Hard drive working overtime?

Discussion in 'adware, spyware & hijack cleaning' started by QProteus, Feb 25, 2004.

Thread Status:
Not open for further replies.
  1. QProteus

    QProteus Registered Member

    Joined:
    Oct 20, 2003
    Posts:
    13
    Location:
    Stockholm, Sweden
    Hi all,

    Ever since I turned my PC on today, my hard drive's been making noise as if there's some program working in the background. I've restarted the system a few times, but still get the same problem. I personally believe that something's running. Can someone out there help me narrow down the possible source of the problem?

    Here's my HijackThis log.

    Logfile of HijackThis v1.97.7
    Scan saved at 20:29:06, on 2004-02-25
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM\TROJANHUNTER 3.7\THGUARD.EXE
    C:\PROGRAM\DRWEB\SPIDER.EXE
    C:\PROGRAM\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\PROGRAM\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\PROGRAM\TROJANHUNTER 3.7\THGUARD.EXE
    C:\PROGRAM\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=searchbar
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=sve
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=sve
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c98&s=consumer&i=sve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telia Internet Explorer
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&query=%s&i=enu
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program\FreshDevices\FreshDownload\fdcatch.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM\FLASHGET\FGIEBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] "c:\windows\scanregw.exe " /autorun
    O4 - HKLM\..\Run: [SystemTray] "SysTray.Exe"
    O4 - HKLM\..\Run: [LoadPowerProfile] "Rundll32.exe " powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EACLEAN] "C:\Program\Compaq\Easy Access Button Support\eaclean.exe " /NORESTART
    O4 - HKLM\..\Run: [AtiCwd32] "Aticwd32.exe"
    O4 - HKLM\..\Run: [AtiKey] "Atitask.exe"
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] "A3dInit.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
    O4 - HKLM\..\Run: [TaskMonitor] "c:\windows\taskmon.exe"
    O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe
    O4 - HKLM\..\Run: [StillImageMonitor] "C:\WINDOWS\SYSTEM\STIMON.EXE"
    O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM\TROJANHUNTER 3.7\THGUARD.EXE"
    O4 - HKLM\..\Run: [SpIDer] "C:\PROGRAM\DRWEB\SPIDER.EXE"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] "Rundll32.exe " powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] "sa3dsrv.exe"
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download with &FD - file://C:\PROGRAM\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
    O8 - Extra context menu item: Download &All by FD - file://C:\PROGRAM\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM\FLASHGET\jc_link.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM\FLASHGET\jc_all.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll
    O12 - Plugin for .pdf: C:\PROGRAM\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRAM\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.5646759259
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab


    Thanks in advance.
    Q
     
  2. QProteus

    QProteus Registered Member

    Joined:
    Oct 20, 2003
    Posts:
    13
    Location:
    Stockholm, Sweden
    Can anyone take a look at my log?
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi QProteus,

    I'm sure lots of people looked, but there isn't anything wrong with your log. The programs that are running are listed under Running processes and I don't see something suspicious.

    Regards,

    Pieter
     
  4. QProteus

    QProteus Registered Member

    Joined:
    Oct 20, 2003
    Posts:
    13
    Location:
    Stockholm, Sweden
    Whew! Okay. Thanks a million, Pieter! The noise stopped also. I guess I just need more memory in this old battle-axe of a PC. :rolleyes:

    Thanks again.
     
  5. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Q,

    If so, you might want to get a backup of your system asap. Grinding, etc., are a fair indication of a hdd which is about to croak. Especially if it's coming and going like you describe. Best bet is to make backups of critical stuff asap, just in case. ;)
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Which is never a bad idea. :)

    Thanks JimIT,

    Pieter
     
  7. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Agreed! :D
     
  8. QProteus

    QProteus Registered Member

    Joined:
    Oct 20, 2003
    Posts:
    13
    Location:
    Stockholm, Sweden
    Crap! That's not a bad idea, JimIT! Thank you!!!
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    You might want to d/l and install BelArc Advisor:

    http://www.belarc.com/free_download.html .

    It'll tell you, via the S.M.A.R.T report, whether your HD is failing or not. (See screenshot).

    There are other programs that do the same or better, information-wise, but BelArc's a quick and dependable "first alert".

    Actually, it was the first one I noticed telling me that my previous HD was failing (and it was, and did!).

    Just a thought. Pete
     

    Attached Files:

  10. QProteus

    QProteus Registered Member

    Joined:
    Oct 20, 2003
    Posts:
    13
    Location:
    Stockholm, Sweden
    Thanks, Pete. I'm downloading it now as I type this. :cool:
     
  11. thymekiller

    thymekiller Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    12
    Location:
    Aransas Pass, Tx
    Just curious. I noticed in the Belarc screenshot, a link to SMART, and then a drive status message. Mine does not show that. Do I have an older version?? What exactly is a S.M.A.R.T reporto_O I have used Belarc advisor on many computers and have never seen the reference to the S.M.A.R.T. report. Clue me in, if you can...
    thymekiller
     
  12. QProteus

    QProteus Registered Member

    Joined:
    Oct 20, 2003
    Posts:
    13
    Location:
    Stockholm, Sweden
    This may help...
    http://www.belarc.com/smart.html

    By the way, it says that my hard drive has no SMART Driver installed. :doubt:
     
  13. thymekiller

    thymekiller Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    12
    Location:
    Aransas Pass, Tx
    thanks for the link...turns out I had an older version, because after I uninstalled the old one, and reinstalled the new one, I now have the drive status message.
     
  14. hi-fi

    hi-fi Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    4
    I was just curious, noticed that

    C:\PROGRAM\TROJANHUNTER 3.7\THGUARD.EXE

    was running twice. Never saw that before and wondered if that would create any issues for you? If anyone knows if that can create conflict or unnecessary activity, it might be something to watch for if it happens again :doubt:
     
  15. QProteus

    QProteus Registered Member

    Joined:
    Oct 20, 2003
    Posts:
    13
    Location:
    Stockholm, Sweden
    Yeah, I noticed that too when I had hit Ctrl-Alt-Delete to pull up the Task Monitor during all that hub-bub a few days ago. I had thought that it was an initial side effect of the HDD's "struggling" issue. It may JUST have been an issue with my THGUARD.EXE running twice. Don't know what would have caused THAT, though. o_O It's a first for me.
     
  16. k3dc

    k3dc Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    33
    Location:
    Sunny Florida
    You might just need to Defrag your drive. Many people don't do this on a regular basis, and over the course of just using the computer your hard drive can get in a really fragmented state. It can't hurt, and might actually help. ;)

    If you haven't done it for some time, be prepared for the process to take QUITE A WHILE! As a general rule, allow up to an hour for each 10 GB of drive capacity.

    Hope this helps (at least it can't hurt).
     
Thread Status:
Not open for further replies.