[Vickie G]

I have so many more 'things' listed under PROCESSES in my Task Manager than I did , can someone tell me which ones may be junk picked up from the internet. If so , how to get rid of them?
I have Windows XP . I am thinking there is to much 'junk' running in the background I do not need.
the more I learn about computers the stupider I feel...please be simple.

this is what is running right now:
IEXPLORE.EXE Vickie
Msworks.exe Vickie
Srng.exe Vickie
Taskmgr.exe Vickie
Ipmon32.exe Vickie
IPClient.exe Vickie
Jusched.exe Vickie
Netmeter.exe Vickie
Srng.exe Vickie
ccApp.exe Vickie
WkUFind.exe Vickie
SOUNDMAN.EXE Vickie
Pctspk.exe SYSTEM
NAVAPSVC.EXE SYSTEM
CCPXYSVC.EXE SYSTEM
NISUM.EXE SYSTEM
CCEVTMGR.EXE SYSTEM
Spoolsv.exe SYSTEM
Explorer.exe Vickie
Svchost.exe SYSTEM
Svchost.exe SYSTEM
Lsass.exe SYSTEM
Services.exe SYSTEM
Winlogon.exe SYSTEM
Csrss.exe SYSTEM
Smss.exe SYSTEM
GWREMIND.EXE Vickie
Msmsgs.exe Vickie
WkCalRem.exe Vickie
System SYSTEM
System Idle Process SYSTEM

 

[cybertech]

You have at least one malware product listed there. Please download Hijackthis.
Create a folder on your hard drive and save it there.
Unzip the file and extract it to the folder you have created.
Scan your machine, then click on Save Log.

Post a copy back here and someone will be happy to review it.

Don't make any changes until instructed to do so.

 

[Miz]

You can also go to Answers That Work and look up each item on the list to identify the ones you don't need to have running.

 

[Firah]

Thanks, Miz! I was actually hunting for that site!

 

[Vickie G]

C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Srng\Srng.exe
C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\BellSouth\Connection Tool\IPMon32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Srng\Srng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\!Spykiller\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bellsouth.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bellsouth® Internet Service
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {54EFC990-37C5-4942-814D-8ED1E91CD895} - C:\WINDOWS\System32\iprsop.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [eac_wren] C:\DOCUME~1\Vickie\LOCALS~1\Temp\EACDownload\oodlz game.exe -k
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\BellSouth\Connection Tool\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\BellSouth\Connection Tool\IPMon32.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [c18e736c1d57e395c20368a7eb9ecaa0] C:\Documents and Settings\Vickie\Desktop\Vickie's Folder\Kazaa download.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Ebates (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net
O16 - DPF: {84431AB8-1869-11D4-885A-00104B215F34} (Linkzilla Control) - http://stats.adrevservice.com/linkzilla/Lzilla.ocx
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...tmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/test/ACNePlayer.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C24073C-0010-41EB-BA93-1C6E990DBA15}: NameServer = 205.152.37.23 205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C24073C-0010-41EB-BA93-1C6E990DBA15}: NameServer = 205.152.37.23 205.152.132.23

 

[cybertech]

Download Spybot http://www.sherrylynn.us/privacypolicy.htm

Make sure to follow the instructions for updates prior to running the scan.

Click on "Search For updates" After the search has completed, the available Updates will be listed. Choose which Updates you would like to Download. Click "Download updates." The Updates will self install. The screen will change and the program will come back and be ready to use.

Sometimes the default Download Location will produce an Error. If that happens, look in the right panel. There you will find a small arrow next to the name of the current Download site. Click on it for a list of alternate sites. One of those should be able to retrieve the files you have selected.

Scan, click on fix problems then reboot.

Next:

Download AdAware http://www.lavasoftusa.com/support/download/

Before you scan with AdAware, check for updates of the reference file by clicking

on "Check for updates now", connect.

Click on Start, Use custom scanning options, Customize.

Make sure the following settings are made and on -------"ON=GREEN"

"Scan within archives"
"Scan active processes"
"Scan registry"
"Deep scan registry"
"Scan my IE Favorites for banned URL"
"Scan my host-file"

Click on Tweak,
Select scanning engine and click on "Unload recognized processes during scanning"
Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

Then click "proceed" to save your settings.

Click on Next

Run the scan and fix everything.

 

[cybertech]

Click on the link below to get lsp-fix.
Run that to fix your internet connection.

http://www.cexx.org/lspfix.htm

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of nmtracer.dll (and nothing else) , and move them to the "Remove" pane.
Then click Finish.

Now start your computer in Safe Mode and delete:

The C:\windows\system\nmtracer.dll --> file

Restart in safe mode Click here to see how

Reboot and post another HJT log.

 

[rude]

Another good site is here:http://www.blackviper.com/WinXP/service411.htm