• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 424
  • Last Modified:

Why is the Light on my PC Always Running 24/7?

Hi.  My PC has been under attack for months, I finally have it back.  However, the light below the on/off button is always running - 24/7.  Sometimes it flashes very bright, other times it just bleeps constantly.  This is after everything is loaded from boot up and when I am doing nothing.

I completely reformated the drive and re-installed from a brand new windows CD.

I have an HP 2800 athlon processor, Windows XP with SP2 installed, Norton anti-virus and firewall, Zone Alarm Pro firewall, Spy Substract, Ad-aware, PC Powerwash, HijackThis.

I want to get rid of everything that I really don't need, because I'm tired of dealing with this for so long.  Please advice of any and all programs that can go.  

Security checks indicate no viruses or compromises to security.  But I think there is still somebody in there!    Thank you SO much.  

Here is the Hijack log:

Logfile of HijackThis v1.98.2
Scan saved at 4:05:56 PM, on 10/9/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\PCPOWE~1\PopUp.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\PCPOWE~1\PopUpKiller.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

  • 10
  • 5
4 Solutions
ok , lets take this by the numbers , a flashing light ( I think your refering to a hard drive light , everyones computer case is different , some like mine dont have cases) If its a red light its almost certainly a hard drive light , try a simple disk defragmentation before you take this further , your hard drive might be disorganised from all the suff youve added moved deleted and/or changed
a second peice of advice is to rid yourself of xp i dislike that os as its wasteful
Ok, now to fix the problem, i am on a windows 2000 computer , although xp by default has the defragmentation program in the same place
go to start programs accessories system tools disk defragmenter, click C: it will turn blue  click defragment
Get a coffee or some tea this will take some time ( 30mins+ how big are the drives how badly disorganized makes a difference )
This should solve the issue if it does not let me know and i will assist you further
Technicial Note: ( provided as a refrence olny , in case you are curious as to what defragmentation does )
Windows 2000 ( all versions ) and xp ( all versions ) have a built in utillity to organize the information in  order to speed up access, when a computer searches a hard drive for information it looks in a table called a File Allocation Table to tell it where programs are located , if it has bits and peices of information scattered all over its got to tape them back together and then read the information , this takes time ( next time some junk mail comes try it , rip the unwanted mailing up and then try and peice it together to read it , compare that top just simply reading the mail which takes longer? forst the computer analyzes how the records should look then peices all back together like sample above
If its a fragmentation issue what you have inside wnt help as things are still a mess on the hard drive. good luck hope it helps
MariliAuthor Commented:
I run defrag regularly.  Sorry, but that's not it.  As far as XP is concerned, can't really afford to get something else - os cost a lot, don't they?  And that is what my 3 year maintenance agreement covers.  Although so far the agreement has been worthless, since nobody covers viruses, trojans and hackers.
I'm thinking the light has something to do with the screen saver, even when it hasn't turned on yet?  Or, are there some little programs that run when PC is idle (that are necessary I hope!) that could be causing the light?

What do you think of the HijackThis report?
freebsd several other linux ones are free , any of those would blow the doors of xp knoppix is also a good start.
the log reflects a patchwork of solutions which is what is being used.
the fact the light is on means the disk is being accessed.
not the screen saver its not even being loaded , i am thinking insufficent ram causing xp to use the hard drrive
as extra
my advice check out http://www.knoppix.org/ click the british flag to get the page in english.

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

MariliAuthor Commented:
So, you are saying that getting a different OS would be a very good idea?  I'm not clear what your first sentence is.  Is it "freebsd"?   I would have no idea how to install that and coordinate it with all the other software.  I looked at knoppix website - it is free? and it is like a supplement for windows xp?  Or would I delete xp?  what software would work with it?  only the first page of the website converted to English.  I have 512 ram.  It makes me nervous to think about erasing what I bought the PC with and putting a bunch of stuff on there that I've never heard of or used.  It would void my service agreement.  But I will do it if that really is the best thing.

