Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Slow boot/shut down (hijack included)

[Fixed] Hijackthis! Logs - Slow boot/shut down (hijack included) posted in the Security & Safety forums; HighJack doesn't like: F:\WINDOWS\ALCMTR.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE(classified as good, but still needs fixed?) O4 - Startup: Reboot.exe The ALCMTR would be nice to get rid of if it's ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 08-04-2007
GhastMaster's Avatar
Silver Member
My PC
 
Join Date: Sep 2006
Location: Cincinnati, Ohio, USA
Posts: 166
PC Experience: Experienced
GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page GhastMaster - See this Members User comments on their Profile page
Default Slow boot/shut down (hijack included)
HighJack doesn't like:
F:\WINDOWS\ALCMTR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE(classified as good, but still needs fixed?)
O4 - Startup: Reboot.exe

The ALCMTR would be nice to get rid of if it's not needed for my Audio. How do i get rid of them? Should I? and will it help my boot up?


Logfile of HijackThis v1.99.1
Scan saved at 2:21:54 AM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\WINDOWS\ALCMTR.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents and Settings\Administrator\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1185240942234
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  #2  
Old 08-05-2007
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,734
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default Re: Slow boot/shut down (hijack included)
Hello.

Alcmtr.exe belongs to Realtek AC97 Audio - Event Monitor that can be used to surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. I would consider it optional to remove.


Please run HijackThis and place a checkmark by the following entry:
O4 - Startup: Reboot.exe

Fix this too if you would like to remove ALCMTR.EXE:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Close all other windows except HijackThis and press "Fix Checked". Then close HiajckThis and restart the computer.


If you had removed ALCMTR.EXE, now navigate to and delete the following file if still present:
F:\WINDOWS\ALCMTR.EXE


Post a new HijackThis log in your next reply. Do you have any problems with your computer?

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks

« Slow Desktop Shortcuts | [Fixed] Bloodhound.Exploit.109 detected, Hijack This log included »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 04:21 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top