidoctrl.exe

C:Program Filesewido anti-malwareewidoguard.exe


C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe




C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe



C:Program FilesTOSHIBAConfigFreeNDSTray.exe

C:Program FilesToshibaTvsTvsTray.exe

C:Program FilesTOSHIBAE-KEYCeEKey.exe




C:Program FilesTOSHIBATouchPadTPTray.exe



C:Program FilesMicrosoft IntelliPointpoint32.exe

C:Program FilesSoftSwiftEnhanced Windows BackupEWBackup.exe

C:Program FilesATI TechnologiesATI.ACEcli.exe

C:program filessoftwinbitdefender8bdnagent.exe

C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe



C:Program FilesSpybot - Search & DestroyTeaTimer.exe

C:Program FilesAIMaim.exe

C:Program FilesCommon FilesAheadlibNMBgMonitor.exe


C:Program FilesATI TechnologiesATI.ACEcli.exe

C:Program FilesATI TechnologiesATI.ACEcli.exe


C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe

c:program filessoftwinbitdefender8bdmcon.exe

C:Program FilesWinampwinamp.exe

C:Documents and Settingscrhis franzettiMy DocumentsHijack thisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.toshiba.com/search

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.toshibadirect.com/dpdstart

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstart

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll

O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:WINDOWSsystem32mlljk.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM..Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM..Run: [TFncKy] TFncKy.exe

O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe

O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"

O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe


O4 - HKLM..Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM..Run: [HWSetup] C:Program FilesTOSHIBATOSHIBA AppletHWSetup.exe hwSetUP

O4 - HKLM..Run: [sVPWUTIL] C:Program FilesToshibaWindows UtilitiesSVPWUTIL.exe SVPwUTIL

O4 - HKLM..Run: [Tvs] C:Program FilesToshibaTvsTvsTray.exe

O4 - HKLM..Run: [CeEKEY] C:Program FilesTOSHIBAE-KEYCeEKey.exe

O4 - HKLM..Run: [TPSMain] TPSMain.exe

O4 - HKLM..Run: [PadTouch] C:Program FilesTOSHIBATouch and LaunchPadExe.exe

O4 - HKLM..Run: [ZoomingHook] ZoomingHook.exe

O4 - HKLM..Run: [TPNF] C:Program FilesTOSHIBATouchPadTPTray.exe

O4 - HKLM..Run: [Pinger] c:toshibaivpismpinger.exe /run

O4 - HKLM..Run: [Notebook Maximizer] C:Program FilesNotebook Maximizermaximizer_startup.exe

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP

O4 - HKLM..Run: [intelliPoint] "C:Program FilesMicrosoft IntelliPointpoint32.exe"

O4 - HKLM..Run: [EWBACKUP] "C:Program FilesSoftSwiftEnhanced Windows BackupEWBackup.exe" /Q /START

O4 - HKLM..Run: [DeadAIM] rundll32.exe "C:PROGRA~1AIMDeadAIM.ocm",ExportedCheckODLs

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay

O4 - HKLM..Run: [bDMCon] "C:Program FilesSoftwinBitDefender8bdmcon.exe"

O4 - HKLM..Run: [bDNewsAgent] "c:program filessoftwinbitdefender8bdnagent.exe"

O4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl

O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"

O4 - Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab

O20 - Winlogon Notify: mlljk - mlljk.dll (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32ACS.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe" /service (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:WINDOWSsystem32DVDRAMSV.exe

O23 - Service: ewido security suite control - ewido networks - C:Program Filesewido anti-malwareewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:Program Filesewido anti-malwareewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: kavsvc - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus Personalkavsvc.exe

O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:WINDOWSmsoevc.exe (file missing)

O23 - Service: Swupdtmr - Unknown owner - c:TOSHIBAIVPswupdateswupdtmr.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe" /service (file missing)

Anybody have any other ideas on what i can do or see something i missed  please help 

thanks for help

I'm not totally thrilled about this: C:WINDOWSsystem32TCtrlIOHook.exe ...anybody got any ideas?

TheLandScapper ....first of all, what's a scapper?

Ok back to business, is your PC a Toshiba? 

Looks like you've got some good security in there...Bit Defender, AVG, Ewido, Spybot S&D....none of these find anything?

