[fagag]

Hi
i have windows vista ultimate 32bit
intel core 2 dual e4600 2.4 ghz
2 gb ram
I noticed that both of my cores are running high
one is working on average 80%
the second on 40%
befor that both of them were working around 0-5%
i have scanned my pc with spybot and AVG
and found some infections
cleaned them but the problem still occures
i also noticed that my show hidden files and folders options was disappeared
i fix that already with the regedit but my pc is working hard while no other programs are working
please help me to get rid of this infection
thanks
fagag
jerbyt@gmail.com

[TechOutsider]

Can you remember the infections? A logfile from the scans would be useful.

1) Use an online virus scanner. Some good ones:
a) http://www.kaspersky.com/virusscanner
b) http://www.eset.com/onlinescan/
2) Run>"Msconfig">List me the things under "Services" and "Startup"
3) Clear out your "StartUp" folder. It should be in the All Programs menu.
4) Download and execute HiJack This:

http://www.download.com/Trend-Micro-...-10227353.html

And post the logfile here.
5) Turn off unneeded visual effects, such as Aero and transparency. Right click on Desktop>Customize>Turn off transparency.
6) Download Revo Uninstaller and completely uninstall unneeded programs. Choose the "Advanced" mode and be sure to delete all traces.

http://www.download.com/Revo-Uninstaller/3000-2096_4-10687648.html
7) Best of all: Uninstaller Vista and get XP!

[fagag]

Hi and thank u for taking the time to help

1. scanned with kaspersky found 2 infections
both are not virus i deleted them both

a) C:\Users\007\AppData\Local\Temp\NERO14399\Toolbar.exe
b) D:\Program install files\Nero.8.Ultra.Edition.v.8.0.3.0.Multilanguage.-ZWTiSO.(osloskop.net).iso

Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm

2. services there are many...)

