What's going on? [Hijackthis log]

My computer (Win XP Home) has been running very slowly for some time. Surely a 2.66GHz P4 and 1/2 a gigabyte of RAM can run Steam, Xfire and a browser at once with ease.

What comes up when I tap Ctrl+Alt+Del

Hijackthis Log:

"Logfile of HijackThis v1.99.1
Scan saved at 9:18:01 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Opera\Opera.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe "
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://<usernameremoved>.spaces.live.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe "

 

Hi Dave

The HJT log looks clean

You have a full and busy system.

Questions:

Are you behind a router?

How long have you had Mcafee?

Did you recently do a major update to Mcafee?

Has Norton ever been installed on this PC?

Try the following deep cleanup:

ATF-Cleaner http://www.atribune.org/content/view/25/2/
when run check select all run twice or more until nothing else found
=====================================
CCleaner get the slim version http://www.ccleaner.com/download/builds.aspx
Click bottom right Run Cleaner twice
then in left panel click issues then below Scan for issues run twice or until no more found
=======================================
Clean all user profiles at once.

http://ezpcfix.net/download.aspx?dlo...x-1-0-0-16.exe

http://ezpcfix.net/download.aspx?dlo...-16/Plugin.inf

The above need to be downloaded and need no install but need to be put togather in the same folder.

So download them create a folder I recommend Program Files\EzPcFix and run them from there.

This seems to be a simple and basic program at first but I advise you not tinker with too many of it's other features unless you know what you are doing. As it has some extremely powerful features but looks so harmless.

Here are the steps:

1. Run the program
2. Click Load Hives
3. Double click Delete temp files
4. Select the optional check boxes if you want
5. If you Checked _Restore /System Volume information\_Restore then you should create a new restore point via System Restore.
6. I usually close the Hives before exit
Even better run in Safe Mode.
========================================
Download install and run
http://www.xblock.com/download/xclean_micro.exe

This is an advanced cleaner that goes after (not everything) but only the worst most prolific and damaging malware and some viri.

Delete ALL it finds no exceptions, if after cleaning an incident, it advises a reboot, say no during the process, but do so when the program ends before continuing with next step below.

Many finds with this program, then reboot to Safe Mode and run it again. I use this as preclean before SpyBot and AdAware.

Try this and get back.

Mike

 

Status Report

Thanks for the help.

I'm not behind a router, this Motorola SB5100 "SURFboard" cable modem is directly connected to the computer by USB1.

I've had McAfee for some time, but I purchased a box which I installed it from. I deleted a Norton trial that came with this HP computer. A while ago it had a pretty big update where it gave me the GUi of version ten and now it nags me to buy all the version ten programs (I have version nine).

Ran ATF cleaner on Opera + Windows, have CCleaner installed and used it to get rid of 1.7GB of stuff. Didn't get to that hive cleaner yet.

X-block is running. So far it's found two Bonzi Buddy registry keys and three Gamespy Arcade keys. It found one Sweetbar key. I have a updated Spybot S&D program and it hasn't found any of this stuff ><. Found AWS (Weatherbug). I guess this stuff is the reason behind the increase from 150MB memory usage to 450MB memory usage. Huh I said no to a reboot, and it crashed with a memory error.

Rebooting into Safe Mode...

 

Looks like you are doing a good job Dave.

The reason I asked about the Router. The Windows Firewall is suffecient if behind a Router. But directly connected to a Cable/DSL modem you need more Firewall. Appearently you are covered here by Mcafee.

The reason I asked about Norton is in the following link. Read it to understand why it is still on your system. Then do posts 8 & 9 if you want to finish uninstalling it.

http://www.windowsbbs.com/showthread.php?t=61013

Your choice if you want to finish cleaning it. All the info as to why is in the post.

That should get you a level of performance back.

Mike

 

Windows Firewall isn't enough?

 

Well Dave I don't guess you have the Mcafee suite after all. I thought I saw it earlier but it must have been on another post.

To keep it simple the windows Firewall is a simple firewall. It is not what is called a Statefull firewall and is one directional.

If you have only one computer then you do not need a Router, but a NAT router by it's very action is a natural firewall. So in combination with the windows firewall it is usually enough.

Directly connected to a Cable/Dsl you need more.

I think the following is still one of the best not only because of all its features but it is reasonably easy to setup and use. And one of the least processor intensive firewalls available.

The below is the last free version of the Kerio Personal firewall some who have tried the newer version have gone back to this one as better.

http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe

Mike

 

I have McAfee AntiVirus and AntiSpam, but the firewall wasn't included. I used the free Sygate one for some time until i wanted to reinstall it until I realized they were bought out and the free download link pulled :/ The link you provided is broken.

 

Go here to get it

http://www.321download.com/LastFreeware/page7.html


Mike

 

It's only a 30 day trial

 

You can get several different versions of Sygate from OldApps.com