1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Hard Drive Constantly Reading

Discussion in 'Malware and Virus Removal Archive' started by mikeyewz, 2007/01/27.

  1. 2007/02/01
    mikeyewz

    mikeyewz Inactive Thread Starter

    Joined:
    2005/07/05
    Messages:
    24
    Likes Received:
    0
    I cannot find any homepage settings in Avast Antivirus. When I open IE, it does not show www.orange.co.uk at all, just straight to MSN. This is what comes up in the toolbar before opening MSN:
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    and at the bottom: Downloading data http://ad.uk.doubleclick.net/adj/N1238.msn.quantam/B2164799;sz=300x250;ord=1661553115?


    Logfile of HijackThis v1.99.1
    Scan saved at 18:16:13, on 01/02/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\hijackthis\HijackThis.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0A8BFF52-8927-4317-824E-A707217A7E0F}: NameServer = 195.92.195.94 195.92.195.95
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0A8BFF52-8927-4317-824E-A707217A7E0F}: NameServer = 195.92.195.94 195.92.195.95
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    Last edited: 2007/02/01
  2. 2007/02/01
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Check your settings within MSN IM, I believe there are settings you can make to your homepage and it may over ride what is in your IE.
    That is just the ads loading from within IE, everyone gets those.

    A hosts file will block all those calls out to ad sites as well as to other known malicious sites, which if loaded can make a huge difference in the level of infection one gets.
     

  3. to hide this advert.

  4. 2007/02/01
    mikeyewz

    mikeyewz Inactive Thread Starter

    Joined:
    2005/07/05
    Messages:
    24
    Likes Received:
    0
    What is MSN IM, and can you tell me where I can find the settings?
    Thanks.
     
  5. 2007/02/01
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    I'm sorry, I meant to say Windows messenger and it should not be running and could very well be the source of that pop up.

    Lets disable it altogether.
    • (1) Select "Start "
      (2) Choose "Control Panel "
      (3) Choose "Administrative Tools "
      ** note in Windows XP Home edition, Administrative Tools is in Performance and Maintenance
      (4) Choose "Services "
      (5) Right-click on "Messenger "
      (6) Select "Stop "
      To permanently disable Messenger:
      (7) Right click "Messenger "
      (8) Select "Properties "
      (9) Change "Startup Type" to "Disabled" and click "OK "
     
  6. 2007/02/02
    mikeyewz

    mikeyewz Inactive Thread Starter

    Joined:
    2005/07/05
    Messages:
    24
    Likes Received:
    0
    My original problem of my HDD constantly searching has been sorted. Thank you. However, the problem of my hompage being redirected has not been resolved, even though I have gone through all of the above steps a second time.
     
  7. 2007/02/02
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, lets try and reset your websettings, seeing as the info from the Silent Runners log indicates the homepage as the reset site setting.

    reset web settings
     
  8. 2007/02/02
    mikeyewz

    mikeyewz Inactive Thread Starter

    Joined:
    2005/07/05
    Messages:
    24
    Likes Received:
    0
    OK, I have followed the instructions, but I am still being redirected.
     
  9. 2007/02/02
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, lets look for something hidden deeper.

    Download and run F-Secure Blacklight
    Double-click on bibeta.exe to run it.
    Click the *I accept* button near the bottom of that page.
    Download and run Blacklight click > scan then > next, next again then exit
    there will be a new text file near Blacklight. Post it please. The text file is named:
    fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
    !!Do not rename any files yet
     
  10. 2007/02/03
    mikeyewz

    mikeyewz Inactive Thread Starter

    Joined:
    2005/07/05
    Messages:
    24
    Likes Received:
    0
    02/04/07 00:04:36 [Info]: BlackLight Engine 1.0.55 initialized
    02/04/07 00:04:36 [Info]: OS: 5.1 build 2600 ()
    02/04/07 00:04:36 [Note]: 7019 4
    02/04/07 00:04:36 [Note]: 7005 0
    02/04/07 00:04:49 [Note]: 7006 0
    02/04/07 00:04:49 [Note]: 7011 1068
    02/04/07 00:04:49 [Note]: 7026 0
    02/04/07 00:04:49 [Note]: 7026 0
    02/04/07 00:04:57 [Note]: FSRAW library version 1.7.1021
    02/04/07 00:10:28 [Note]: 7007 0
     
  11. 2007/02/03
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Hmmm.....nothing there.

    Lets try manually entering in the home page via Internet Options.

    Follow instructions on this MS page.

    In theory, this should fail, seeing as when we reset your IE settings, it should have been reset to the page you want as shown in the SR log:
     
  12. 2007/02/04
    mikeyewz

    mikeyewz Inactive Thread Starter

    Joined:
    2005/07/05
    Messages:
    24
    Likes Received:
    0
    No Luck......still being redirected. It shows http://www.orange.co.uk/ in the address bar, but the actual page showing is MSN's homepage.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.