Sluggish PC. Please check my HJ log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Tarocchi

Thread Starter
Joined
Jan 30, 2007
Messages
3
Over the last week or so, my PC has been running sluggishly. I've removed most software that I don't use much but it hasn't really helped. AVG scans show nothing. Spybot S&D deletes stuff but mainly just cookies etc.

I've run Hijack This and will post my log.

Could someone please check it to see if there is anything dodgy in there?

Many thanks

Michael



Logfile of HijackThis v1.99.1
Scan saved at 23:11:48, on 30/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HyperSnap 6\HprSnap6.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HyperSnap 6.lnk = C:\Program Files\HyperSnap 6\HprSnap6.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166042386684
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE0BC19F-B5D2-46A4-9197-F6C38A5AD6B9}: NameServer = 62.31.144.39,195.188.53.175
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, Tarocchi :)

There is no sign of malware in that log. You are using two Firewall programs, as AVG also have a firewall. That could be part of the problem. Remove or disable Sunbelt Software Personal Firewall 4.

Lets take a deeper look:

Download ComboFix from Here or Here. to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

Tarocchi

Thread Starter
Joined
Jan 30, 2007
Messages
3
Thank you :)

My AVG that's running is anti-virus only, no firewall with it. It's AVG 7.5 Email Server Edition.

Anyway, I've run both ComboFix and Hijack This. The logs are below. :)

"Administrator" - Wed 31/01/2007 0:05:32 Service Pack 4
ComboFix 07.01.30 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-31 to 2007-01-31 ))))))))))))))))))))))))))))))))))


