Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:58, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
This is a general startup list. Which and how (using Advanced System Care) can I elliminate from this process list. I would like to run the basic, minimum for my pc to run healthy. I guess what I am asking is there are 52 processes running, how and what do I need, how many is normal>?
and what should I look for that would be out of the norm?
Process list saved on 6:05:50, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
[pid] [full path to filename] [file version] [company name]
476 C:\WINDOWS\System32\smss.exe 5.1.2600.5512 Microsoft Corporation
572 C:\WINDOWS\system32\winlogon.exe 5.1.2600.5512 Microsoft Corporation
616 C:\WINDOWS\system32\services.exe 5.1.2600.5512 Microsoft Corporation
628 C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 Microsoft Corporation
804 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
920 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1104 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 4.8.1335.0 ALWIL Software
1136 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 8.0.0.0 Lavasoft
1348 C:\WINDOWS\Explorer.EXE 6.0.2900.5512 Microsoft Corporation
1468 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.8.1335.0 ALWIL Software
1732 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.5512 Microsoft Corporation
1972 C:\WINDOWS\eHome\ehRecvr.exe 5.1.2715.3011 Microsoft Corporation
2024 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
352 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
420 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 Microsoft Corporation
512 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 Microsoft Corporation
676 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS 6.0.1.22 New Boundary Technologies, Inc.
888 C:\WINDOWS\system32\java.exe 6.0.110.3 Sun Microsystems, Inc.
2148 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
2268 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 1.0.0.53 Yahoo! Inc.
2324 C:\WINDOWS\system32\SearchIndexer.exe 7.0.6001.16503 Microsoft Corporation
2920 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.8.1335.0 ALWIL Software
3028 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.8.1335.0 ALWIL Software
3128 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
3152 C:\WINDOWS\system32\dllhost.exe 5.1.2600.5512 Microsoft Corporation
3592 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.8.1335.0 ALWIL Software
3648 C:\Program Files\Unlocker\UnlockerAssistant.exe
3748 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 6.0.30.5 Sun Microsystems, Inc.
3788 C:\WINDOWS\SOUNDMAN.EXE 5.1.0.43 Realtek Semiconductor Corp.
3812 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 6.0.0.1027 Cyberlink Corp.
3832 C:\Program Files\Digital Media Reader\readericon45G.exe 1.4.0.8 Alcor Micro, Corp.
3900 C:\Program Files\QuickTime\qttask.exe 7.1.3.100 Apple Computer, Inc.
4076 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
264 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 100.0.1.0 Hewlett-Packard
520 C:\WINDOWS\ehome\ehtray.exe 5.1.2710.2732 Microsoft Corporation
772 C:\WINDOWS\eHome\ehmsas.exe 5.1.2710.2732 Microsoft Corporation
1024 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 8.0.0.0 Lavasoft
2228 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.5512 Microsoft Corporation
2488 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 4.25.0.1014 SUPERAntiSpyware.com
1148 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 100.0.170.0 Hewlett-Packard Co.
2356 C:\Program Files\Windows Desktop Search\WindowsSearch.exe 7.0.6001.16503 Microsoft Corporation
3004 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 100.0.272.0 Hewlett-Packard Co.
3264 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 100.0.272.0 Hewlett-Packard Co.
3408 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 100.0.28.0 Hewlett-Packard
2236 C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe 3.2.0.633 IObit
3948 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
3420 C:\WINDOWS\eHome\ehSched.exe 5.1.2710.2732 Microsoft Corporation
2364 C:\WINDOWS\system32\nvsvc32.exe 6.14.11.8208 NVIDIA Corporation
5576 C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe 2.2.0.0 Philips Consumer Electronics
2108 C:\Program Files\Internet Explorer\iexplore.exe 7.0.6000.16791 Microsoft Corporation
5536 C:\Program Files\Alwil Software\Avast4\ashSimpl.exe 4.8.1335.0 ALWIL Software
4508 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 2.0.0.2 Trend Micro Inc.
I think a back-up from that long ago, 6 months, is of very limited value (so allowing SAS to deal with them isn’t really an issue), you should however, plan to do regular back-ups. I would say monthly at the longest, I do weekly back-ups.