Application Experience,Processes application compatibility cache requests for applications as they are launched,Started,Automatic,Local System
Application Information,Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.,,Manual,Local System
Application Layer Gateway Service,Provides support for 3rd party protocol plug-ins for Internet Connection Sharing,,Manual,Local Service
Application Management,Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local System
Ati External Event Utility,,Started,Automatic,Local System
Audio Service,Manages audio jack configurations.,,Automatic,Local System
AVG8 WatchDog,,Started,Automatic,Local System
Background Intelligent Transfer Service,Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.,Started,Automatic (Delayed Start),Local System
Base Filtering Engine,The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.,Started,Automatic,Local Service
Basics Service,Basics service for hardware interaction,Started,Automatic,Local System
Block Level Backup Engine Service,Engine to perform block level backup and recovery of data,,Manual,Local System
Certificate Propagation,Propagates certificates from smart cards.,,Manual,Local System
CNG Key Isolation,The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.,,Manual,Local System
COM+ Event System,Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local Service
COM+ System Application,Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local System
Computer Browser,Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local System
Cryptographic Services,Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Network Service
DCOM Server Process Launcher,Provides launch functionality for DCOM services.,Started,Automatic,Local System
Desktop Window Manager Session Manager,Provides Desktop Window Manager startup and maintenance services,Started,Automatic,Local System
DFS Replication,Enables you to synchronize folders on multiple servers across local or wide area network (WAN) network connections. This service uses the Remote Differential Compression (RDC) protocol to update only the portions of files that have changed since the last replication.,,Manual,Local System
DHCP Client,Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local Service
Diagnostic Policy Service,The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local Service
Diagnostic Service Host,The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local Service
Diagnostic System Host,The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Manual,Local System
Distributed Link Tracking Client,Maintains links between NTFS files within a computer or across computers in a network.,Started,Automatic,Local System
Distributed Transaction Coordinator,Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. ,,Manual,Network Service
DNS Client,The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Network Service
Extensible Authentication Protocol,The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.,,Manual,Local System
Fax,Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.,Started,Automatic,Network Service
Function Discovery Provider Host,Host process for Function Discovery providers.,Started,Manual,Local Service
Function Discovery Resource Publication,Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.,Started,Automatic,Local Service
Group Policy Client,The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.,Started,Automatic,Local System
Health Key and Certificate Management,Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service,,Manual,Local System
HP CUE DeviceDiscovery Service,This service detects and monitors CUE devices on the system.,Started,Automatic,Local System
hpqcxs08,,Started,Manual,Local System
Human Interface Device Access,Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local System
IKE and AuthIP IPsec Keying Modules,The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.,Started,Automatic,Local System
Interactive Services Detection,Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there may no longer be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.,,Manual,Local System
Internet Connection Sharing (ICS),Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.,,Disabled,Local System
IP Helper,Provides automatic IPv6 connectivity over an IPv4 network. If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network.,Started,Automatic,Local System
IPsec Policy Agent,Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.,Started,Automatic,Network Service
KtmRm for Distributed Transaction Coordinator,Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM).,Started,Automatic (Delayed Start),Network Service
Link-Layer Topology Discovery Mapper,Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.,,Manual,Local Service
Logitech Bluetooth Service,,,Manual,Local System
Messenger Sharing Folders USN Journal Reader service,Service installed by Messenger to enable sharing scenarios,Started,Manual,Local System
Microsoft .NET Framework NGEN v2.0.50727_X86,Microsoft .NET Framework NGEN,,Manual,Local System
Microsoft iSCSI Initiator Service,Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local System
Microsoft Software Shadow Copy Provider,Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Manual,Local System
Multimedia Class Scheduler,Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority.,Started,Automatic,Local System
Net Driver HPZ12,,Started,Automatic,Local Service
Net.Tcp Port Sharing Service,Provides ability to share TCP ports over the net.tcp protocol.,,Disabled,Local Service
Netlogon,Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local System
Network Access Protection Agent,Enables Network Access Protection (NAP) functionality on client computers,,Manual,Network Service
Network Connections,Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.,Started,Manual,Local System
Network List Service,Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.,Started,Automatic,Local Service
Network Location Awareness,Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Network Service
Network Store Interface Service,This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.,Started,Automatic,Local Service
NMIndexingService,,,Manual,Local System
Office Source Engine,Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.,,Manual,Local System
Offline Files,The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.,Started,Automatic,Local System
Parental Controls,This service enables Windows Parental Controls on the system. If this service is not running, Parental controls will not work.,,Manual,Local Service
Peer Name Resolution Protocol,Enables Serverless Peer Name Resolution over the Internet. If disabled, some Peer to Peer and Collaborative applications, such as Windows Meetings, may not function,,Manual,Local Service
Peer Networking Grouping,Provides Peer Networking Grouping services,,Manual,Local Service
Peer Networking Identity Manager,Provides Identity service for Peer Networking,,Manual,Local Service
Performance Logs & Alerts,Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local Service
Plug and Play,Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.,Started,Automatic,Local System
Pml Driver HPZ12,,Started,Automatic,Local Service
PnP-X IP Bus Enumerator,The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning.,,Manual,Local System
PNRP Machine Name Publication Service,This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' ,,Manual,Local Service
Portable Device Enumerator Service,Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.,Started,Automatic,Local System
Print Spooler,Loads files to memory for later printing,Started,Automatic,Local System
Problem Reports and Solutions Control Panel Support,This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.,,Manual,Local System
Program Compatibility Assistant Service,Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start.,Started,Automatic,Local System
Protected Storage,Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users.,,Manual,Local System
Quality Windows Audio Video Experience,Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.,,Manual,Local Service
ReadyBoost,Provides support for improving system performance using ReadyBoost.,Started,Automatic,Local System
Remote Access Auto Connection Manager,Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.,,Manual,Local System
Remote Access Connection Manager,Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Manual,Local System
Remote Procedure Call (RPC),Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly.,Started,Automatic,Network Service
Remote Procedure Call (RPC) Locator,Manages the RPC name service database.,,Manual,Network Service
Remote Registry,Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local Service
Routing and Remote Access,Offers routing services to businesses in local area and wide area network environments.,,Disabled,Local System
SBSD Security Center Service,,Started,Automatic,Local System
Secondary Logon,Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local System
Secure Socket Tunneling Protocol Service,Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.,Started,Manual,Local Service
Security Accounts Manager,The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.,Started,Automatic,Local System
Security Center,Monitors system security settings and configurations.,Started,Automatic,Local Service
Server,Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local System
ServiceLayer,,Started,Manual,Local System
Shell Hardware Detection,Provides notifications for AutoPlay hardware events.,Started,Automatic,Local System
SL UI Notification Service,Provides Software Licensing activation and notification,,Manual,Local Service
Smart Card,Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local Service
Smart Card Removal Policy,Allows the system to be configured to lock the user desktop upon smart card removal.,,Manual,Local System
SNMP Trap,Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local Service
Software Licensing,Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode.,Started,Automatic,Network Service
SSDP Discovery,Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Manual,Local Service
Superfetch,Maintains and improves system performance over time.,Started,Automatic,Local System
System Event Notification Service,Monitors system events and notifies subscribers to COM+ Event System of these events.,Started,Automatic,Local System
Tablet PC Input Service,Enables Tablet PC pen and ink functionality,Started,Automatic,Local System
Task Scheduler,Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local System
TCP/IP NetBIOS Helper,Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local Service
Telephony,Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.,Started,Manual,Network Service
Terminal Services,Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.,Started,Automatic,Network Service
Terminal Services Configuration,Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, TS themes, and TS certificates.,,Manual,Local System
Terminal Services UserMode Port Redirector,Allows the redirection of Printers/Drives/Ports for RDP connections,,Manual,Local System
Themes,Provides user experience theme management.,Started,Automatic,Local System
Thread Ordering Server,Provides ordered execution for a group of threads within a specific period of time.,,Manual,Local Service
TPM Base Services,Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM.,,Automatic (Delayed Start),Local Service
UPnP Device Host,Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Manual,Local Service
User Profile Service,This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.,Started,Automatic,Local System
Virtual Disk,Provides management services for disks, volumes, file systems, and storage arrays.,,Manual,Local System
Volume Shadow Copy,Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local System
WebClient,Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local Service
Windows Audio,Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start,Started,Automatic,Local Service
Windows Audio Endpoint Builder,Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start,Started,Automatic,Local System
Windows Backup,Provides Windows Backup and Restore capabilities.,,Manual,Local System

