Marili
asked on
Why is the Light on my PC Always Running 24/7?
Hi. My PC has been under attack for months, I finally have it back. However, the light below the on/off button is always running - 24/7. Sometimes it flashes very bright, other times it just bleeps constantly. This is after everything is loaded from boot up and when I am doing nothing.
I completely reformated the drive and re-installed from a brand new windows CD.
I have an HP 2800 athlon processor, Windows XP with SP2 installed, Norton anti-virus and firewall, Zone Alarm Pro firewall, Spy Substract, Ad-aware, PC Powerwash, HijackThis.
I want to get rid of everything that I really don't need, because I'm tired of dealing with this for so long. Please advice of any and all programs that can go.
Security checks indicate no viruses or compromises to security. But I think there is still somebody in there! Thank you SO much.
Here is the Hijack log:
Logfile of HijackThis v1.98.2
Scan saved at 4:05:56 PM, on 10/9/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\A
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bi
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hphmon
C:\WINDOWS\system32\spool\
C:\Program Files\Yahoo!\browser\ybrwi
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\Real
C:\PROGRA~1\COMMON~1\AOL\A
C:\PROGRA~1\SBCSEL~1\SMART
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\PCPOWE~1\PopUp
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrow
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
C:\Program Files\hijackthis\HijackThi
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-0
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bi
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwi
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMART
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\PCPOWE~1\PopUp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtrac
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtrac
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-0
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {D18F962A-3722-4B59-B08D-2
I completely reformated the drive and re-installed from a brand new windows CD.
I have an HP 2800 athlon processor, Windows XP with SP2 installed, Norton anti-virus and firewall, Zone Alarm Pro firewall, Spy Substract, Ad-aware, PC Powerwash, HijackThis.
I want to get rid of everything that I really don't need, because I'm tired of dealing with this for so long. Please advice of any and all programs that can go.
Security checks indicate no viruses or compromises to security. But I think there is still somebody in there! Thank you SO much.
Here is the Hijack log:
Logfile of HijackThis v1.98.2
Scan saved at 4:05:56 PM, on 10/9/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\A
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bi
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hphmon
C:\WINDOWS\system32\spool\
C:\Program Files\Yahoo!\browser\ybrwi
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\Real
C:\PROGRA~1\COMMON~1\AOL\A
C:\PROGRA~1\SBCSEL~1\SMART
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\PCPOWE~1\PopUp
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrow
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
C:\Program Files\hijackthis\HijackThi
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-0
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bi
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwi
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMART
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\PCPOWE~1\PopUp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtrac
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtrac
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-0
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {D18F962A-3722-4B59-B08D-2
ASKER
I run defrag regularly. Sorry, but that's not it. As far as XP is concerned, can't really afford to get something else - os cost a lot, don't they? And that is what my 3 year maintenance agreement covers. Although so far the agreement has been worthless, since nobody covers viruses, trojans and hackers.
I'm thinking the light has something to do with the screen saver, even when it hasn't turned on yet? Or, are there some little programs that run when PC is idle (that are necessary I hope!) that could be causing the light?
What do you think of the HijackThis report?
Thanks!
I'm thinking the light has something to do with the screen saver, even when it hasn't turned on yet? Or, are there some little programs that run when PC is idle (that are necessary I hope!) that could be causing the light?
What do you think of the HijackThis report?
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
*ram
ASKER
So, you are saying that getting a different OS would be a very good idea? I'm not clear what your first sentence is. Is it "freebsd"? I would have no idea how to install that and coordinate it with all the other software. I looked at knoppix website - it is free? and it is like a supplement for windows xp? Or would I delete xp? what software would work with it? only the first page of the website converted to English. I have 512 ram. It makes me nervous to think about erasing what I bought the PC with and putting a bunch of stuff on there that I've never heard of or used. It would void my service agreement. But I will do it if that really is the best thing.
I wish I could pay one of you guys to come to my house and tweek my PC into a happy running state!
I wish I could pay one of you guys to come to my house and tweek my PC into a happy running state!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html
just click the link to download it
just click the link to download it
ASKER
Happythedog, is it possible to put two operating systems on the PC? I'm afraid to get rid of XP entirely, that's what I have my service agreement with. If anything happened, I wouldn't have anything.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and btw athlon chips are manufactured by American Micro Devices commonly known as AMD
check out www.amd.com http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_3734,00.html
XP in this case is a model , no relation to the software if same name
check out www.amd.com http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_3734,00.html
XP in this case is a model , no relation to the software if same name
ASKER
I did buy it pre-loaded from a retailer, and didn't know anything about tweeking your PC to run better, or about all the stuff you have to do to protect yourself. Have learned a tiny bit since getting hacked. The reason for keeping windows is that the retailer service plan only covers original installed products.
I thought the freebsd was FREE? You mentioned several 100 $ ?? Is it for other software? Would Microsoft Word work? PaintShop Pro? All the anti-hacker security programs? My photos on CD?
Not sure why you are telling me about athlon chips ...?