Have you tried CableNut?  Read our sticky: http://www.testmy.net/forum/index.php?topic=2097.0

didn't didnt even realize i put scaPPer  lol  ....  anyway  i do have a Toshiba M55 ..... when i look up TCtrlIOHook.exe

this is what it says

Name: tctrliohook.exe

Process Name: TOSHIBA Control Utility Hotkey Hook

Description: tctrliohook.exe TOSHIBA Control Utility Hotkey Hook


Part of: NA

Virus: No

Trojan: No

Spyware: No

Security Risk: 0

i think its the driver for my one touch dvd buttons or something like that on the Toshiba site thats what they said i could be wrong thou.

Nope none of my security programs find anything ,maybe once in while a tracking cookie  but thats about it  but alittle while ago i did download the Generic trojan downloader MUM virus i did get rid of it thou within 5 min or so but maybe i missed something from this virus or my scanners aren't picking up maybe a part of it that might be left? i did read somewhere online that it isn't the easiest virus to get rid of ?  whats every1 else think ? and i did try cable nut i used the 1500 cable setting from the downloads in the sticky. And to be completely honest with you i'm not quite sure what the numbers mean in the settings name can any1 tell me . i picked that setting cause it gave the the fastest and most consistent speed.(even thou today i'm running at around 2.9 to 3.5)

thanks again for all your guys help

Check out securityresponse.symantec.com if you know the virus name.  They have a lot that you can read up on about technicalities, removal, etc. 

Otherwise, if none of your security picks anything up, you can always try others.  If nothing works, and your system seems to be suffering, usually you can get away with isolating and replacing files (ie. dirty install of OS/software).  As a last resort, back up your stuff, format and reinstall.

I parsed your Hijackthis date and it didn't see anything in red.  Anywasy, I would download, Spybot Search and Destroy and run scan.  Also, download CCleaner and remove all temp files and do reg scan.  Further, when was the last time you defragged your system?  Are you behind a router?  When was the last time you updated your NIC driver? 


http://Bad - Remove almost always

OK Most of the time - don't need to touch

Probably not needed - Safe to remove

Generally harmless - third party applications

Bad if you don't know what it is

Unknown Item - Investigate further

You can reference this log by going to: http://hjt.iamnotageek.com/parse.php?log=158181Logfile of HijackThis v1.99.1

Up To Date Version of HijackThis

You are using the latest version of HijackThis. Check www.merijn.org frequently for updates.

Scan saved at 9:31:13 PM, on 1/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:



What is it?

Session Manager SubSystem - smss.exe

What does it do?

smss.exe - This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).

Additional Reading:

Smss.exe does not resolve forward references in environment

You will not be able to end this through task manager!

More info

Virus Precaution:

The smss.exe which is from Microsoft is located at c:windowsSystem32smss.exe . We've been able to find several viruses that run as smss to trick you.

Adware.Advision - Symantec Corporation

Adware.DreamAd - Symantec Corporation

Backdoor.IRC.Aladinz.O - Symantec Corporation

Backdoor.IRC.Flood.F - Symantec Corporation

W32.Dalbug.Worm - Symantec Corporation

W32.Resdoc - Symantec Corporation



What is it?

Windows Logon Process - Winlogon.exe

What does it do?

Direct Quote from here:

This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.

Search MS for more info: Link

Virus Precaution:

The original Winlogon.exe from Microsoft gets placed in the C:WINDOWSSystem32 directory. if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. We've been able to find only 1 report of a virus so far.

Troj/Madr-B @ Sophos

Netsky.D @ Trend Micro



services.exe is a part of Windows that manages the processes. Anytime a service starts or stops it is through services.exe. During system startup and shutdown is when this process sees most of its action. You should never end this process unless it is running outside of your windows system folder.



What is it?

Local Security Authentication Server - lsass.exe

What does it do?

lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

You will not be able to end this through task manager!

From MS

The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you.



What is it?

ATI External Event Utility EXE Module AKA ATI Hotkey Poller - ati2evxx.exe

What does it do?

ati2evxx.exe - This process provides optional features that the majority of us really couldn't care less about. The XT's overdrive feature uses this. If you have an XT you'll probably want to leave this on.

This is installed as a service so you'll need to do the following to disable:

Start --> Run --> services.msc

Find ATI Hotkey Poller and double click it.

