PC Slow down

[bobo123]

Hello,
my computer has slowed down during last weeks. I tried to scan it with HijackThis, log included. I'm new, please anybody knows, what to delete from the list ?
Thanks a lot.
bobo

Logfile of HijackThis v1.97.7
Scan saved at 10:24:44, on 2.10.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\temp\msbb.exe
C:\WINDOWS\nmf.exe
C:\windows\System32\wuamgrd.exe
C:\windows\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Windows comander\WINCMD32.EXE
C:\windows\System32\wuauclt.exe
c:\HijackThis.exe
\?\C:\windows\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://hledani.tiscali.cz/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.tiscali.cz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.tiscali.cz

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\windows\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {66AC305F-E436-29C3-8757-63550DA27C69} - C:\windows\System32\ddhhhlxr.dll (file missing)
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\windows\System32\nvms.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\windows\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\windows\System32\apuc.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\windows\System32\msbe.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\windows\avserve2.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [Windows Update] C:\windows\System32\cnofimgb.exe
O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\Run: [Reg Service] REGSRV32.EXE
O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
O4 - HKLM\..\Run: [WIN32] C:\windows\arsetup.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [nmf] C:\WINDOWS\nmf.exe
O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe
O4 - HKLM\..\Run: [Windows secure] setver32.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\RunServices: [Reg Service] REGSRV32.EXE
O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunServices: [Windows secure] setver32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccess
O4 - HKCU\..\Run: [mslagent] C:\windows\mslagent\mslagent.exe
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Windows secure] setver32.exe
O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.cz

 

[vop]

You need to run a couple of freeware antispyware tools. Run Spybot and then AdAware. An online AV scan second opinion might also be useful (disable your running AV) - Housecall or Panda.

See the following for some background on what is likely to turn up:
Increasing importance of realtime spyware scanners
thread760-850982


An EXE running from a TEMP file is generally up to no good. Clean out your TEMP and Temporary Internet folders:

C:\temp\msbb.exe


Run HJT preferably in SAFE MODE. Check the following item and select 'Fix Checked':

O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe

O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\windows\System32\nvms.dll

O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\windows\System32\mscb.dll

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\windows\System32\apuc.dll

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\windows\System32\msbe.dll

Find (with include hidden files on) each related DLL file and delete it.

Tell us how things have improved and post a revised HJT log.


Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

[amen1973]

It seems like you have Agobot aka Gaobot worm on your computer. wuamgrd.exe is directly related to the WORM_AGOBOT.GY. You can go here for removal instructions.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GY

I hope this helps
Art

 

[amen1973]

Hmm looking further into the running processes you might actually have a variant of w32.spybot worm. Update your AVG antivirus software. Reboot to safe mode and run it from safe mode. To get to safe mode reboot your computer and hit F8 multiple times before the Windows Splash Screen shows. There are many services/programs running that are directly related to different variants of the spybot worm.
I hope this helps
Art

 

[bobo123]

Thanks a lot !
bobo

 

[amen1973]

Were you able to get rid of the Virus?