Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » HJT Log: Program Files, SLLLOOOWW
Uniqs:
370		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Java 2 Platform Standard Edition 5.0 Update 2.0 »
« HELP: VPN to home from corporate work?  

joshmerd
Doctor Josh
Premium
join:2004-04-22
Summerville, SC
clubs:

HJT Log: Program Files, SLLLOOOWW

I did a post yesterday outlining my problems here: »www2.broadbandreports.com/forum/···ode=flat. However, now you can take those times and double them. Interestingly, I found out that C:\Program Files, although visible, it is not recognized as having anything in it, except when I use TDS-3 (which I will talk about later). It still does the "The disk in drive C: is not formatted" thing.

I followed the link to I think my computer is infected or hijacked. What should I do? and followed the instructions there. I ran Spybot with few results. Next, I downloaded TDS-3 and updated it. Upon running, it found approximately 100 (my best guess) trojan traces. So, following the instructions, I deleted each and every one of them. I rebooted. Unfortunately, it still took about 7 minutes for a reboot. Then, I ran it again to make sure everything was gone. To my surprise, EVERYTHING I previously deleted was still there. If you want a log file from the scan, tell me how to do that and I will post it. Anyway, I decided to try TrojanHunter. After updating, I ran it with no luck. It froze just after starting the scan. Also, it didn't recognize anything (I mean anything at all) in the Program Files directory. I should also note that my HijackThis log shows Norton Antivirus, but as I said before if it is located in the Program Files directory, it will not run! This is odd now that I think about it... isn't Firefox there also???

Logfile of HijackThis v1.99.1
Scan saved at 4:24:35 PM, on 3/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Roxio\EASYCD~1\AUDIOC~1\Playlist.exe
C:\Documents and Settings\Joshua and Meredith\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.comcast.net/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] C:\TrojanHunter 42\THGuard.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - »www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=···id=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···57897202
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
--

Computers will never replace good old-fashioned human stupidity. -- Anonymous
I have not failed. I've just found 10,000 ways that won't work. -- Thomas Edison
permalink · 2005-03-16 16:39:12 · Print · Reply to this
B
Premium,MVM
join:2000-10-28

Re: HJT Log: Program Files, SLLLOOOWW


From the earlier thread you linked as well as this one, I just think your hard drive is dying.

First, open the case and make sure that the data cable is connected securely to the hard drive and to the motherboard.

If the problem persists, back up your important data to a CD or USB drive as soon as you can.

If the drive is under warranty, try getting it replaced.

Even if you don't, I'd suggest a reformat/reinstall. Count up how much time you've wasted so far and do the math.

-- B
--
In a realm outside causality and function
permalink · 2005-03-16 16:58:37 · Print · Reply to this

joshmerd
Doctor Josh
Premium
join:2004-04-22
Summerville, SC
clubs:

 I think you are right. Although the trojans found by TDS-3 are VERY suspicious, I think that my hard drive may be going bad. I found this out by running a program by Maxtor named PowerMax. It told me that my hard drive is, in deed, failing. Thankfully, I built this computer only a month ago, and the HDD has a 3 year warranty. I am going to send it back and start from scratch after I back up everything. Thanks!
--

Computers will never replace good old-fashioned human stupidity. -- Anonymous
I have not failed. I've just found 10,000 ways that won't work. -- Thomas Edison
permalink · 2005-03-16 17:39:10 · Print · Reply to this
Forums » Up and Running » Security » SecurityJava 2 Platform Standard Edition 5.0 Update 2.0 »
« HELP: VPN to home from corporate work?  

Sunday, 22-Nov 05:02:14 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [167] Weekend Open Thread
· [117] Verizon Again Hints At Metered Billing
· [96] There's Still No Evidence That Metered Billing Is Necessary
· [92] Will AOL's Implosion Ever End?
· [84] Spain Declares Broadband A Legal Right
· [75] Deploying FTTH Without Digging Things Up
· [74] Verizon To Be Tested By Unofficial Droid Tethering
· [73] Femtocells Are A No Show
· [67] Verizon To AT&T: The Truth Hurts
· [60] Chicago Tribune Visits 'Comcast University'
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· MLPPP and MikroTik [TekSavvy]
· transfer switch location/space limitation [Home Repair & Improvement]
· What is the spell hit cap for a lvl 80 full arcane spec mage [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· Smoker's Applecare warranties may not be worth anything [All Things Macintosh]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· [Other] Questions/Issues Regarding Voip.ms VOIP Service [VOIP Tech Chat]
· [FireFox] Move FF Temp folder? [Mozilla Software]