http://www.dslreports.com/forum/r12926775 en Sat, 28 Nov 2009 07:47:18 EDT Sat, 28 Nov 2009 07:47:18 EDT http://www.dslreports.com/forum/remark,12927346 joshmerd : I think you are right. Although the trojans found by TDS-3 are VERY suspicious, I think that my hard drive may be going bad. I found this out by running a program by Maxtor named PowerMax. It told me that my hard drive is, in deed, failing. Thankfully, I built this computer only a month ago, and the HDD has a 3 year warranty. I am going to send it back and start from scratch after I back up everything. Thanks!
--

Computers will never replace good old-fashioned human stupidity. -- Anonymous
I have not failed. I've just found 10,000 ways that won't work. -- Thomas Edison]]> http://www.dslreports.com/forum/remark,12927346 Wed, 16 Mar 2005 17:39:10 EDT http://www.dslreports.com/forum/remark,12926964 B :
From the earlier thread you linked as well as this one, I just think your hard drive is dying.

First, open the case and make sure that the data cable is connected securely to the hard drive and to the motherboard.

If the problem persists, back up your important data to a CD or USB drive as soon as you can.

If the drive is under warranty, try getting it replaced.

Even if you don't, I'd suggest a reformat/reinstall. Count up how much time you've wasted so far and do the math.

-- B
--
In a realm outside causality and function]]> http://www.dslreports.com/forum/remark,12926964 Wed, 16 Mar 2005 16:58:37 EDT http://www.dslreports.com/forum/remark,12926775 joshmerd : I did a post yesterday outlining my problems here: »www2.broadbandreports.com/forum/···ode=flat. However, now you can take those times and double them. Interestingly, I found out that C:\Program Files, although visible, it is not recognized as having anything in it, except when I use TDS-3 (which I will talk about later). It still does the "The disk in drive C: is not formatted" thing.

I followed the link to I think my computer is infected or hijacked. What should I do? and followed the instructions there. I ran Spybot with few results. Next, I downloaded TDS-3 and updated it. Upon running, it found approximately 100 (my best guess) trojan traces. So, following the instructions, I deleted each and every one of them. I rebooted. Unfortunately, it still took about 7 minutes for a reboot. Then, I ran it again to make sure everything was gone. To my surprise, EVERYTHING I previously deleted was still there. If you want a log file from the scan, tell me how to do that and I will post it. Anyway, I decided to try TrojanHunter. After updating, I ran it with no luck. It froze just after starting the scan. Also, it didn't recognize anything (I mean anything at all) in the Program Files directory. I should also note that my HijackThis log shows Norton Antivirus, but as I said before if it is located in the Program Files directory, it will not run! This is odd now that I think about it... isn't Firefox there also???

Logfile of HijackThis v1.99.1
Scan saved at 4:24:35 PM, on 3/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Roxio\EASYCD~1\AUDIOC~1\Playlist.exe
C:\Documents and Settings\Joshua and Meredith\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.comcast.net/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] C:\TrojanHunter 42\THGuard.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - »www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=···id=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···57897202
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
--

Computers will never replace good old-fashioned human stupidity. -- Anonymous
I have not failed. I've just found 10,000 ways that won't work. -- Thomas Edison]]> http://www.dslreports.com/forum/remark,12926775 Wed, 16 Mar 2005 16:39:12 EDT