Hewlett Packard F I N A L L Y contacted me and is sending me a clean set of CDs to do a complete clean/reinstall. I was going to do that, but now I don't know what to do. Yikes! This is so hard. You have been so helpful, and I am starting to feel guilty asking you so many questions. Thank you so very much. Your karma is going to serve you well for a long time!
Do you think maybe I should install the freebsd and then just keep the windows xp CD's in case I need them someday, or don't like freebsd??? I really value you opinion and expertise.
I can't believe it, but I got browser hijacked AGAIN today - HIJACKTHIS showed 53 dot com sites being run!! I deleted, the PC is very quiet now. This is all after I installed and updated a bunch of programs: Spybot, SpySearch, Adaware, Zone Alarm Pro, Faber Toys, PCPowerwash, Norton Security/Firewall/antiviru
How is one to even USE their computer without these creeps taking over? It took at least 5 minutes to load HijackThis just so I could find out why my PC light was running like crazy, the fans going non-stop, couldn't load anything.
The HijackThis log was 4 PAGES LONG !
I am on the internet via DSL - via SBC Yahoo. That annoying company loaded all kinds of crap on my PC when I signed up. There is no other way to get online, besides dial up, is there? Dial up would make me insane. We don't have cable here, but would it matter? Do you know which applications Yahoo loaded that I could safely remove and still access email and internet? There is probably a page full just for Yahoo.
Does anybody have any time left to use their computer after they do all the maintenance and security stuff?
I thought the freebsd was FREE? You mentioned several 100 $ ?? Is it for other software? Would Microsoft Word work? PaintShop Pro? All the anti-hacker security programs? My photos on CD?
Not sure why you are telling me about athlon chips ...?
Hewlett Packard F I N A L L Y contacted me and is sending me a clean set of CDs to do a complete clean/reinstall. I was going to do that, but now I don't know what to do. Yikes! This is so hard. You have been so helpful, and I am starting to feel guilty asking you so many questions. Thank you so very much. Your karma is going to serve you well for a long time!
Do you think maybe I should install the freebsd and then just keep the windows xp CD's in case I need them someday, or don't like freebsd??? I really value you opinion and expertise.
I can't believe it, but I got browser hijacked AGAIN today - HIJACKTHIS showed 53 dot com sites being run!! I deleted, the PC is very quiet now. This is all after I installed and updated a bunch of programs: Spybot, SpySearch, Adaware, Zone Alarm Pro, Faber Toys, PCPowerwash, Norton Security/Firewall/antiviru
How is one to even USE their computer without these creeps taking over? It took at least 5 minutes to load HijackThis just so I could find out why my PC light was running like crazy, the fans going non-stop, couldn't load anything.
The HijackThis log was 4 PAGES LONG !
I am on the internet via DSL - via SBC Yahoo. That annoying company loaded all kinds of crap on my PC when I signed up. There is no other way to get online, besides dial up, is there? Dial up would make me insane. We don't have cable here, but would it matter? Do you know which applications Yahoo loaded that I could safely remove and still access email and internet? There is probably a page full just for Yahoo.
Does anybody have any time left to use their computer after they do all the maintenance and security stuff?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i apologize for my late reply , i had to catch up on the housetasks yesterday
ASKER
Hey, not late to me - not a problem. I am so grateful for all the help.
Ok, you sold me on freeBSD -it sounds good. It will be worth learning all the new stuff if I can count on some safe computing stability for a change. Sounds like won't be too much to learn anyway if my programs will work with it. I have grown to despise Microsoft and IE anyway.
Thank you SO MUCH for all the excellent education and resource connections and SUPPORT.
Much appreciated. 500 points.
Ok, you sold me on freeBSD -it sounds good. It will be worth learning all the new stuff if I can count on some safe computing stability for a change. Sounds like won't be too much to learn anyway if my programs will work with it. I have grown to despise Microsoft and IE anyway.
Thank you SO MUCH for all the excellent education and resource connections and SUPPORT.
Much appreciated. 500 points.
if you need extra help weeder45@optonline.net dont hesitate
a second peice of advice is to rid yourself of xp i dislike that os as its wasteful
Ok, now to fix the problem, i am on a windows 2000 computer , although xp by default has the defragmentation program in the same place
go to start programs accessories system tools disk defragmenter, click C: it will turn blue click defragment
Get a coffee or some tea this will take some time ( 30mins+ how big are the drives how badly disorganized makes a difference )
__________________________
This should solve the issue if it does not let me know and i will assist you further
Technicial Note: ( provided as a refrence olny , in case you are curious as to what defragmentation does )
Windows 2000 ( all versions ) and xp ( all versions ) have a built in utillity to organize the information in order to speed up access, when a computer searches a hard drive for information it looks in a table called a File Allocation Table to tell it where programs are located , if it has bits and peices of information scattered all over its got to tape them back together and then read the information , this takes time ( next time some junk mail comes try it , rip the unwanted mailing up and then try and peice it together to read it , compare that top just simply reading the mail which takes longer? forst the computer analyzes how the records should look then peices all back together like sample above
If its a fragmentation issue what you have inside wnt help as things are still a mess on the hard drive. good luck hope it helps