HJT log from my friend

Discussion in 'adware, spyware & hijack cleaning' started by Zidane, Dec 26, 2003.

Thread Status:
Not open for further replies.
  1. Zidane

    Zidane Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    63
    Location:
    Czech Republic, Europe, World, Space
    One of my friends said he has problems with 100% processor time taken... after reboot some process - mostly remoteagent, he says, takes 100% processor time and thus the comp slows down - and when my friend "kills" remoteagent, the processor time is taken by another process... I think he has just to wait till the processes end what they need to do, but one HJT log will not harm us - is there something worth deleting? :)

    Do you know where the problem could be?

    Logfile of HijackThis v1.97.7
    Scan saved at 15:32:17, on 26.12.2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programy\Grisoft\AVG7\avgamsvr.exe
    C:\Programy\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Programy\Grisoft\AVG7\avgcc.exe
    C:\Programy\SpywareGuard\sgmain.exe
    C:\Programy\SpywareGuard\sgbhp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Programy\ICQ\ICQ.exe
    C:\Programy\GetRight\GETRIGHT.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\Programy\MSI\PC Alert 4\PCAlert4.exe
    C:\Documents and Settings\Aleš Drobný.PC1\Plocha\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
    R3 - Default URLSearchHook is missing
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programy\SpywareGuard\dlprotect.dll
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programy\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [ICQ] C:\Programy\ICQ\ICQ.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Programy\SpywareGuard\sgmain.exe
    O4 - Global Startup: AVG Control Center.lnk = C:\Programy\Grisoft\AVG7\avgcc.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE50CC1-871C-4E9D-AAB7-C644CB11D80A}: NameServer = 212.65.193.157 212.65.242.210
     
  2. Zidane

    Zidane Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    63
    Location:
    Czech Republic, Europe, World, Space
    Me and my friend are concerned about this:

    C:\WINDOWS\System32\inetsrv\inetinfo.exe

    He says when he tries to "kill" it in Running processes, computer makes a "beep" sound, there appear processes named iisreset a iisrstats.exe, those processes then disappear and the process inetinfo reappears everytime... there is indeed some "guard" file, that controls if the process is running and when attempted to kill the process, the "guard" immediately puts it back...
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    From http://www.sysinfo.org/startuplist.php
    inetinfo.exe: Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)

    This one can be fixed anyway:
    R3 - Default URLSearchHook is missing

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.