0

am new here, but i came cuz of the same problem ... AGRSMMSG.exe
but i think it has something to do with SPOOLSV.exe too cuz everytime i close that process my puter goes faster... but i keeps re-running by itself ...
i dunno.. well i've read about asking a PRO about what to do with my hijackthis log so i'll post u mine so u can help me =)

Logfile of HijackThis v1.99.1
Scan saved at 01:50:23 a.m., on 22.06.05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\AAA Mauchizo\GetRight Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [e-Border Credential] C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

e u can help me!

oh yes one more thing... my prefetchs folder has a lot of files with numbers at the end like:
ACRORD32.EXE-20C463C1.pf
AGRSMMSG.EXE-0034A7F7.pf
ALG.EXE-0F138680.pf
APNTEX.EXE-2C02AAE6.pf
APOINT.EXE-1B53748D.pf
SPOOLSV.EXE-282F76A7.pf
WUAUCLT.EXE-399A8E72.pf
S5CREDMGR.EXE-09FB6D8A.pf
SVCHOST.EXE-3530F672.pf
... and more... but those i am not sure if the are clean or not,. already scanned them with norton and trend AV , and say there are clean but.. who knows...

3
Contributors
17
Replies
18
Views
12 Years
Discussion Span
Last Post by DMR
0

Congratulations! Your log looks clean!

The contents of your prefetch folder can be deleted safely.

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.

Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

0

hi runchie,

i think my system is clean now cuz i cleaned it up just before posting with Trend, but i think virus made his job already that's why i get my pc slowed down with the spoolsv.exe ....

Since now i am at university, i'll do everything u say in ur replay tonight.

Thanx for ur fast replay =)

P.S: i can't wait to see my puter fixed

P.S: i wanna know what does any of this process running do, can u tell me please?

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe

Do u think i can delete reg values of ipodservice & ituneshelper ? i mean delete the registries that start them at startup.

I also wanna know if the jusched.exe file is safe? i read it can be a virus too.

0

hi crunchie,

i am kinda sad cuz i still have the same problem... since i made most of the things u told me to like deleting prefetches and cleaning the temp folder...
tho i haven't edit my internet options... but that's not really important now.

look, every time i start my PC, it auto start spoolsv.exe and also other processes, the reason why i remark that one is because it runs at 99% of my CPU capacity and makes my puter go SLOW, so i close it right after login in.

after few minutes the same processes reopens itself... how? i have no idea i am trying to figure it out closing spoolsv.exe and also other process with names i dun recognize until it doesn't open anymore....

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe is the process i closed this time.. spoolsv.exe haven't re-auto run yet... i will re start my PC now and.... i'll post a new hijackthis log then i'll close spoolsv.exe & EabServr.exe if it doesn't reopen again they might be linked somehow...

i wish u could tell me how to stop this annoying thing without deleting that file... cuz i know it has something to do with the printer maybe i could erase it and replace it with a clean one.. ¿? could i ?

well i hope u can help me =) and once again BRB and i'll post my log...

0

ok this is my new log since i erased prefetches and cleaned up temp
rigth after this i closed spoolsv.xe and eabservr.exe ... but spoolsv came back ... lol i'll close it now and also will close wuauclt.exe let's see what happens...

Logfile of HijackThis v1.99.1
Scan saved at 11:38:23 p.m., on 22.06.05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\AAA Mauchizo\GetRight Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [e-Border Credential] C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

oh yes.. byt the way can i erase the reg keys from ipodservice and ituneshelper ???

0

well i just closed spoolsv but the other one wuauclt.exe wasn't running anymore... so i'll see if it reopens.... then if that happens i'll go for alg.exe maybe that one is the one ^^ (it says LOCAL SERVICE, what's that mean? i also have one instance of svchost running and it says LOCAL SERVICE, other one says NETWORK SERVICE and the rest SYSTEM there are 3 of those)

ok ok.. it just reopened... let's see if alg.exe is the linked one =P

0

ok... well i have no idea about what is the process that re opens spoolsv, since alg was closed nd spoolsv reopened some how...

hye i too 2 screen shots of some stuff my sister noticed while she was chatting thru msn messenger i'll post them here hopeu can tell me what that means...

the first one is an error 373 dunno what it means.. then right after closing that window this new window poped up, the one of the scrip-editor... well i hope u can figure out what is going on here in my PC...

Attachments error373.JPG 115.13 KB script-editor.JPG 63.88 KB
0

To be honest, I do not have a clue what is causing the problem unless there is a driver problem with the printer?
Maybe one of our more learned members will be able to help you out.

0

mmm darn it... i think it might be something really bad ..
anywayz thanx for ur help crunchie... maybe u can tell me who can help me out, maybe post his nick or pm him to read this thread =)

ty again, buhbye.

0

1.

i wanna know what does any of this process running do, can u tell me please?

The following site will give you a description of most (if not all) of processes you have questions about It will also usually tell you whether or not it's necessary to have a given process auto-run every time Windows starts:

http://www.processlibrary.com/


2.

wuauclt.exe wasn't running anymore

wuauclt.exe is the component responsible for handling Windows' Automatic Update feature. This process will activate itself at certain times to check for (and automatically install, if you have it set to do that) updates at Microsoft's site.


3.

then if that happens i'll go for alg.exe maybe that one is the one

Be careful with that: alg.exe is a core Windows component needed by Winodws Firewall and Internet Connection Sharing. If you use either of those features, you will need to leave that process running.