Change the startup type to disabled

According to ATI this process is supposed to have 2 instances running. ( link )

The best explanation I've managed to find for this is: (Source)

We have to have the 2 instances to support multisession (fast user switch) support. A system service does not have access to change per user settings on a any session other than the default session. In fast user switch, multiple sessions get created. To be able to change the settings on non-default session we need to create a per user instance of the external event.

Many users have reported this process to slow their boot time down.

Virus Precaution:

The original ati2evxx.exe from ATI gets placed at C:WINDOWSSystem32ati2evxx.exe . If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. At this time I have not found ANY viruses that run themselves using this filename. All of the results currently affect this file in some way, but do not actually run as this filename.



What is it?

Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:


If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd

2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:


More Info

More Info

Virus Precaution:

The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.



What is it?

Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:


If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd

2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:


More Info

More Info

Virus Precaution:

The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.



What is it?

acs.exe is associated with the Atheros configuration service.

What does it do?

used for configuring wireless network connections.

More info:



What is it?

SPOOLer SerVice - spoolsv.exe

What does it do?

spoolsv.exe - The spooler service is responsible for managing spooled print/fax jobs

You will be able to end this through task manager!

More info

Virus Precaution:

The spoolsv.exe which is from Microsoft is located at c:windowsSystem32spoolsv.exe . We've been able to find several viruses that run as spoolsv to trick you.

Backdoor.Ciadoor.B - Symantec Corporation

Hacktool.Privshell - Symantec Corporation

VBS.Masscal.Worm (vbs) - Symantec Corporation

Graybird-A @ Sophos



avgamsvr.exe is a part of AVG antivirus. More information can be found here.


AVG for workstations provide comprehensive antivirus protection for personal computers. The unique combination of detection methods (heueristic analysis, generic detection, scanning and integrity checking) ensures that your computer receives the maximum protection possible on multiple levels (Resident Shield, Email Scanner plug-ins, Personal Email Scanner, On-Demand and other tests, etc.). It is available as AVG Professional Single Edition for single workstation protection and AVG SoHo Edition (Small office - Home office) for home or small offices.



avgupsvc.exe is a part of AVG antivirus. More information can be found here.


AVG for workstations provide comprehensive antivirus protection for personal computers. The unique combination of detection methods (heueristic analysis, generic detection, scanning and integrity checking) ensures that your computer receives the maximum protection possible on multiple levels (Resident Shield, Email Scanner plug-ins, Personal Email Scanner, On-Demand and other tests, etc.). It is available as AVG Professional Single Edition for single workstation protection and AVG SoHo Edition (Small office - Home office) for home or small offices.



AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses

C:Program FilesTOSHIBAConfigFreeCFSvcs.exe


CFSvcs.exe - This is a process installed with Toshiba Notebooks it provides configuration options for these devices, this is non essential only terminate if causing problems.



DVDRAMSV.exe - is a program acompanied by the DVD-RAM Utility Helper Service from Matsushita Electric Industrial.

C:Program Filesewido anti-malwareewidoctrl.exe


Part of Ewido security suite which is an anti spyware product.

C:Program Filesewido anti-malwareewidoguard.exe


Part of Ewido security suite which is an anti spyware product.



swupdtmr.exe - This is installed on Toshiba systems this provides additional configuration options for devices, this is non essential only terminate if causing problems.

C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe


What is it?

xcommsvr.exe is part of an antivirus application called bit defender.

What does it do?

Bit defender helps protect the PC against virus infections

More info:

Read more at www.bitdefender.com



What is it?

ATI External Event Utility EXE Module AKA ATI Hotkey Poller - ati2evxx.exe

What does it do?

ati2evxx.exe - This process provides optional features that the majority of us really couldn't care less about. The XT's overdrive feature uses this. If you have an XT you'll probably want to leave this on.

This is installed as a service so you'll need to do the following to disable:

Start --> Run --> services.msc

Find ATI Hotkey Poller and double click it.

Change the startup type to disabled

According to ATI this process is supposed to have 2 instances running. ( link )

The best explanation I've managed to find for this is: (Source)

We have to have the 2 instances to support multisession (fast user switch) support. A system service does not have access to change per user settings on a any session other than the default session. In fast user switch, multiple sessions get created. To be able to change the settings on non-default session we need to create a per user instance of the external event.