So Secunia ran and gave me 93% javara updated the 3 -4 java related versions quicktime adobe/acrobat . so i guess what i need to do is as was suggested back up more often. so my plan now is to reattempt a full backup/reboot if possible and then biweekly back up files and folders. then every 6 mos do a complete back up . i would imagine that a few months of updates and backups are better than a few years worth especially time wise.
I do weekly hard disk images (an exact digital image of what is on your hard disk partition/drive) and I keep the last 5, anything older than a month effectively is IMHO a waste of back-up space as much can happen in a 5 week period. I could possibly extend the back-up duration to fortnightly giving 10 weeks or retain 6 back-ups giving 12 weeks, anything longer than that really is I feel a waste of time.
It is effectively what is current on your system and I do daily back-ups of may data files (I often run this more than once a day).
– SYSTEM BACK-UP & RECOVERY
If you fail to plan, then you plan to fail.
If you have a back-up and recovery plan, you can recover from anything in minutes, not hours or days.
back-up all the things that you don’t want to lose, data files, like documents, spreadsheets, emails, email account details, registration keys, address book, favourites/bookmarks, downloaded files/programs, etc. the list goes on and on but if you don’t want to lose it back it up. There are many back-up programs that can simplify this task and run it every day.
Recovery - re-installing your system really is a poor choice and one of last resort. There are tools (Drive Imaging software) that take exact images of your Partitions or Hard Disks and these images can be restored in minutes if you suffer a major catastrophe and that doesn’t have to be a virus attack.
I do a weekly image of my partitions and save them to my 2nd hard disk, they can also be saved to off-line storage, DVD, USB external hard disk, etc. as part of my weekly system maintenance.
So if the worst comes to the worst at most I lose:
A. 6 days worth of program updates or new installations, but with my daily back-up I can recover most of that.
B. less than one days data files, emails, etc.
None of these is a problem and much quicker than a system reinstall and I don’t have to go on-line to download the myriad of security updates needed to secure my system where there is a chance to get reinfected whilst my system has vulnerabilities because of these missing patches. Not to mention all my system tweaks and program settings are retained and I will have saved myself many hours of work and a huge amount of stress.
Many of these programs cost, there are some free ones, but it will take some research on your part to find these tools and decide on what is best for you from reviews, user feed back, etc. good luck.
DavidR,
i own an external hard drive. i’m not sure if i understand all your discussions about particions, but… just back up everything … is that what you are suggesting. i have hijack this, spybot, ad-aware, super anti-spyware, malware bytes. i know how to run theses in reg and safe mode, but that is how i battle spyware and viruses… uis there a better way oh yah and i havce Avast too
You are indirectly backing-up everything as it is an exact copy of what is on the partition/disk, etc. I also go further and do daily ‘back-ups’ using different back-up software for volatile files (as mentioned above) that could well change more quickly than the frequency of the drive imaging software.
Partitions, are used to split a large hard disk drive into smaller partitions (though many people don’t bother and just have one very large partition, the whole disk), C for your windows and installed programs, D for data you can go further and have more partitions say another for your media files, etc. This can make backing up easier.
You can then use disk imaging to copy that partition or partitions and save the image to your external hard disk. If you then experience a problem like this or other catastrophe that would take a few hours or longer to resolve, you can simply restore the last back-up image for the effected partition/s.
As to is this a better way, you only have to look at the length of this particular topic to answer that question. You only need to look at your own particular topic, http://forum.avast.com/index.php?topic=43516.0 and two days is a long time when I could restore my C and D partitions in less than 20 minutes.
This I have done on numerous occasions none related to viruses from simple things that would have taken some time to get back to the previous state, if that duration is longer than it takes to restore, no contest, I use my drive imaging software and restore the partition/s and back in business in around 20 minutes.
Mom 24:
First I will just say you have been pretty heroic in this fight to reclaim your machine.
While I will certainly allow those more astute in dealing with malware to help you with your main battle,I noticed you had some concern about the number of process’s you have on your machine.
I have 20 counting my web browser.
A site that can help you “trim the fat”,so to speak is Blackviper: http://www.blackviper.com/WinXP/servicecfg.htm
Stick with the “safe” profile and you will save a lot of resource,with few if any problems.
This is after you get your machine clean.
Single Dad here.
No mystery about “Too much to do when the time runs out”.
regards,
normishmael