2007-01-30 23:01 <DIR> d-------- C:\temp
2007-01-30 22:58 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-30 18:40 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-01-30 18:36 <DIR> d-------- C:\Program Files\HyperSnap 6
2007-01-28 16:38 <DIR> d-------- C:\Program Files\iTunes
2007-01-28 16:38 <DIR> d-------- C:\Program Files\iPod
2007-01-28 12:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\dwhelper
2007-01-27 19:39 <DIR> d-------- C:\My Music
2007-01-27 19:27 <DIR> d-------- C:\Program Files\Real
2007-01-27 19:27 <DIR> d-------- C:\Program Files\Common Files\Real
2007-01-27 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-01-27 02:27 <DIR> d-------- C:\Program Files\PayPal
2007-01-27 02:01 17,920 --a------ C:\WINNT\system32\mdimon.dll
2007-01-27 01:50 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-01-27 01:50 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-01-27 01:48 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-27 01:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-23 05:02 <DIR> d-a------ C:\Program Files\ICQLite
2007-01-23 05:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\ICQLite
2007-01-23 04:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo!
2007-01-23 04:25 <DIR> d-------- C:\Program Files\Yahoo!
2007-01-22 21:05 <DIR> d-------- C:\Program Files\Tarot By Michael
2007-01-22 20:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Help
2007-01-22 20:10 <DIR> d-------- C:\Program Files\GCN
2007-01-21 02:17 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2007-01-21 02:17 57,344 --a------ C:\WINNT\uneng.exe
2007-01-21 02:17 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2007-01-21 02:17 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-01-21 02:17 167,936 --a------ C:\WINNT\system32\wmerror.dll
2007-01-21 02:17 106,496 --a------ C:\WINNT\system32\wmpasf.dll
2007-01-21 02:17 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
2007-01-21 02:16 997,888 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-01-21 02:16 892,416 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-01-21 02:16 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-01-21 02:16 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll
2007-01-21 02:16 486,536 --a------ C:\WINNT\system32\wmspdmod.dll
2007-01-21 02:16 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-01-21 02:16 316,040 --a------ C:\WINNT\system32\mp43dmod.dll
2007-01-21 02:16 241,664 --a------ C:\WINNT\system32\qasf.dll
2007-01-21 02:16 143,360 --a------ C:\WINNT\system32\wmidx.dll
2007-01-21 02:16 1,111,040 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-01-21 02:03 7,680 --a------ C:\WINNT\system32\asferror.dll
2007-01-21 02:03 678,912 --a------ C:\WINNT\system32\drmv2clt.dll
2007-01-21 02:03 66,048 --a------ C:\WINNT\system32\wmerrenu.dll
2007-01-21 02:03 253,952 --a------ C:\WINNT\system32\msnetobj.dll
2007-01-21 02:03 232,960 --a------ C:\WINNT\system32\blackbox.dll
2007-01-21 02:03 20,480 --a------ C:\WINNT\system32\wmpui.dll
2007-01-21 02:03 20,480 --a------ C:\WINNT\system32\wmpcore.dll
2007-01-21 02:03 20,480 --a------ C:\WINNT\system32\wmpcd.dll
2007-01-21 01:08 3,968 --a------ C:\WINNT\system32\drivers\avgclean.sys
2007-01-21 01:07 499,712 --a------ C:\WINNT\system32\msvcp71.dll
2007-01-21 01:07 348,160 --a------ C:\WINNT\system32\msvcr71.dll
2007-01-20 18:52 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\AVG7
2007-01-20 18:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\AVG7
2007-01-20 18:51 839,936 --a------ C:\WINNT\system32\drivers\avg7core.sys
2007-01-20 18:51 4,224 --a------ C:\WINNT\system32\drivers\avg7rsw.sys
2007-01-20 18:51 27,776 --a------ C:\WINNT\system32\drivers\avg7rsxp.sys
2007-01-20 18:51 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-01-20 18:51 23,424 --a------ C:\WINNT\system32\drivers\avgmfrs.sys
2007-01-20 18:51 <DIR> d-a------ C:\Program Files\Grisoft
2007-01-20 18:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-20 18:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-14 06:36 <DIR> d-------- C:\Program Files\ConTEXT
2007-01-14 05:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Apple Computer
2007-01-13 22:27 <DIR> d-------- C:\Program Files\Kaleidoscope
2007-01-12 18:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
2007-01-12 06:13 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2007-01-06 20:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\GlobalSCAPE
2007-01-06 20:45 <DIR> d-------- C:\Program Files\GlobalSCAPE
2007-01-06 20:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-06 20:33 <DIR> d-------- C:\WINNT\Downloaded Installations
2007-01-06 20:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Leadertech
2007-01-06 20:32 <DIR> d-------- C:\Program Files\Executive Software
2007-01-06 20:30 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-06 20:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-30 22:43 -------- d-------- C:\Program Files\mozilla firefox
2007-01-30 21:15 -------- d-------- C:\Program Files\mozilla thunderbird
2007-01-28 16:36 -------- d-------- C:\Program Files\quicktime
2007-01-27 13:28 -------- d---s---- C:\DOCUME~1\ADMINI~1\Application Data\microsoft
2007-01-27 02:27 -------- d--h----- C:\Program Files\installshield installation information
2007-01-27 02:25 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-25 15:50 848 --ahs---- C:\WINNT\system32\kgygaavl.sys
2007-01-21 02:17 58000 --a------ C:\WINNT\system32\drivers\cdr4_2k.sys
2007-01-21 02:17 49152 --a------ C:\WINNT\system32\cdrtc.dll
2007-01-21 02:17 45056 --a------ C:\WINNT\system32\cdral.dll
2007-01-21 02:17 23420 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
2006-12-27 21:23 -------- d-------- C:\Program Files\adaptec
2006-12-22 18:37 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\thunderbird
2006-12-22 18:37 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\talkback
2006-12-22 18:37 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\mozilla
2006-12-22 18:11 61678 --a------ C:\DOCUME~1\ADMINI~1\Application Data\pfp120jpr.{pb
2006-12-22 18:11 12358 --a------ C:\DOCUME~1\ADMINI~1\Application Data\pfp120jcm.{pb
2006-12-22 18:11 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\corel
2006-12-22 18:04 -------- d-------- C:\Program Files\wordperfect office 12
2006-12-22 18:04 -------- d-------- C:\Program Files\Common Files\borland shared
2006-12-22 18:03 -------- d-------- C:\Program Files\Common Files\corel
2006-12-22 18:01 -------- d-------- C:\Program Files\wordperfect office 12 setup
2006-12-22 17:32 61678 --a------ C:\DOCUME~1\ADMINI~1\Application Data\pfp100jpr.{pb
2006-12-22 17:32 12358 --a------ C:\DOCUME~1\ADMINI~1\Application Data\pfp100jcm.{pb
2006-12-22 17:02 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\template
2006-12-22 14:14 -------- d-------- C:\Program Files\ahead
2006-12-22 14:13 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-21 17:34 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\adobe
2006-12-21 15:50 45672 --a------ C:\WINNT\uptime.exe
2006-12-21 15:32 -------- d-------- C:\Program Files\java
2006-12-20 15:50 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-15 17:32 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\macromedia
2006-12-15 12:46 -------- d-------- C:\Program Files\msn messenger
2006-12-15 12:46 -------- d-------- C:\Program Files\messenger
2006-12-15 12:19 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\sun
2006-12-15 12:17 -------- d-------- C:\Program Files\Common Files\java
2006-12-13 21:13 -------- d-------- C:\Program Files\winamp
2006-12-13 17:28 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\identities
2006-12-13 16:57 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-13 16:56 0 -rahs---- C:\MSDOS.SYS
2006-12-13 16:56 0 -rahs---- C:\IO.SYS
2006-12-13 16:56 0 ---h----- C:\CONFIG.SYS
2006-12-13 16:56 0 ---h----- C:\AUTOEXEC.BAT
2006-12-13 16:55 271 ---h----- C:\Program Files\desktop.ini
2006-12-13 16:55 21952 ---h----- C:\Program Files\folder.htt
2006-12-13 16:53 -------- d-ah----- C:\Program Files\windowsupdate
2006-12-13 16:53 -------- d-------- C:\Program Files\windows nt
2006-12-13 16:53 -------- d-------- C:\Program Files\accessories
2006-12-13 16:44 -------- d-a------ C:\Program Files\Common Files\odbc
2006-11-06 12:47 596480 --a------ C:\WINNT\system32\inetcomm.dll
2006-11-06 11:35 531568 --a------ C:\WINNT\system32\rmactivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINNT\system32\rmactivate.exe
2006-11-06 11:35 519280 --a------ C:\WINNT\system32\secproc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINNT\system32\secproc.dll
2006-11-06 11:35 358000 --a------ C:\WINNT\system32\rmactivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINNT\system32\rmactivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINNT\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINNT\system32\secproc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINNT\system32\secproc_ssp.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DiskeeperSystray"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN


Completion time: Wed 2007-01-31 0:07:32


And HJT

Logfile of HijackThis v1.99.1
Scan saved at 00:15:39, on 31/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HyperSnap 6\HprSnap6.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HyperSnap 6.lnk = C:\Program Files\HyperSnap 6\HprSnap6.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166042386684
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE0BC19F-B5D2-46A4-9197-F6C38A5AD6B9}: NameServer = 62.31.144.39,195.188.53.175
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

Thanks again for your time and help. :)
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, Tarocchi :)

There is no malware in those reports.

Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently. Hopefully going through these steps will solve the problems you are having with the pc being slow:

Disk Cleanup:

http://www.theeldergeek.com/disk_cleanup_utility.htm

Defrag your HD:

http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

Keep me posted.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top