• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
thechamlin

Computer Passing Out

10 posts in this topic

My desktop Pentium4, 2.4Ghz with 512 Ram, 60GB hard drive (20GB available) XP Pro computer is hiccuping. In the last three weeks, on two different occasions, it just shut down. No Blue Screen of Death. Power stayed on in the box, but clearly the machine shut down / passed out. No video signal and no access from my laptop to the desktop files over the home network. Today it has happened three times. When I reboot, it works fine...for a while.

 

Ran Ad-Aware, SpySweeper, NOD32, Asquared and find nothing malevolent.

 

Does this sound like a malware issue or more like hard drive dying or corrupt Windows files freaking out? HiJack Log below.

 

Log feedback/cleanup help very welcome! It has gotten very cluttered in this system.

 

Thanks,

Chamlin

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:14:46 PM, on 6/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozy\mozybackup.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Belkin Bulldog Plus\upsd.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Eset\nod32kui.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\Comodo\Personal Firewall\CPF.exe

C:\Program Files\Comodo\LaunchPad\CLPTray.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Comodo\VEngine\VEngine.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Acpana Business Systems\Data Deposit Box\startup.exe

C:\Program Files\Belkin Bulldog Plus\MUPS.exe

C:\Program Files\Mozy\mozystat.exe

C:\WINDOWS\system32\STARTPG.EXE

C:\Program Files\Acpana Business Systems\Data Deposit Box\backup.exe

C:\WINDOWS\system32\WFXSVC.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\WinFax\WFXMOD32.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Documents and Settings\Bruce\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll

O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: WSR_IEplug - {4E9CAE1A-545D-48EA-8EEF-4D1DB6695AD3} - C:\Program Files\Sytexis Software\Web Stream Recorder\wsr_ieplug.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRA~1\WS_FTP~1\wsbho2k0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Comodo VerificationEngine Browser Helper - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\ESigil.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [Comodo Personal Firewall] "C:\Program Files\Comodo\Personal Firewall\CPF.exe" sysrestart

O4 - HKLM\..\Run: [Comodo Launch Pad Tray] "C:\Program Files\Comodo\LaunchPad\CLPTray.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VEngine] "C:\Program Files\Comodo\VEngine\VEngine.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\RunOnce: [FFTI] "C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\qyalnqjj.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles/qyalnqjj.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')

O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe

O4 - Startup: Start PageTools.lnk = C:\WINDOWS\system32\STARTPG.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Data Deposit Box.lnk = ?

O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136514694562

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozy Backup Service (MozyBackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Online Backup Service - Unknown owner - C:\Program Files\Acpana Business Systems\Data Deposit Box\nts.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

 

--

End of file - 13406 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Welcome to the forum :wave:

 

I apologize for the delay getting to you, the helpers here are all volunteers and we have been very busy here lately.

 

The Power button led stays green?

What color is the led on the monitor?

No chance it is asleep?

Share this post


Link to post
Share on other sites

Welcome to the forum :wave:

 

I apologize for the delay getting to you, the helpers here are all volunteers and we have been very busy here lately.

 

The Power button led stays green?

What color is the led on the monitor?

No chance it is asleep?

No problem for the delay, just grateful for the help. No, it's not asleep, it's definitely an "event" when it happens. I opened the box up and vacuumed all the dust in case it was heat. Hasn't happened since, so I think it may be okay now. I also tightened the power supply switch connections.

 

So letting go of the "problem", can you still review my log and see if there's any stuff I can get out of there?

 

Thanks,

B the Chamlin

Share this post


Link to post
Share on other sites

Glad to hear your main issue is resolved. :thumbsup: I was thinking it was either thermal or a motherboard problem.

 

There are not a whole lot of extras in your HijackThis log, but here are few optional items and their descriptions you can decide if you want to remove them or not.

 

[*]Run HijackThis, Choose "Do a system scan only" and checkmark the box next to the following entries.

  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    • If you did not set your main internet start page to blank you can remove this line.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

  • If you do not have a proxy server and this is not required by your firewall you can remove this line.

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

  • Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system

O4 - HKLM\..\Run: [smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"

  • System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

  • ScanSoft OmniPage auto updater. Can be disabled using the main program's options.

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

  • "Finds" the Visioneer scanner to see if it's on then loads it in the tray for quick access which delays the initial boot to desktop process. According to the Windows_Startup_Online_Repository , with the icon in the tray, if you restart or leave desktop, on your return, it again looks for the scanner and again bogs down your system. A desktop icon or star t > programs will provide access without the constant delays. Advise not to load this one in the tray.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

  • System Tray access to Apple's "Quick Time" viewer from version 5 onwards

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

  • Ahead Nero BackItUp backup program. Only required for if you have scheduled back-ups

 

You can remove any O16 they are activex items and will be redownloaded if necessary.

[*]Close all other windows and browsers, then click "Fix Checked".

 

I also suggest you update your old Java to the latest version.

Your java version is out of date, and the latest version fixed previous bugs that can be exploited.

Please go to Start > Control Panel > Add or Remove Programs

In the list of Currently Installed Programs, look for all previous versions of Java:J2SE Runtime Environment

Select each Java entry and then click Remove

Next, download and install the newest version: Java Runtime Environment (JRE) 6 Update 1

 

Also I notice you seem to be running A-squared, SpySweeper, and AdAware 2007 be careful to make sure the active protection of only one of these is turned on at a time.

