1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Sluggish PC. Please check my HJ log

Discussion in 'Virus & Other Malware Removal' started by Tarocchi, Jan 30, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Tarocchi

    Tarocchi Thread Starter

    Joined:
    Jan 30, 2007
    Messages:
    3
    Over the last week or so, my PC has been running sluggishly. I've removed most software that I don't use much but it hasn't really helped. AVG scans show nothing. Spybot S&D deletes stuff but mainly just cookies etc.

    I've run Hijack This and will post my log.

    Could someone please check it to see if there is anything dodgy in there?

    Many thanks

    Michael



    Logfile of HijackThis v1.99.1
    Scan saved at 23:11:48, on 30/01/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HyperSnap 6\HprSnap6.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HyperSnap 6.lnk = C:\Program Files\HyperSnap 6\HprSnap6.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166042386684
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE0BC19F-B5D2-46A4-9197-F6C38A5AD6B9}: NameServer = 62.31.144.39,195.188.53.175
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Tarocchi :)

    There is no sign of malware in that log. You are using two Firewall programs, as AVG also have a firewall. That could be part of the problem. Remove or disable Sunbelt Software Personal Firewall 4.

    Lets take a deeper look:

    Download ComboFix from Here or Here. to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  3. Tarocchi

    Tarocchi Thread Starter

    Joined:
    Jan 30, 2007
    Messages:
    3
    Thank you :)

    My AVG that's running is anti-virus only, no firewall with it. It's AVG 7.5 Email Server Edition.

    Anyway, I've run both ComboFix and Hijack This. The logs are below. :)

    "Administrator" - Wed 31/01/2007 0:05:32 Service Pack 4
    ComboFix 07.01.30 - Running from: "C:\Documents and Settings\Administrator\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-31 to 2007-01-31 ))))))))))))))))))))))))))))))))))


