HJT log from my friend

One of my friends said he has problems with 100% processor time taken... after reboot some process - mostly remoteagent, he says, takes 100% processor time and thus the comp slows down - and when my friend "kills" remoteagent, the processor time is taken by another process... I think he has just to wait till the processes end what they need to do, but one HJT log will not harm us - is there something worth deleting?

Do you know where the problem could be?

Logfile of HijackThis v1.97.7
Scan saved at 15:32:17, on 26.12.2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\Grisoft\AVG7\avgamsvr.exe
C:\Programy\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Programy\Grisoft\AVG7\avgcc.exe
C:\Programy\SpywareGuard\sgmain.exe
C:\Programy\SpywareGuard\sgbhp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Programy\ICQ\ICQ.exe
C:\Programy\GetRight\GETRIGHT.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Programy\MSI\PC Alert 4\PCAlert4.exe
C:\Documents and Settings\Aleš Drobný.PC1\Plocha\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programy\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programy\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ] C:\Programy\ICQ\ICQ.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Programy\SpywareGuard\sgmain.exe
O4 - Global Startup: AVG Control Center.lnk = C:\Programy\Grisoft\AVG7\avgcc.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE50CC1-871C-4E9D-AAB7-C644CB11D80A}: NameServer = 212.65.193.157 212.65.242.210

 

Me and my friend are concerned about this:

C:\WINDOWS\System32\inetsrv\inetinfo.exe

He says when he tries to "kill" it in Running processes, computer makes a "beep" sound, there appear processes named iisreset a iisrstats.exe, those processes then disappear and the process inetinfo reappears everytime... there is indeed some "guard" file, that controls if the process is running and when attempted to kill the process, the "guard" immediately puts it back...

 

From http://www.sysinfo.org/startuplist.php
inetinfo.exe: Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)

This one can be fixed anyway:
R3 - Default URLSearchHook is missing

Regards,

Pieter