 

Please reboot and post a fresh HijackThis log and let me know how your computer is running now.

Share this post


Link to post
Share on other sites

Thanks for the guidance on this. Did what you said to do, and really appreciated the explanations of what the items were. That empowered me to make choices. Uninstalled the old Java and reinstalled. Office seems to load quicker now. Other programs work fine.

 

I couldn't find a preference or option in ScanSoft re: updating to remove that. So I just deleted it via hijack this. Checked the software afterwards (Paperport) and it worked fine.

 

You'll see in the new log that there's a new Java line (is this necessary or helpful or should I delete it?): O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

 

Also, had deleted a-squared from my system as I don't use it. But even after unchecking the 023 for a-squared, it came back. Any ideas?

 

See anything else? What is the purpose of all the 023 service items?

 

Peace,

Bruce

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:47:18 PM, on 6/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozy\mozybackup.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Belkin Bulldog Plus\upsd.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Comodo\Personal Firewall\CPF.exe

C:\Program Files\Comodo\LaunchPad\CLPTray.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Comodo\VEngine\VEngine.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Acpana Business Systems\Data Deposit Box\startup.exe

C:\Program Files\Belkin Bulldog Plus\MUPS.exe

C:\Program Files\Mozy\mozystat.exe

C:\WINDOWS\system32\STARTPG.EXE

C:\WINDOWS\system32\WFXSVC.EXE

C:\Program Files\WinFax\WFXMOD32.EXE

C:\Program Files\Acpana Business Systems\Data Deposit Box\backup.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HijackThis\HiJackThis_v2.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll

O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: WSR_IEplug - {4E9CAE1A-545D-48EA-8EEF-4D1DB6695AD3} - C:\Program Files\Sytexis Software\Web Stream Recorder\wsr_ieplug.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRA~1\WS_FTP~1\wsbho2k0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Comodo VerificationEngine Browser Helper - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\ESigil.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Comodo Personal Firewall] "C:\Program Files\Comodo\Personal Firewall\CPF.exe" sysrestart

O4 - HKLM\..\Run: [Comodo Launch Pad Tray] "C:\Program Files\Comodo\LaunchPad\CLPTray.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon

O4 - HKLM\..\Run: [VEngine] "C:\Program Files\Comodo\VEngine\VEngine.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\RunOnce: [FFTI] "C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\qyalnqjj.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles/qyalnqjj.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')

O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe

O4 - Startup: Start PageTools.lnk = C:\WINDOWS\system32\STARTPG.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Data Deposit Box.lnk = ?

O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Mozy Backup Service (MozyBackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Online Backup Service - Unknown owner - C:\Program Files\Acpana Business Systems\Data Deposit Box\nts.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

 

--

End of file - 11923 bytes

Share this post


Link to post
Share on other sites
You'll see in the new log that there's a new Java line (is this necessary or helpful or should I delete it?): O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

It is the updater for the new version of Java it lets you know there is a new version and downloads it for you. You can remove it with HijackThis if you want and then update manually from the java icon in your control panel.

 

Did you delete A-squared or did you uninstall it via Add or Remove Programs ?

 

What is the purpose of all the 023 service items?
They are needed to run programs or devices you have installed, if you see a specific one know you do not use the program anymore it is best to remove them via Add or Remove Programs if they are still there after that we can remove them other ways.

 

If there are specific ones you do not recognize let me know which ones and I will tell you what they are.

Share this post


Link to post
Share on other sites
Did you delete A-squared or did you uninstall it via Add or Remove Programs ?

I did it through Add/Remove.

 

The 023 service items are needed to run programs or devices you have installed, if you see a specific one know you do not use the program anymore it is best to remove them via Add or Remove Programs if they are still there after that we can remove them other ways.

 

If there are specific ones you do not recognize let me know which ones and I will tell you what they are.

I know what they are. The one (other than A-squared) I question is:

O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

 

When I Windows Task Manager, winfax is always running, but though I use it (maybe 1x/month) it doesn't seem like it should always be running. It's only using 856k of memory right now in the processes tab, but that may vary. What do you think about that one?

 

Thanks alot!

Bruce

Share this post


Link to post
Share on other sites

[*]Please disable a-squared Free Service as followed:

  • Go to Start-> Run and type Services.msc then click OK.
  • Click the Extended tab at the bottom.
  • Scroll down until you find the a-squared Free Service.
  • Click once on a-squared Free Service to highlight it.
  • Click Stopthis service in the left pane.
  • Right-Click on a-squared Free Service and choose Properties.
  • Select the General tab.
  • Click the down-arrow on the right-hand side of the Start-up Type box.
  • From the drop-down menu, choose Disabled.
  • Click the Apply, then click OK.

[*]Please delete a-squared Free Service as followed:

  • Please run HijackThis and click Config -> Misc Tools -> Delete an NT service.
  • In the Delete window, type a2free and press OK.
  • OK any prompts, close HijackThis, and restart your computer.

[*]Please post a fresh HijackThis log.

 

 

For the WinFax Pro we should not remove this one, but we may be able to set it so it does not start except when needed.

Go to Start->Run and type services.msc, scroll down thru the list until you find WinFax Pro and let me know if it is set to manual or automatic.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0