4.

it says LOCAL SERVICE, what's that mean?

Mostly for security reasons, XP runs different services/processes under different, system-level accounts; Local Service and Network Service are two of these accounts. Like the Administrator account and normal user accounts, these system-level accounts have different permissions and privileges; running groups of services under a certain system account provides a way to grant or deny those service different "powers" over the system.


5.

...i also have one instance of svchost running and it says LOCAL SERVICE...

svchost is sort of a "super process" in that it is responsible for managing groups of lesser processes. Therefore it's normally to see multple instances of svchost running, and to see those instances associated with different system accounts.


6.

i have no idea about what is the process that re opens spoolsv

Very basically, Windows uses a "service manager" which controls and monitors the state of services. The manager can start, stop, and restart services.


7. In terms of the problem with spoolsv hogging CPU usage, there are at least a few reasons for that:

- The name "spoolsv.exe" is known to be used by some viruses/trojans. If you're infected, the malicious spoolsv can show very high CPU usage.

- spoolsv is the Print Spooler process; it manages print jobs. If you have documents piling up in your print queue that are waiting to be printed, this can cause spoolsv's CPU usage to rise. To check this, go to your Printers and Faxes control panel and click on your printer. If you see pending documents there, either print them or delete them.

- It could be a driver issue; reinstall or update your printer drivers. Print drivers installed by some third-party programs have also been reported to cause spoolsv to exhibit high CPU/memory usage.

- Here's an obscure fix I found, although I've never tried it myself:

* Go to Control Panel, Administrative Tools, Services and stop the Print Spooler.
* Turn off the printer.
* Go to C:\WINDOWS\system32\spool\PRINTERS and delete the files there.
* Turn your printer back on and restart the service. Check task manager, spoolsv.exe should be at 00%.

0

- The name "spoolsv.exe" is known to be used by some viruses/trojans. If you're infected, the malicious spoolsv can show very high CPU usage.

i think this is the one... but i've already run 3 AntiVirus and says the file is clean.. tho one of the AV (Trend) detected 3 viruses (check screenshot)

If you have documents piling up in your print ...

nop... i dun even have a printer working with my laptop so i dun try to print

- It could be a driver issue; reinstall or update your printer drivers...

do u really think that can be a reason?... my laptop is brand new (has less than 2 months) and i dun really use the printer stuff so why is this problem comming up now? why not since i turned it on for the very first time?
*if i get to the point where i can't do anything else than reinstalling the driver... where can i get it from?

- Here's an obscure fix I found, although I've never tried it myself

ermm what is that mean,,,?? is it safe ? i mean... would i lose any privileges or even won't be able to use my printer?

hope to hear from u soon =)
and ty for helping

0

this is the infected file i found before posting for the 1st time (attach#1)

i am wondering now.. i've read some of the processes information and some of them say they don't use internet... such as lsass, spoolsv... i too a screen shot from norton > reports > activity logs > activities an this 2 processes named were trying to access to the internet... who is that possible if they don't work with internet ????

Attachments norton-activies.JPG 238.68 KB virus_found.JPG 129.65 KB
0

1. The things I posted about the spoolsv CPU usage were just some suggested fixes for a few of the common causes of the problem. If you've never installed any printer/fax/etc. software, I doubt they'll apply in your case. I'd check out the possibilities anyway; if you (or anyone else) has ever used a printer on the machine, software/driver issues could be the problem.

2. In terms of the "Trying to access the Internet" messages, those can be misleading sometimes. Many processes/programs open up/listen on network ports on your local computer, but that doesn't necessarilly mean that those programs are trying to access the Internet. Personal-use firewall software often only reports the overly-simplified "Trying to access the Internet", probably because a more technical differentiation would just confuse the average user.

0

Here's an obscure fix I found, although I've never tried it myself:

* Go to Control Panel, Administrative Tools, Services and stop the Print Spooler.
* Turn off the printer.
* Go to C:\WINDOWS\system32\spool\PRINTERS and delete the files there.
* Turn your printer back on and restart the service. Check task manager, spoolsv.exe should be at 00%.

Obscure method working fine :cheesy: ... i tried that one and re-started my pc, after that spoolsv seems to be working fine :mrgreen: ... weeeeee! i am so happy...

tho, i don't know if my machine is working totally good... since i haven't got the error window poped up again... but it doesn't mean it wouldn't show up later... so i'll keep an eye on that

for now i just say... THANX YOU SO MUCH =)

0

You're welcome; glad that worked. :)

The problem could happen again at some point. If it does though, just do the fix again.

0

Note: Since this problem turned out not to be related to malicious infections, I'm going to archive it in a more appropriate forum now.

0

ermm u said no infections ?... i deleted the infected file from C:\WINDOWS\system32\spool\PRINTERS before my 1st post (that i did with Trend AV help)... i fixed the spoolsv.exe high cpu usage after u told me the obscure method...

well puter is working fine now... but i keep getting error window poped up while surfing the internet. Check the screen-shot please =)

Attachments error339.JPG 8.09 KB
0

ermm u said no infections ?... i deleted the infected file from C:\WINDOWS\system32\spool\PRINTERS before my 1st post (that i did with Trend AV help)...

Yes, but the infections you had were something you took care of before you posted here.

However, we didn't work on any malicious problems in this thread; we were solving a Windows problem not related to viruses/spyware/etc. Because of that (and this is purely from a forum organization/maintenance standpoint), I moved the thread to a forum more fitting the actual problem that was solved.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.