I wish I could pay one of you guys to come to my house and tweek my PC into a happy running state!  

yes thats the best thing is to install a new operating system, its not a supplement to xp you format the drive and put freebsd on
http://www.freebsd.org/index.html most of the windows based applications work fine, and theirs tons of free software written for it  
theirs many other linux based systems that are free but i like freebsd best.
it install straight forward just read the screen and is very customizeable, again its all written in easy to follow terms.
I know its probably a daunting task your first OS install but its well worth it
MariliAuthor Commented:
Happythedog, is it possible to put two operating systems on the PC?  I'm afraid to get rid of XP entirely, that's what I have my service agreement with.  If anything happened, I wouldn't have anything.
read the service agreement carefully , based on the fact that it wont cover virii trojans. Its a hardware agreement most likly.
Means it covers the phyisical circuit boards from damage not system programming.
yes its possibile , recommended no as you may run into issuesof having to use one os to access one partition and another one to access the second.
 give freebsd a shot youll probably like it .
last sentence is unclear , if anything happens to windows you dont have much either.
to put to operating systems on the same machine:
divide the hard drive into to logical peices ( repartition )
install one os to one partition and one to the other
NOTE: This is not recommended
on a personal note, is this your first pc? you probably bought it at a retailer pre loaded right
so it follows your nervous about the several hundred dollar investment
but take the plunge you will find its well worthit
and btw athlon chips are manufactured by American Micro Devices commonly known as AMD
check out www.amd.com http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_3734,00.html
XP in this case is a model , no relation to the software if same name
MariliAuthor Commented:
I did buy it pre-loaded from a retailer, and didn't know anything about tweeking your PC to run better, or about all the stuff you have to do to protect yourself.  Have learned a tiny bit since getting hacked.  The reason for keeping windows is that the retailer service plan only covers original installed products.  

I thought the freebsd was FREE? You mentioned several 100 $ ??  Is it for other software?  Would Microsoft Word work?  PaintShop Pro?  All the anti-hacker security programs?  My photos on CD?

Not sure why you are telling me about athlon chips ...?

Hewlett Packard  F I N A L L Y contacted me and is sending me a clean set of CDs to do a complete clean/reinstall.  I was going to do that, but now I don't know what to do.  Yikes!  This is so hard.  You have been so helpful, and I am starting to feel guilty asking you so many questions.  Thank you so very much.  Your karma is going to serve you well for a long time!

Do you think maybe I should install the freebsd and then just keep the windows xp CD's in case I need them someday, or don't like freebsd???  I really value you opinion and expertise.

I can't believe it, but I got browser hijacked AGAIN today - HIJACKTHIS showed 53 dot com sites being run!!  I deleted, the PC is very quiet now.  This is all after I installed and updated a bunch of programs:  Spybot, SpySearch, Adaware, Zone Alarm Pro, Faber Toys, PCPowerwash, Norton Security/Firewall/antivirus, HijackThis.  I have not gone to any seedy websites, I don't use bonzi buddy, comet cursors, etc.  I clean cookies, history, scan disk, virus updates DAILY.  All that stuff.   (I did use Yellow Pages to look up senior services for my mom, and now looking at my list of possible pests, it's on there.  Could that be how they got in?)  Geez, can't do anything.

How is one to even USE their computer without these creeps taking over?  It took at least 5 minutes to load HijackThis just so I could find out why my PC light was running like crazy, the fans going non-stop, couldn't load anything.  

The HijackThis log was 4 PAGES LONG !

I am on the internet via DSL - via SBC Yahoo.  That annoying company loaded all kinds of crap on my PC when I signed up.  There is no other way to get online, besides dial up, is there? Dial up would make me insane.  We don't have cable here, but would it matter?  Do you know which applications Yahoo loaded that I could safely remove and still access email and internet?  There is probably a page full just for Yahoo.  

Does anybody have any time left to use their computer after they do all the maintenance and security stuff?

freeBSD is FREE , windows 2000 retails for 300 dollars , if you wanted to stick to a windows os you would go to 2000.
but I stand by FreeBSD.
just a point of refrence on the athlon figued you would want to know.
yes just install FreeBSD, its well worth it , that os is actually designed to be stable M$ takes a release now fix later approach.
the applications you mentioned all  work.
www.broadbandreports.com the speeds are listed in upload/download and kpbs measurment.
I know what you mean, and its outrageous , if i pay for tap water from the water company I have the right to expect that my water is drinkable and safe , but it seems you dont have that right from your isp.
good secure operating system , make sure its updated and watch what you dl
also use firefox web browser
i apologize for my late reply , i had to catch up on the housetasks yesterday
MariliAuthor Commented:
Hey, not late to me - not a problem.  I am so grateful for all the help.  

Ok, you sold me on freeBSD -it sounds good.  It will be worth learning all the new stuff if I can count on some safe computing stability for a change.  Sounds like won't be too much to learn anyway if my programs will work with it.  I have grown to despise Microsoft and IE anyway.  

Thank you SO MUCH for all the excellent education and resource connections and SUPPORT.  
Much appreciated.  500 points.  
if you need extra help weeder45@optonline.net dont hesitate
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 10
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now