fire deamon.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

MrRogers

Thread Starter
Joined
Aug 30, 2004
Messages
36
when i restart/start my computer i get an error message for firedeamon.exe it is the message where i can send error report if i wanted, what is causing it and what is firedeamon.exe it don't sound good
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, You are correct, it is usually malware.
Get Hijackthis.exe here:

http://tools.radiosplace.com/HijackThis.exe

Simply make a new folder, the Desktop is OK if you create a folder, but I simply use C:\HJT any folder like My Documents, Program Files, etc is OK as long as you make a separate folder for HJT.

Download Hijackthis.exe to that folder....and run it from there.
Directions here to Copy/Paste the saved log it creates into a Reply in your thread:

http://mjc1.com/mirror/hjt/
 
Joined
Aug 1, 2003
Messages
51,988
FireDaemon is a great utility used to turn any normal application into a Windows service, with all the control and stability that that implies. But it is very unusual for someone to have FireDaemon and not know it. Maybe it is something you installed long ago, but you might just do a search on your machine to see if it is there.

If it is installed, it is probably located in C:\Program Files\FireDaemon\.

http://www.firedaemon.com/

(A "daemon" is any program that waits for the results of another program before executing, or "Disk Access and Execution Monitor". The Fire Daemon was so-named because the program "Fire" was one of the first that the program was tested on to turn it into a service.)
 

WhitPhil

Gone but never forgotten
Trusted Advisor
Joined
Oct 4, 2000
Messages
8,684
You will also want to get GetService.zip and unzip it to your desktop. Open the Getservice folder and click on the getservices.bat file. A notepad will open up with a long list of Services. Please save that notepad file and attach it to your next reply to this thread. It will be easier to attach it rather than copy and paste because it will be too long to paste in one post.
 

MrRogers

Thread Starter
Joined
Aug 30, 2004
Messages
36
Logfile of HijackThis v1.98.2
Scan saved at 1:46:53 AM, on 9/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Free Downloads Accelerator\fdaagent.exe
C:\Documents and Settings\me\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/home.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: toolbar - {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} - C:\WINDOWS\Downloaded Program Files\toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/030cfc8e35e212d9dc19/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.madonion.com/global/msc34.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.bravetree.com/downloader/BTDownloadCtrl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} (toolbar) - http://www.supaseek.com/toolbar/toolbar.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
It looks like you didn't realize that the Documents and Settings location....would put HJT into a temp folder...we ask that you create a new folder and run HJT from there, as the backups HJT makes will stay in the same folder and in case they are needed will be easier for you/us to find...

Please right click an empty spot of your desktop, select New>Folder, rename the folder to HJT, and re-download Hijackthis.exe and have it download to the HJT folder on your desktop.

Run that hijackthis.exe, scan, save log as you did before and paste it into a reply right here in this thread...just like you did before.


Get Hijackthis.exe here:

http://tools.radiosplace.com/HijackThis.exe


Elevandil: I have it that firedaemon.exe can also be bundled into malware and misused- and that is why I "consider it usually malware" since that is what I am looking for...no problems with your info about the good uses of FD; that is surely true! I just have this urge to find out for sure which is what> they are all suspects until proven innocent.
 
Joined
Aug 1, 2003
Messages
51,988
Elevandil: I have it that firedaemon.exe can also be bundled into malware and misused- and that is why I "consider it usually malware" since that is what I am looking for...no problems with your info about the good uses of FD; that is surely true! I just have this urge to find out for sure which is what> they are all suspects until proven innocent.
Understood. And that "ecure" thing that FireDaemon seems to be hosting may not be a good thing, though I don't know what it is.

Just FYI: I've been using a different program lately that creates a snap-in to the MMC to create new services called "ServiceMill". You may want to keep an eye out for that, too.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top