Many users have reported this process to slow their boot time down.

Virus Precaution:

The original ati2evxx.exe from ATI gets placed at C:WINDOWSSystem32ati2evxx.exe . If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. At this time I have not found ANY viruses that run themselves using this filename. All of the results currently affect this file in some way, but do not actually run as this filename.



What is it?

Windows Explorer - explorer.exe

What does it do?

explorer.exe - Below is a direct quote from Microsoft found on THIS page:

This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.

I have found that stopping this process is needed sometimes to stop some other processes.

More Info

More Info

Virus Precaution:

The original file from Microsoft gets placed at C:WINDOWSSystem32explorer.exe . if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus.

Deloder-A @ Sophos

MyDoom.B @ Symantec


Unknown Item

Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe


TFncKy.exe - This program made by Toshiba makes keys(F1-F12) functionable.



tfswctrl.exe is HP's packet writing software. It is similiar in function to Adaptec's DIrectCD. Basically you can copy files in windows explorer to the CD drive and it will write them straight to the CD.  Windows XP has CD writing functions built in so programs like this are slowly going away.



agrsmmsg.exe is installed as a part of an IBM AMR modem driver. Since this is a software modem your connection probably won't work correctly without this process running.

C:Program FilesTOSHIBAConfigFreeNDSTray.exe


NDSTray.exe - This is a process from the Configfree traybar utility on Toshiba laptops, this allows you to be able to click between network devices by clicking an icon.

C:Program FilesToshibaTvsTvsTray.exe

Unknown Item

Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

C:Program FilesTOSHIBAE-KEYCeEKey.exe


CeEKey.exe - This is a program with the satelite E-Key software from Toshiba, this is non essential.



TPSMain.exe - This process is fro mToshiba laptops/desktops, this takes care of saving power when your system is not in use it saves power, this is non essential.



The process belongs to the software TOSHIBA Power Saver by TOSHIBA Corporation (www.toshiba.com). Description: TPSBattM.exe is located in the folder C:WindowsSystem32. Known file sizes on Windows XP are 45056 bytes (69% of all occurrence), 40960 bytes, 36864 bytes.

File TPSBattM.exe is a file without information about the maker of this file. The program has no visible window. The file is not a Windows core file. File TPSBattM.exe is located in the Windows folder, but it is not a Windows core file. Therefore the technical security rating is 6% dangerous, however also read the users reviews.

Important: Some malware can camouflage themselves as TPSBattM.exe, particularly if they are located in c:windows or c:windowssystem32 folder. Thus check the TPSBattM.exe process on your pc whether it is pest.



ZoomingHook.exe - This is assiciated with Toshiba zooming utility for Tablet PC.

C:Program FilesTOSHIBATouchPadTPTray.exe


TPTray.exe - This is a process from the traybar for Toshiba laptops, it provides easy access to the configurations on the touchpad.



pinger.exe - This brlongs to Toshiba it checks for software updates, this is non essential only terminate if causing problems.



AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates

C:Program FilesMicrosoft IntelliPointpoint32.exe


What is it?

Microsoft Intellimouse Monitor - point32.exe

What does point32.exe do?

This is the mouse settings tray icon. Some people report that you must have this running for the programmed extra button support. If you don't program those buttons for special tasks then you'll want to shut this process down.

Virus Precautions:

You'll want to keep an eye on this google search for any known viruses. The normal location of point32.exe is C:Program FilesMicrosoft HardwarePoint32.exe

At this time I did not find anything using this filename!

Also .

C:Program FilesSoftSwiftEnhanced Windows BackupEWBackup.exe

Unknown Item

Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

C:Program FilesATI TechnologiesATI.ACEcli.exe


What is it?

ATI Catalyst - cli.exe

What does cli.exe do?

cli.exe quote's are from the startup DB. There are 2 primary listings. One is called cli.exe systemtray and it is:

"System Tray access to ATI's CATALYST

To be honest that's a lot of unnecessary stuff running in the background that could potentially be slowing your connection by either using bandwidth or making data go through unneeded processes. Look for a little application called "Enditall" run it and use it to "kill" all non critical processes running on your computer, then try another speed test.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...