    2007-01-30 23:01 <DIR> d-------- C:\temp
    2007-01-30 22:58 <DIR> d-------- C:\Program Files\Hijackthis
    2007-01-30 18:40 <DIR> d-------- C:\Program Files\Sunbelt Software
    2007-01-30 18:36 <DIR> d-------- C:\Program Files\HyperSnap 6
    2007-01-28 16:38 <DIR> d-------- C:\Program Files\iTunes
    2007-01-28 16:38 <DIR> d-------- C:\Program Files\iPod
    2007-01-28 12:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\dwhelper
    2007-01-27 19:39 <DIR> d-------- C:\My Music
    2007-01-27 19:27 <DIR> d-------- C:\Program Files\Real
    2007-01-27 19:27 <DIR> d-------- C:\Program Files\Common Files\Real
    2007-01-27 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
    2007-01-27 02:27 <DIR> d-------- C:\Program Files\PayPal
    2007-01-27 02:01 17,920 --a------ C:\WINNT\system32\mdimon.dll
    2007-01-27 01:50 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
    2007-01-27 01:50 <DIR> d-------- C:\Program Files\Common Files\L&H
    2007-01-27 01:48 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-01-27 01:43 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-01-23 05:02 <DIR> d-a------ C:\Program Files\ICQLite
    2007-01-23 05:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\ICQLite
    2007-01-23 04:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo!
    2007-01-23 04:25 <DIR> d-------- C:\Program Files\Yahoo!
    2007-01-22 21:05 <DIR> d-------- C:\Program Files\Tarot By Michael
    2007-01-22 20:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Help
    2007-01-22 20:10 <DIR> d-------- C:\Program Files\GCN
    2007-01-21 02:17 98,304 --a------ C:\WINNT\system32\wmpshell.dll
    2007-01-21 02:17 57,344 --a------ C:\WINNT\uneng.exe
    2007-01-21 02:17 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
    2007-01-21 02:17 208,896 --a------ C:\WINNT\system32\wmpns.dll
    2007-01-21 02:17 167,936 --a------ C:\WINNT\system32\wmerror.dll
    2007-01-21 02:17 106,496 --a------ C:\WINNT\system32\wmpasf.dll
    2007-01-21 02:17 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
    2007-01-21 02:16 997,888 --a------ C:\WINNT\system32\wmvdmoe2.dll
    2007-01-21 02:16 892,416 --a------ C:\WINNT\system32\wmspdmoe.dll
    2007-01-21 02:16 82,432 --a------ C:\WINNT\system32\drmstor.dll
    2007-01-21 02:16 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll
    2007-01-21 02:16 486,536 --a------ C:\WINNT\system32\wmspdmod.dll
    2007-01-21 02:16 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
    2007-01-21 02:16 316,040 --a------ C:\WINNT\system32\mp43dmod.dll
    2007-01-21 02:16 241,664 --a------ C:\WINNT\system32\qasf.dll
    2007-01-21 02:16 143,360 --a------ C:\WINNT\system32\wmidx.dll
    2007-01-21 02:16 1,111,040 --a------ C:\WINNT\system32\wmsdmoe2.dll
    2007-01-21 02:03 7,680 --a------ C:\WINNT\system32\asferror.dll
    2007-01-21 02:03 678,912 --a------ C:\WINNT\system32\drmv2clt.dll
    2007-01-21 02:03 66,048 --a------ C:\WINNT\system32\wmerrenu.dll
    2007-01-21 02:03 253,952 --a------ C:\WINNT\system32\msnetobj.dll
    2007-01-21 02:03 232,960 --a------ C:\WINNT\system32\blackbox.dll
    2007-01-21 02:03 20,480 --a------ C:\WINNT\system32\wmpui.dll
    2007-01-21 02:03 20,480 --a------ C:\WINNT\system32\wmpcore.dll
    2007-01-21 02:03 20,480 --a------ C:\WINNT\system32\wmpcd.dll
    2007-01-21 01:08 3,968 --a------ C:\WINNT\system32\drivers\avgclean.sys
    2007-01-21 01:07 499,712 --a------ C:\WINNT\system32\msvcp71.dll
    2007-01-21 01:07 348,160 --a------ C:\WINNT\system32\msvcr71.dll
    2007-01-20 18:52 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\AVG7
    2007-01-20 18:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\AVG7
    2007-01-20 18:51 839,936 --a------ C:\WINNT\system32\drivers\avg7core.sys
    2007-01-20 18:51 4,224 --a------ C:\WINNT\system32\drivers\avg7rsw.sys
    2007-01-20 18:51 27,776 --a------ C:\WINNT\system32\drivers\avg7rsxp.sys
    2007-01-20 18:51 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
    2007-01-20 18:51 23,424 --a------ C:\WINNT\system32\drivers\avgmfrs.sys
    2007-01-20 18:51 <DIR> d-a------ C:\Program Files\Grisoft
    2007-01-20 18:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
    2007-01-20 18:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
    2007-01-14 06:36 <DIR> d-------- C:\Program Files\ConTEXT
    2007-01-14 05:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Apple Computer
    2007-01-13 22:27 <DIR> d-------- C:\Program Files\Kaleidoscope
    2007-01-12 18:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
    2007-01-12 06:13 <DIR> d-------- C:\Program Files\MessengerPlus! 3
    2007-01-06 20:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\GlobalSCAPE
    2007-01-06 20:45 <DIR> d-------- C:\Program Files\GlobalSCAPE
    2007-01-06 20:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2007-01-06 20:33 <DIR> d-------- C:\WINNT\Downloaded Installations
    2007-01-06 20:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Leadertech
    2007-01-06 20:32 <DIR> d-------- C:\Program Files\Executive Software
    2007-01-06 20:30 <DIR> d-------- C:\Program Files\Lavasoft
    2007-01-06 20:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-30 22:43 -------- d-------- C:\Program Files\mozilla firefox
    2007-01-30 21:15 -------- d-------- C:\Program Files\mozilla thunderbird
    2007-01-28 16:36 -------- d-------- C:\Program Files\quicktime
    2007-01-27 13:28 -------- d---s---- C:\DOCUME~1\ADMINI~1\Application Data\microsoft
    2007-01-27 02:27 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-27 02:25 -------- d-------- C:\Program Files\Common Files\installshield
