My Log - Please check it. Thankz

[nikz06]

I i enclose my log, I have to many processes running on my computer usually over 50, internet explorer is slow as **** takes years loading a page, firefox is fast as ever! Any help I get with this log is appreciated. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 21:09:53, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MediaPortal] "C:\Program Files\Team MediaPortal\MediaPortal\mediaportal.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Thanks for any help that I recieve

 

[Osiris]

Regular Spyware Maintenance

Perform this below:

Follow these instructions carefully

Download ALL 10 programs and update if needed.

Ad Aware SE Personal Free

Ad-aware Messenger Service Plugin

Ad-Aware VX2 Cleaner Plugin

Spybot Search and Destroy Free

Windows Defender 2 Beta

HijackThis

Ewido

CCleaner

Cleanup!

Follow these steps

Delete the prefetch folder C:\WINDOWS\Prefetch, this folder will come back on next reboot.

Go to Add/Remove programs and remove any offending programs such was weatherbug, search assistants, etc.

Delete all cookies and temporary internet files in the control panel, Internet Options.

Go to Start, run, type msconfig, go to startup, disable everything except your antivirus, Firewall, click apply, don¡¦t reboot yet.

Download Msconfig Cleanup below

Msconfig Cleanup

Run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit". Make sure your antivirus and firewall are not checked. If you delete your antivirus and firewall entries, you will need to reinstall them so be sure to check them.

Now run each Spy ware program 1 by 1. Running all 3 at the same time will slow most systems down.

When each program has finished scanning, remove everything.

Now go to the recycle bin and delete everything that is in it.

Then run CCleaner. Make sure you run the Cleaner section of Windows and Applications and then the Registry Cleaner. Make a backup if you wish while running the Registry cleaner when it asks you.

When finished with the scans, reboot, and go into Safe Mode and run these scans again, remove everything they find, and then reboot back into Windows in normal mode.

Then run HiJackthis!

Save the log, copy and paste the log on www.techist.com
Do not attach the log, copy and paste always. This will make things go much faster.

 

[talldude123]

Welcome to TF. I am going to analyze your HiJackThis log.

You don't seem to have an antivirus or antispyware installed. Check my signature for antivirus and antispyware download links.


Your log is clean, but i highly recommend installing both antivirus and antispyware.

 

[nikz06]

Welcome to TF. I am going to analyze your HiJackThis log.

You don't seem to have an antivirus or antispyware installed. Check my signature for antivirus and antispyware download links.


Your log is clean, but i highly recommend installing both antivirus and antispyware.

Thanks, Ive got antispyware installed, Ive got Spyware Doctor and Windows Defender. Im going to install AVG. What procceses do i Not need as when I press Ctrl+Alt+Delete, in my process list I have loads of them running.

 

[Osiris]

if you perform the list I gave you it will get rid of the processes

 

[talldude123]

Go into the task manager, and maximize it. Press "Print Screen" on the keyboard, and go to MS Paint and paste a screenshot.

Then, attach that screenshot to the thread.

 

[nikz06]

 

[Jam3s-Zer0]

A better way is to use HijackThis process manager as some malware/virus hide from windows task manager.
To do this open this misc tools section and click open process manager. Once open click the floppy disk icon and save as a txt file. Simply copy and paste it here after. Also i suggest you follow Warez steps.

 

[nikz06]

Thanks for the tip.

Process list saved on 22:26:39, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
504 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
1000 C:\WINDOWS\system32\csrss.exe 5.1.2600.2180 Microsoft Corporation
1028 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
1080 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
1092 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1236 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4115 ATI Technologies Inc.
1252 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1340 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1372 C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe 1.0.0.174 TuneUp Software GmbH
1448 C:\Program Files\Windows Defender\MsMpEng.exe 1.1.1051.0 Microsoft Corporation
1532 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1576 C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe 0.20.0.3000
1772 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 9.0.1.12 Intel Corporation
1832 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 9.0.1.41 Intel Corporation
1900 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
196 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
640 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4115 ATI Technologies Inc.
708 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
900 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
1464 C:\Acer\Empowering Technology\admServ.exe 1.5.24.74 Avocent Inc.
1996 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
2024 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe 4.1.0.1915
368 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe 2.1.0.1815 Cyberlink
396 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe 2.1.0.1815 Cyberlink
496 C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe 4.2.3.912 Sunbelt Software
792 C:\WINDOWS\system32\oodag.exe 8.5.1788.0 O&O Software GmbH
832 C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe 4.2.3.912 Sunbelt Software
1188 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 9.0.1.10 Intel Corporation
332 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 1.1.0.808
1788 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
272 C:\acer\Empowering Technology\ePower\epm-dm.exe 0.2.6.6 Acer Inc
768 C:\Acer\Empowering Technology\admtray.exe 1.6.13.24 Avocent Inc.
1172 C:\Program Files\QuickTime\qttask.exe 7.0.4.80 Apple Computer, Inc.
1724 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 5.0.0.910 Cyberlink Corp.
1764 C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe 4.2.3.912 Sunbelt Software
1940 C:\Program Files\MSN Messenger\msnmsgr.exe 8.0.787.0 Microsoft Corporation
2136 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
2424 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe 4.1.0.1928
2808 C:\WINDOWS\System32\alg.exe 5.1.2600.2180 Microsoft Corporation
2912 C:\WINDOWS\system32\wscntfy.exe 5.1.2600.2180 Microsoft Corporation
4008 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
2660 C:\WINDOWS\system32\wuauclt.exe 5.8.0.2469 Microsoft Corporation
4036 C:\Program Files\mIRC\mirc.exe 6.1.7.0 mIRC Co. Ltd.
2512 C:\Program Files\Mozilla Firefox\firefox.exe 1.8.20060.-14719 Mozilla Corporation
3572 C:\WINDOWS\system32\WISPTIS.EXE 1.0.2201.0 Microsoft Corporation
2536 C:\WINDOWS\system32\igfxsrvc.exe 3.0.0.4332 Intel Corporation
3672 C:\Program Files\ewido anti-spyware 4.0\guard.exe 4.0.0.172 Anti-Malware Development a.s.
3028 C:\Program Files\ewido anti-spyware 4.0\ewido.exe 4.0.0.172 Anti-Malware Development a.s.
3396 C:\Program Files\Windows Defender\MSASCui.exe 1.1.1051.0 Microsoft Corporation
4052 C:\HijackThis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


Currently running the steps Warez told.

 

[Osiris]

hurry up and post that and we will get that 52 down between 25 and 38