Virus Causing Hard Disk Problems?

I have two 250 GB Maxtor Ultra ATA drives in my Sony Vaio desktop PC running Windows XP Professional MCE. The drives are my C and D drives. The C drive contains the Windows OS. The D contains only data. Over the last week, I have encountered three instances where a clicking (Click-click; click - click) sound comes from desktop unit. I assume it is one of the disk drives, probabaly the C drive, because the operating system performance detoriates when the clicking occurs. The Sony support website suggests the hard drive is about to fail. I ran disdefrag and disk check on both drives after the first two instances. I visited the Maxtor website. They suggest that a virus or other malware might be causing the problem and should be investigated before assuming the disk is failing. I have Windows Defender and McAfee AntiVirus and Firewall software installed. I have attached my HJT log. Is there any indication that a virus is present in the system? Also, what do the Interbase Guardian and Interbase server software accomplish? I have denied the server software permission to access/connection to its server in the McAfee software via the Internet. Is this a problem?

Logfile of HijackThis v1.99.1
Scan saved at 11:45:50 PM, on 12/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Sony\click to dvd 2\ctdatsvr.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Borland\Interbase\Bin\IBServer.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ita.sel.sony.com/support/pc/vaioupd/noupdates.shtml
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe "
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe "
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe "
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Click to DVD Automatic Mode Launcher.lnk = C:\Program Files\Sony\click to dvd 2\ctdatsvr.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: www.sony.com
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121083896339
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126275935906
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} (PCInfo.CMClass) - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3606.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4846/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72065749-343F-4BF9-B063-1A67C72980F7}: NameServer = 71.243.0.12 68.237.161.12
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBServer.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "\Addons\Packages\Mobile\Gateway" /DisplayName= "VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName= "VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

 

Hi chetonbbs.

Well I'm not seeing anything malicious anywhere. Probably hardware, but to soothe them over at Maxtor you can always run an online scan, save the logs and show you have made an effort to rule out any sort of viral infection.

Panda ActiveScan

• Click the [Scan your PC] button. ( You may have to disable any pop up blockers)
• Then press the green [Check Now] button.
• Enter your country and state along with a valid email address.
• Allow the ActiveX install, it may be a few minutes for all components. (For XP SP 2 watch for the yellow bar at the top of IE)
• Once installation is complete you will need to select a device to scan. Please select 'My Computer' and the scan will begin.
• Once the scan is done, click the 'See report' button, then the 'save report' button. Be sure to save the log file created in a place easy for you to find.

Kaspersky Online Scanner

Click on Kaspersky Online Scanner icon.
Accept the Kaspersky agreement and the program will load.
You will then be prompted to install an ActiveX component from Kaspersky, click Yes

The program will then begin downloading the latest definition files. This will take a few minutes, even with hi-speed.
Once the files have been downloaded click on Next

Now click on [Scan Settings] button.
In the scan settings make sure that the following are selected:

• Scan using the following Anti-Virus database:
• Extended (if available otherwise Standard)

• Scan Options:
  Scan Archives
  Scan Mail Bases

Click OK

Now under the Please select a target to scan:
Select My Computer

The program will begin the scanning process.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Then click on the [Save as Text] button
Save the file to your desktop.


The Interbase software is a your server that I'm assuming you are running, see a basic description here

Hope that helps.

 

Thanks TeMerc, I was having trouble finding anything related to malware

Clicking is not a good symptom related to HDDs. Whatever you do backup now (you seem to have an Acronis system installed).

Clicking may be from other drives or even something caught in the cooling fans, but it is not a "normal" sound.

What amount of RAM do you have? You seem to have 50+ programs/services running in the background (I counted 12 Mcafee programs). If you have insufficient RAM you may be working your HDD to death (running on pagefile).

Interbase Guardian, part of Masterplan
http://www.masterplanner.com/product/product.php

Me, I would reduce the load of startup/background programs.

Matt

 

Hi TeMerc and mattman;

I ran Panda Active scan and obtained an interesting result. Panda found a trojan (Clicker.cp) but it was not installed. Let me explain. It was in a program I had downloaded from PC World's download site (they recommended it) but I had never installed it. The program is called Startup-Mechanic. Panda identified it as a virus but in their encyclopedia they call it a Trojan. I later googled it and only Secunia treats it as a "virus." PC World describes the software "Startup-Mechanic" as follows, "Startup-Mechanic - This security program finds data miners, adware, and tracking software and gets rid of them, protecting your system resources and your privacy. Startup-Mechanic also sniffs out obsolete programs and unused junk, helping you streamline your system. With the backup archive viewer and the recycle bin storage, you'll have a cooling-off period in which you can decide if you want your files back. Boot protection keeps unsavory programs from launching when you start your PC." I would be interested in your take on this sidebar issue. McAfee does not include Clicker.cp in its library of threats. It appears only Secuia and Panda do. Regardless, it was not affecting the operation of my PC since it was not an installed program.

Panda also identified 110 items of Spyware but I have not yet verified these with other spyware and malware software detection programs. I have the Panda report they issued so I can review later.

I also ran Kaspersky. I ran it overnight due the estimated time to run it fully against my computer and all drives. I was expecting to find a report available in the morning. Instead the PC had shutdown by morning for some reason so I don't have a report from them. Will update this issue when I get a chance to run Kaspersky again.

Interestingly, when I rebooted my PC the clicking noise appeared briefly then it stopped but Windows did not load. A second reboot (after a 30 second wait) was succssful and the PC has run event free for more than 7 hours today. This is the fifth occurance of the clicking noise in about 8 days.

As to Gauardian and Interbase Server, I do not use my PC as a server so I remain perplexed about this software and its function on my PC. I have asked Sony support if they know but have not yet received a reply.

mattman, I have 1 meg of ram installed. Where do I get good instructions on how to reduce the number of startup programs running on my PC?

 

Here is an excellent site for that:
AnswersThatWork
Just go to the appropriate letter, and search for the process/exe, they will give good detailed info regarding it, we use it quite often.

With regards to the scans, any findings located in the following paths can be ignored:
'Recycler folder' and 'restore\system volume folder'
And any sort of 'quarantine' type of folder from any other type of scanner. And cookies of course do not count either, they cannot 'infect' anyone.

 

Hello Chetonbbs

Where is your Pagefile? Did you move this to the second (DATA) drive.

I agree with all above. Doubt it is a Virus, could be Spy/Adware.

Yes clicking from a HD is usually a sign of pending failure.

After you have done some of the procedures here and above, and are reasonably sure you are clean of culprits and it gets worse or more often make sure to backup critical data.

But there is a chance it is something else if chkdsk has OK'd it.

Do this!

The following are the best free cleaners below

DCleaner http://www.majorgeeks.com/DCleaner_d4790.html

ATF-Cleaner http://www.atribune.org/content/view/25/2/

Finally **** Cleaner get the slim version http://www.ccleaner.com/download/builds.aspx

Dcleaner and ATFClean are purely disk cleaners but CClean also has a registry cleaner, run this also as many times as it takes to come up clean.

After these are done, after each bootup, kill all unessesary programs from memory and see if the problem goes away. If so it is a program that is the cause.

Get back!

Mike

 

Hi Chet,
I hope you mean 1Gig of RAM That is a decent amount, but looking at all those startup items, those under 04 heading and I expect those that are run as services under the 023 heading, they must utilize a sizable chunk of that.
Use the AnswersThatWork link to find out if the program is necessary to run at startup. Use this
http://www.majorgeeks.com/download.php?det=619
to disable the programs (and re-enable them when you need the program/s to run), for example you should only need to run VAIOupdt.exe every several months
Antivirus needs to be updated regularly, but I only update antispyware every few weeks or if I think I might be at risk.

Clicking, run PowerMax on the drives
http://www.maxtor.com/portal/site/M...oftware Downloads/All Downloads&downloadID=22
If it appears that another drive is the cause (optical or maybe floppy) you should be able to open the case, put your finger on drive housing and "feel" the clicking.

Matt

 

Check the power and IDE connectors to the drives. If they are loose it could also cause the clicking and slow down or freeze your PC.

 

Hi Gents,

mattman, I did mean 1 Gig of Ram

I went to Maxtor site as suggested. ....run PowerMax on the drives
http://www.maxtor.com/portal/site/M...oftware Downloads/All Downloads&downloadID=22 Maxtor says, "The PowerMax utility is effective on all ATA (IDE) hard drives with a capacity greater than or equal to 500 MB." Do you think they mean less than or equal to 500 MB? Otherwise I cannot use it on a 250 MB drive. I have emailed them (now Seagate) for clarification but they have not replied.

The clicking is not coming from a floppy drive but the sound I hear when it happens sounds much like the sound a floppy drive makes when it initally reads a disk or when it cannot read a damaged disk and keeps trying to do so.

Shortly after reporting that the PC had run fine for 7 hours, it crashed when I logged out of one user account and into another. When I restarted I received a Microsoft Windows Error report that indiated the system was inititially unable to read the hard disk drive on re-booting. It recommended to run chkdsk again, which I did while away from my PC for the afternoon. Upon return after dinner, the PC had booted up to the user sign on screen. I don't know what check disk reported due to the auto bootup. Is the report logged somewhere? I tried to find it via the "Event Viewer" without success.

I will keep trying the excellent suggestion you all are offering but I have this feeling that one of my Xmas gifts to myself will be a new HD.

 

Will Do. Thanks.

 

I am unfamiliar with the term "Pagefile ". What do you mean?

I will run the recommended cleaners and get back on the results.

 

Chet, they stopped manufacturing 250 Megabyte drives in about 1992/3. You would have 250 Gigabyte drives.
If you like to be certain, go to My Computer, right-click on one of the drives and select Properties (or in My Computer, go to the View menu and select Details). Everest in my signature is handy to have for gathering information about your hardware.

Look at the LEDs on the drives when you hear the clicking. If Windows needs to find information and it cannot find it where it is expected to be found, it will start seaching all the drives. Another reason you may hear clicking is that the size of the drive(s) is being misreported and the read heads are running to the end of their travel. You may find that Chkdsk has repaired the problem, although I would run it again and do a complete check. Go to My Computer, right-click on the drive, select Properties -> Tools tab -> Error Checking, check the boxes for "Automatically repair the file system" and "Scan for bad sectors ". It will run when you restart and could take several hours. You will need to run the same procedure for the other drives on the HDDs (you said you did error checking in Reply #1, did you put a check in those boxes?).

Chkdsk (Error Checking) will run some times after Windows was not shutdown correctly. Files can be left in an unfinished (unsaved) state and cause errors in the file system.

I would not proclaim the HDD as bad without doing testing. Run the PowerMax utilities.

Interbase Guardian, look in Start -> All Programs for the Masterplan or Interbase Guardian program. Open the program and go to the Options section (it may be under Tools). Turn off any automatic updating. Acting as a server will be the way it communicates with the database information at the Masterplan website.
If you just block the updater with your firewall it may cause problems. Either turn off the updating service or if you don't use the program, go to Add/Remove Programs and uninstall it. Look for information about Interbase Guardian at the link I posted and there may be information at the Sony website.

Matt

 

I ran the PowerMax utilties down to the third test and the clicking has stopped.

I do not use Masterplan and the Interbase Gardian program does not appear in the Add/Remoe Programs list.