    2007-01-25 15:50 848 --ahs---- C:\WINNT\system32\kgygaavl.sys
    2007-01-21 02:17 58000 --a------ C:\WINNT\system32\drivers\cdr4_2k.sys
    2007-01-21 02:17 49152 --a------ C:\WINNT\system32\cdrtc.dll
    2007-01-21 02:17 45056 --a------ C:\WINNT\system32\cdral.dll
    2007-01-21 02:17 23420 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
    2006-12-27 21:23 -------- d-------- C:\Program Files\adaptec
    2006-12-22 18:37 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\thunderbird
    2006-12-22 18:37 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\talkback
    2006-12-22 18:37 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\mozilla
    2006-12-22 18:11 61678 --a------ C:\DOCUME~1\ADMINI~1\Application Data\pfp120jpr.{pb
    2006-12-22 18:11 12358 --a------ C:\DOCUME~1\ADMINI~1\Application Data\pfp120jcm.{pb
    2006-12-22 18:11 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\corel
    2006-12-22 18:04 -------- d-------- C:\Program Files\wordperfect office 12
    2006-12-22 18:04 -------- d-------- C:\Program Files\Common Files\borland shared
    2006-12-22 18:03 -------- d-------- C:\Program Files\Common Files\corel
    2006-12-22 18:01 -------- d-------- C:\Program Files\wordperfect office 12 setup
    2006-12-22 17:32 61678 --a------ C:\DOCUME~1\ADMINI~1\Application Data\pfp100jpr.{pb
    2006-12-22 17:32 12358 --a------ C:\DOCUME~1\ADMINI~1\Application Data\pfp100jcm.{pb
    2006-12-22 17:02 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\template
    2006-12-22 14:14 -------- d-------- C:\Program Files\ahead
    2006-12-22 14:13 -------- d-------- C:\Program Files\Common Files\ahead
    2006-12-21 17:34 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\adobe
    2006-12-21 15:50 45672 --a------ C:\WINNT\uptime.exe
    2006-12-21 15:32 -------- d-------- C:\Program Files\java
    2006-12-20 15:50 -------- d-------- C:\Program Files\Common Files\adobe
    2006-12-15 17:32 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\macromedia
    2006-12-15 12:46 -------- d-------- C:\Program Files\msn messenger
    2006-12-15 12:46 -------- d-------- C:\Program Files\messenger
    2006-12-15 12:19 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\sun
    2006-12-15 12:17 -------- d-------- C:\Program Files\Common Files\java
    2006-12-13 21:13 -------- d-------- C:\Program Files\winamp
    2006-12-13 17:28 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\identities
    2006-12-13 16:57 -------- d-------- C:\Program Files\microsoft frontpage
    2006-12-13 16:56 0 -rahs---- C:\MSDOS.SYS
    2006-12-13 16:56 0 -rahs---- C:\IO.SYS
    2006-12-13 16:56 0 ---h----- C:\CONFIG.SYS
    2006-12-13 16:56 0 ---h----- C:\AUTOEXEC.BAT
    2006-12-13 16:55 271 ---h----- C:\Program Files\desktop.ini
    2006-12-13 16:55 21952 ---h----- C:\Program Files\folder.htt
    2006-12-13 16:53 -------- d-ah----- C:\Program Files\windowsupdate
    2006-12-13 16:53 -------- d-------- C:\Program Files\windows nt
    2006-12-13 16:53 -------- d-------- C:\Program Files\accessories
    2006-12-13 16:44 -------- d-a------ C:\Program Files\Common Files\odbc
    2006-11-06 12:47 596480 --a------ C:\WINNT\system32\inetcomm.dll
    2006-11-06 11:35 531568 --a------ C:\WINNT\system32\rmactivate_isv.exe
    2006-11-06 11:35 523376 --a------ C:\WINNT\system32\rmactivate.exe
    2006-11-06 11:35 519280 --a------ C:\WINNT\system32\secproc_isv.dll
    2006-11-06 11:35 518768 --a------ C:\WINNT\system32\secproc.dll
    2006-11-06 11:35 358000 --a------ C:\WINNT\system32\rmactivate_ssp.exe
    2006-11-06 11:35 354416 --a------ C:\WINNT\system32\rmactivate_ssp_isv.exe
    2006-11-06 11:35 323696 --a------ C:\WINNT\system32\msdrm.dll
    2006-11-06 11:35 192624 --a------ C:\WINNT\system32\secproc_ssp_isv.dll
    2006-11-06 11:35 192624 --a------ C:\WINNT\system32\secproc_ssp.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Synchronization Manager"="mobsync.exe /logon"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "DiskeeperSystray"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "internat.exe"="internat.exe"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    rpcss REG_MULTI_SZ RpcSs\0\0
    wugroup REG_MULTI_SZ wuauserv\0\0
    BITSgroup REG_MULTI_SZ BITS\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    WmdmPmSN


    Completion time: Wed 2007-01-31 0:07:32


    And HJT

    Logfile of HijackThis v1.99.1
    Scan saved at 00:15:39, on 31/01/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HyperSnap 6\HprSnap6.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HyperSnap 6.lnk = C:\Program Files\HyperSnap 6\HprSnap6.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166042386684
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE0BC19F-B5D2-46A4-9197-F6C38A5AD6B9}: NameServer = 62.31.144.39,195.188.53.175
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

    Thanks again for your time and help. :)
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Tarocchi :)

    There is no malware in those reports.

    Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently. Hopefully going through these steps will solve the problems you are having with the pc being slow:

    Disk Cleanup:

    http://www.theeldergeek.com/disk_cleanup_utility.htm

    Defrag your HD:

    http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm

    Run chkdsk:

    To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

    Keep me posted.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/539742

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice