HJT Log: Program Files, SLLLOOOWW

Author	All Replies
joshmerd Doctor Josh Premium join:2004-04-22 Summerville, SC clubs:	HJT Log: Program Files, SLLLOOOWW I did a post yesterday outlining my problems here: »www2.broadbandreports.com/forum/···ode=flat. However, now you can take those times and double them. Interestingly, I found out that C:\Program Files, although visible, it is not recognized as having anything in it, except when I use TDS-3 (which I will talk about later). It still does the "The disk in drive C: is not formatted" thing. I followed the link to I think my computer is infected or hijacked. What should I do? and followed the instructions there. I ran Spybot with few results. Next, I downloaded TDS-3 and updated it. Upon running, it found approximately 100 (my best guess) trojan traces. So, following the instructions, I deleted each and every one of them. I rebooted. Unfortunately, it still took about 7 minutes for a reboot. Then, I ran it again to make sure everything was gone. To my surprise, EVERYTHING I previously deleted was still there. If you want a log file from the scan, tell me how to do that and I will post it. Anyway, I decided to try TrojanHunter. After updating, I ran it with no luck. It froze just after starting the scan. Also, it didn't recognize anything (I mean anything at all) in the Program Files directory. I should also note that my HijackThis log shows Norton Antivirus, but as I said before if it is located in the Program Files directory, it will not run! This is odd now that I think about it... isn't Firefox there also??? Logfile of HijackThis v1.99.1 Scan saved at 4:24:35 PM, on 3/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\Roxio\EASYCD~1\AUDIOC~1\Playlist.exe C:\Documents and Settings\Joshua and Meredith\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.comcast.net/ O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [THGuard] C:\TrojanHunter 42\THGuard.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - »www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=···id=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···57897202 O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe -- Computers will never replace good old-fashioned human stupidity. -- Anonymous I have not failed. I've just found 10,000 ways that won't work. -- Thomas Edison
	to forum · permalink · · 2005-03-16 16:39:12 ·
B Premium,MVM join:2000-10-28	From the earlier thread you linked as well as this one, I just think your hard drive is dying. First, open the case and make sure that the data cable is connected securely to the hard drive and to the motherboard. If the problem persists, back up your important data to a CD or USB drive as soon as you can. If the drive is under warranty, try getting it replaced. Even if you don't, I'd suggest a reformat/reinstall. Count up how much time you've wasted so far and do the math. -- B -- In a realm outside causality and function
B Premium,MVM join:2000-10-28	to forum · permalink · · 2005-03-16 16:58:37 ·
joshmerd Doctor Josh Premium join:2004-04-22 Summerville, SC clubs:	reply to joshmerd I think you are right. Although the trojans found by TDS-3 are VERY suspicious, I think that my hard drive may be going bad. I found this out by running a program by Maxtor named PowerMax. It told me that my hard drive is, in deed, failing. Thankfully, I built this computer only a month ago, and the HDD has a 3 year warranty. I am going to send it back and start from scratch after I back up everything. Thanks! -- Computers will never replace good old-fashioned human stupidity. -- Anonymous I have not failed. I've just found 10,000 ways that won't work. -- Thomas Edison
	to forum · permalink · · 2005-03-16 17:39:10 ·


Monday, 09-Nov 00:03:33	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF