Please look @ log

Discussion in 'adware, spyware & hijack cleaning' started by JonD2, Jan 21, 2004.

Thread Status:
Not open for further replies.
  1. JonD2

    JonD2 Guest

    Can someone please take a look at my log. My PC is running so sloooow latley, especially when I am on line. Thanks a ton.

    Logfile of HijackThis v1.97.7
    Scan saved at 6:20:25 PM, on 1/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\System32\CTHELPER.EXE
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\WINNT\System32\gearsec.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\$ISR\0\ISRService.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\$ISR\$APP\ISRMonitor.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\America Online 9.0\aolwbspd.exe
    C:\WINNT\System32\svchost.exe
    C:\Documents and Settings\Owner\Desktop\Chip's Stuff\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [ISR_MONITOR] C:\$ISR\$APP\ISRMonitor.exe
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37999.6777893519
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AF566226-E715-4B94-9045-89809A3E392E}: NameServer = 152.163.244.134
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi JonD2,

    There is one item in your log that is unknown to me:
    O4 - HKLM\..\Run: [ISR_MONITOR] C:\$ISR\$APP\ISRMonitor.exe

    Do you know what it is for?

    Regards,

    Pieter
     
  3. JonD2

    JonD2 Guest

    Hi, Peiter. I think that entry is for FirstDefense-ISR. Its a Immediate System Restore program I recently installed. Do you think I sould fix that entry. Thanks for your response
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    No. I just didnt know what it was and I noticed it had two running processes:
    C:\$ISR\0\ISRService.exe
    C:\$ISR\$APP\ISRMonitor.exe

    Did you check in TaskManager if you saw a process taking up a lot of CPU time or memory?

    Regards,

    Pieter
     
  5. JonD2

    JonD2 Guest

    C:\$ISR\0\ISRService.exe is using 1,448k
    &
    C:\$ISR\$APP\ISRMonitor.exe is using 2,096k

    I am new at this and dont know if that is a lot or not.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Mmm. Not really.
    Any other ones that jump out?

    Regards,

    Pieter
     
  7. Jond2

    Jond2 Guest

    I am not really sure what I am looking at when it comes to the Task Manager. I see a lot of Image Names, but they mostly have a 0 under CPU. System Idle Process has a CPU of 97 and it is 20k. I am not sure if that means anything. Thanks for your responses.
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    With Idle processes so high, your computer should be roaring to go. So something else must be wrong.

    Can you remember making any significant changes just before this started?
    Have you tried Disk cleanup, registry cleaning defragmenting and the rest of the standard solutions?

    Regards,

    Pieter
     
  9. JonD2

    JonD2 Guest

    Peiter, the only thung I did was use FirstDefense-ISR to save a snapshot of my C drive. I have a 160 Gig hard drive and I am only using 22 Gigs.
     
  10. DaHen

    DaHen Registered Member

    Joined:
    Jun 17, 2003
    Posts:
    22
    Location:
    Massachusetts USA
    If I may add a comment here about FirstDefense-ISR.
    I just purchased and installed this program this week. I haven't seen any change in my machines speed either on or off line.
    FirstDefense seems to be getting along good with all the other programs here.
    :)
     
  11. JonD2

    JonD2 Guest

    HI, DaHen. It is weird after I install ISR my PC was acting slow. I checked to see if I need to do a defrag, but it told me I didnt need to, but I did it anyway and it took over a hour, were it usually only takes about 20 minutes. It was defraging on 47% for about 20 minutes alone. It seems to be working alright after the defrag. I just wonder why it told me it didnt need to be defraged.
     
  12. DaHen

    DaHen Registered Member

    Joined:
    Jun 17, 2003
    Posts:
    22
    Location:
    Massachusetts USA
    Glad to hear your machine if feeling better, lol. :D
    I use DisKeeper 8.0 here and just "Set it and Forget it". That way I don't have to do anything and it keeps everything running smooth.
    Had found that I would have to run a defrag even though WinXP didn't want to.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.