HJT log

[Bobo]

My system has been running slowly lately, but Avast, Adaware, and Spybot all come up empty. This HJT log also passed my inspection, but I want to be sure. Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 9:56:13 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\X3watch\x3watch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1155169829\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\common files\aol\1155169829\ee\aim6.exe
C:\Program Files\Folding@Home\FahCore_7a.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\SETUP FILES\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DriverCD] L:\Run.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155169829\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2007 (Beta) Quick Launch.lnk = C:\Program Files\Microsoft Office 2007\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: reico.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153934472623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153934463403
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

 

[holyjunk]

Don't know much about HJT logs but have you ran ewido?

 

[Bobo]

Don't know much about HJT logs but have you ran ewido?

Nope, but I am running it right now. However, I don't think that anything will come up, considering that Avast, AdAware, and Spybot all found nothing.

Also, my hard drive is not fragmented.

 

[JTM]

In which ways is it running slow, overall or startup?

 

[holyjunk]

Nope, but I am running it right now. However, I don't think that anything will come up, considering that Avast, AdAware, and Spybot all found nothing.

Also, my hard drive is not fragmented.

Give an update when it is done.

 

[Motoxrdude]

All i can see is just one:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

ALCMTR.EXE is totaly not necessary and is a good place for spyware and viruses to hang out. It is used for AC'97 sound, but is unecesary and should be fixed. Also, this seems questionable to me:
C:\Program Files\X3watch\x3watch.exe
It seems like something that sends info to another person about your computer usage; that was just a guess and i have never seen it before.

 

[PC eye]

USE A REGISTRY CLEANER is one recommendation often given when a bunch of clutter gets into the system reg along with useless files hanging around on the drive where CCleaner has a use. Beside RegCleaner found at http://www.majorgeeks.com/RegCleaner_d460.html Microsoft has their own version available at http://www.download.com/RegClean/3000-2094_4-881470.html?tag=pdp_prod
The msconfig utility is another way of reducing unnecessary startups if nothing like an unwanted IE addon or new startup is found.

 

[Bobo]

Give an update when it is done.

Ewido found nothing but cookies.

In which ways is it running slow, overall or startup?

Startup isn't great, but just overall. Especially when I try to open multiple programs at once, or something like that.

Also, this seems questionable to me:
C:\Program Files\X3watch\x3watch.exe
It seems like something that sends info to another person about your computer usage; that was just a guess and i have never seen it before.

No, that is normal and has to be there.

The msconfig utility is another way of reducing unnecessary startups if nothing like an unwanted IE addon or new startup is found.

Yea, I have used that.

So I will run the registry cleaner, and get back to you guys. But I have a feeling that the problem lies in AIM Triton. Of all things on my system, it is the slowest, and it takes 10-15 seconds for an IM window to appear on the screen. Could this be causing the whole system to slow down?

 

[PC eye]

One way to determine if that is a drag on the system for some reason would be to disable it from starting up along with Windows. That is where the msconfig utility can be a big help. You type msconfig in the Run prompt right off of the Start menu and press enter to open that screen. The last tab on the right is the startup group with the services right next to it.

Once you know which ones not to disable(video, sound. antivirus,) you uncheck the remaining items. From there you can go into the services tab and put a check mark on the "Hide All Microsoft Services" to avoid disabling anything the system needs. There you can pick and choose anything unnecessary for startup when Windows loads. A good reg cleaner takes care of loose items that often will start loading drivers from program already removed. In others words they clean useless crap out of there. There's usually more then one item that will slow things down. But the AIM Triton can't be ruled out either.

 

[Bobo]

One way to determine if that is a drag on the system for some reason would be to disable it from starting up along with Windows. That is where the msconfig utility can be a big help. You type msconfig in the Run prompt right off of the Start menu and press enter to open that screen. The last tab on the right is the startup group with the services right next to it.

Once you know which ones not to disable(video, sound. antivirus,) you uncheck the remaining items. From there you can go into the services tab and put a check mark on the "Hide All Microsoft Services" to avoid disabling anything the system needs. There you can pick and choose anything unnecessary for startup when Windows loads. A good reg cleaner takes care of loose items that often will start loading drivers from program already removed. In others words they clean useless crap out of there. There's usually more then one item that will slow things down. But the AIM Triton can't be ruled out either.

I know how to do msconfig. I have everything disabled that I want to be disabled.

I will screw around with things, and see what helps.

 

[Le GoogelGuRu]

AIM Triton is kind of a resource hog...

 

[Bobo]

AIM Triton is kind of a resource hog...

With a GB of RAM? I ran it on a system with 512MB and it didn't do this.

 

[Platinum]

If you want help with your HJT log, go into msconfig and enable all the startup entries that you have disabled. They need to be enabled otherwise HJT won't see certain things, things that may need to be fixed. Then post a new HJT log.

 

[PC eye]

If you want help with your HJT log, go into msconfig and enable all the startup entries that you have disabled. They need to be enabled otherwise HJT won't see certain things, things that may need to be fixed. Then post a new HJT log.

The only problem there would be a possible software conflict or a simple bad software install. One thought was to remove AIM Triton totally run a reg cleaner and reinstall it after. If there's a glitch with AIM that should correct it. I wouldn't advise enabling everything at once. Try a few at a time to see what changes if any are noticed. If you see a problem you can then narrow down the source of that. Then post a new log.