[fagag]

Windows CardSpace,Securely enables the creation, management, and disclosure of digital identities.,,Manual,Local System
Windows Color System,The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering.,,Manual,Local Service
Windows Connect Now - Config Registrar,Act as a Registrar, issues network credential to Enrollee. If this service is disabled, the Windows Connect Now - Config Registrar will not function properly.,,Manual,Local Service
Windows Defender,Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions.,Started,Automatic,Local System
Windows Driver Foundation - User-mode Driver Framework,Manages user-mode driver host processes,Started,Automatic,Local System
Windows Error Reporting Service,Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.,,Disabled,Local System
Windows Event Collector,This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.,,Manual,Network Service
Windows Event Log,This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.,Started,Automatic,Local Service
Windows Firewall,Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.,Started,Automatic,Local Service
Windows Image Acquisition (WIA),Provides image acquisition services for scanners and cameras,Started,Automatic,Local Service
Windows Installer,Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local System
Windows Management Instrumentation,Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local System
Windows Media Center Extender Service,Allows Windows Media Center Extender devices to locate and connect to the computer.,,Disabled,Local Service
Windows Media Center Receiver Service,Windows Media Center Service for TV and FM broadcast reception,,Manual,Network Service
Windows Media Center Scheduler Service,Starts and stops recording of TV programs within Windows Media Center,,Manual,Network Service
Windows Media Center Service Launcher,Starts Windows Media Center Scheduler and Windows Media Center Receiver services at startup if TV is enabled within Windows Media Center.,,Automatic (Delayed Start),Local Service
Windows Media Player Network Sharing Service,Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play,,Manual,Network Service
Windows Modules Installer,Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.,,Manual,Local System
Windows Presentation Foundation Font Cache 3.0.0.0,Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.,,Manual,Local Service
Windows Remote Management (WS-Management),Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.,,Manual,Network Service
Windows Search,Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search.,Started,Automatic,Local System
Windows Time,Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local Service
Windows Update,Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.,Started,Automatic (Delayed Start),Local System
WinHTTP Web Proxy Auto-Discovery Service,WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.,Started,Manual,Local Service
Wired AutoConfig,This service performs IEEE 802.1X authentication on Ethernet interfaces,,Manual,Local System
WLAN AutoConfig,This service enumerates WLAN adapters, manages WLAN connections and profiles.,,Manual,Local System
WMI Performance Adapter,Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.,,Manual,Local System
Workstation,Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local Service

Startup programs:
windows defender
hd audio control panel
realtek voice manager
java platform
logitech set point
avg internet security
mss & one touch app
nero AG
Nvidia driver helper
Nvidia compatible windows
Nvidia media center libary
motorola sm56 tray
microsoft windows ops side bar
microsoft windows ops
hp digital imaging
logitech setpoint
microsoft windows
3. cleaned
4.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:25, on 09/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\EMULE\emule.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program install files\Avant browser\avant.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program install files\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\EMULE\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program install files\SpyBot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
--
End of file - 7694 bytes
5. turned off
6.there are many programs that i dont know if i need them or not:
-AIO_scan
-atheros communication etharnet drive
-bufferchm
-cddrv_installer
-copy
-destinations
-devicemangaer mentqfolder
-dj-aio-software (there are 4 of this)
-docproc
-docprocqfolder
-esupportqfolder
-khalinstallerwrapper
-msxml.40
-scan
-neroxml
-sop p2ptv driver
-sopcast 2.0.4
-status
-toolbox
-trayapp
-unload support
-vcredistsetup
-webreg
7. cant uninstall vista i need it for work snd studies, what can i do these are the requirements.
thanks alot
jerby