Whats All This Stuff?

[goblinmatt12]

I just got a new computer and noticed there is a lot of things running. Im not great with computers so I though I should come here for help.

 

 

 

Heres what I get from ctr alt del

 

 

 

 

 

 

The only things I installed since I got it is counterstrike,HJT, guild wars, and AIM.

 

 

 

gah I cant figure out how to post the HJT log right. Just tell me useless things I can remove. Its a new computer so theres a lot of junk on it. Thanks

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 8:12:09 AM, on 7/24/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\WINDOWS\SOUNDMAN[Caution: Executable File]

 

C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]

 

C:\WINDOWS\system32\RUNDLL32[Caution: Executable File]

 

C:\WINDOWS\AGRSMMSG[Caution: Executable File]

 

C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: Executable File]

 

C:\Program Files\Acer\Acer eMode Management\AspireService[Caution: Executable File]

 

C:\Program Files\Acer\Acer eConsole\MediaSync[Caution: Executable File]

 

C:\Acer\Empowering Technology\eRecovery\Monitor[Caution: Executable File]

 

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: Executable File]

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File]

 

C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

C:\Program Files\Motorola Wireless\WU830G USB Adapter\OdHost[Caution: Executable File]

 

C:\Program Files\Motorola Wireless\WU830G USB Adapter\WLUSBCfg[Caution: Executable File]

 

C:\Program Files\AIM\aim[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\WINDOWS\system32\wuauclt[Caution: Executable File]

 

C:\WINDOWS\system32\mspaint[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\DOCUME~1\Matt\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

O4 - HKLM\..\Run: [LaunchApp] Alaunch

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: Executable File]

 

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: Executable File]"

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]"

 

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt[Caution: Executable File]

 

O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz[Caution: Executable File]" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

 

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32

 

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst[Caution: Executable File] /SYNC

 

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC

 

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName

 

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI[Caution: Executable File]

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: Executable File]

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: Executable File]

 

O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService[Caution: Executable File]

 

O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync[Caution: Executable File]

 

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor[Caution: Executable File]

 

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: Executable File]

 

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig[Caution: Executable File] /auto

 

O4 - Global Startup: Motorola Wireless USB Adapter.lnk = ?

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File]

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: Executable File]

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File]

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: Executable File]

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: Executable File]

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File]

 

 

 

[xevanx]

wmiprvse[Caution: Executable File] = Part of Windows Operating system, hogs memory you can get rid of it. it is just a piece of useless security i believe.

 

 

 

smss[Caution: Executable File] = soemthing that you may want to keep as it is highly needed for the security of your computer. but scan the file for a virus/trojan because it could be either good or bad.

 

winlogin[Caution: Executable File] = the login script for windows.

 

 

 

Most of it is junk. and it would probably be a waste of my time to do this.

 

 

 

did you buy this computer second hand? because if you did soem could be spyware. and trojans. if not i would still advise using Adaware and spybot S&D. then run NAV or AVG(specifically in system32).

 

 

 

i would advise that if you use AVG you quarantine the *possible* viruses/trojans, and take it to a locally trusted computer workshop for some proffessional help.

 

 

 

Because i have never seen these many resources being used before. even on a new mchine.

 

 

 

is your machine being laggy? slow? sluggish? is it running to the capacity of which you epected it? whats your system spec?

 

 

 

just surious.

[Kwisatz]

Ignore the above poster. I took the liberty of actually helping by pasting your HijackThis logfile into the HijackThis logfile analyzer. You have nothing out of the ordinary. There are a few non-essential system processes in there, but I wouldn't terminate them because sometimes terminating "non-essential" processes causes the system to restart anyway, and it only frees up maybe 10MB of memory. The Acer stuff could go, but once again it's negligible.

 

 

 

To my knowledge there is nothing wrong with your system. It's good that you seem so vigilant, but I wouldn't post here unless anything is actually happening or you have any symptoms or premonitions of something wrong. However, please ensure that you are running a virus scanner and firewall at all times, and periodically run Spybot S&D or a similar program and HijackThis (using the above log analyzer) just to be sure nothing is wrong. I would also recommend keeping Internet Explorer installed but also downloading an alternatie browser such as Firefox or Opera for general use, and using IE for things that absolutely require it (uninstalling IE can royally screw your system).

 

 

 

Just my two cents.

[blade995]

wmiprvse.e3e (CAUTION - executable file) should not be terminated! Do not delete it.

 

 

 

Because i have never seen these many resources being used before. even on a new mchine.

 

I have, since it's a prebuilt it comes with a lot of "extras" or crap most people call it. He has Nortan installed which takes up about 5 processes by itself. I currently have 50 processes going when I start it up so 40 is not a lot.

 

 

 

Go into add/remove programs and uninstall anything you don't need (trial software ect.). Don'y worry if you need it later you can always get it back on the recovery cd.

[goblinmatt12]

Dont think I got a recovery CD :(

 

 

 

Its a brand new computer so nothing is a virus or trojan.

 

 

 

I just need to know whats junk and whats not. I'll take a look at that HJT analyze thing.

 

 

 

Thanks guys!

[Kwisatz]

Dont think I got a recovery CD :(

 

 

 

Its a brand new computer so nothing is a virus or trojan.

 

 

 

I just need to know whats junk and whats not. I'll take a look at that HJT analyze thing.

 

 

 

Thanks guys!

 

 

 

Dude, there's nothing wrong with your computer. Everything is a normal process.

[Cruiser]

40 running processes on a brand new computer actually isn't bad at all. Most Dell and HP boxes come loaded with so much crap that you easily pass 50+ before you start removing things.

 

 

 

The list in the screenshot looks normal, along with the HJT log.

 

 

 

Be happy you only have 40 processes running with a brand new computer. :mrgreen:

[goblinmatt12]

I know nothing is wrong with it I just think that it'd run a lot better with some of this stuff gone. I put in an anti virus and firewall but my cpu usage is at 100% :(

[blade995]

I know nothing is wrong with it I just think that it'd run a lot better with some of this stuff gone. I put in an anti virus and firewall but my cpu usage is at 100% :(

 

 

 

Is it always at 100% ? I had a problem like that on my family computer, it turns out it was my virus scan (Mcafee) causing the problem. I saw in your log your running Nortan:?