Hi delphinium,
delphinium wrote:
Robby:
When you see those entries, it means that something is scanning, or accessing Norton files. It has to do with your tamper protection. Almost everything on your computer will access Norton files at some time or other. If they push too hard, that is when you will see a block. It doesn't usually cause any problems unless the scanning program gets stuck and refuses to quit.
You need to look at this logically. Ghost scans for changes and writes to the disc. System restore scans and writes to the disc. Both programs are not working. There fore there is most likely something wrong with the hard drive. The symptoms you are seeing are not rootkit related.
Since Quads is a professional, I would respect his suggestions and do what he recommends. You are getting too many disc errors for it to be anything else.
Something to consider is heat. Speedfan is a nice utility that lets you compare your drive with others of the same make, as well as monitoring the temperature of the drive.
First though, disable as many of the scanning programs as possible and save your data.
OK.
But...I ran another -- chkdsk /r C: today. Log seems to think it's OK?
************************
Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 8/5/2009
Time: 1:48:03 PM
User: N/A
Computer: TOSHIBA-USER
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 10 unused index entries from index $SII of file 0x9.
Cleaning up 10 unused index entries from index $SDH of file 0x9.
Cleaning up 10 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
78148160 KB total disk space.
28129788 KB in 158656 files.
59276 KB in 14226 indexes.
0 KB in bad sectors.
315312 KB in use by the system.
65536 KB occupied by the log file.
49643784 KB available on disk.
4096 bytes in each allocation unit.
19537040 total allocation units on disk.
12410946 allocation units available on disk.
Internal Info:
d0 ba 03 00 5d a3 02 00 8b eb 03 00 00 00 00 00 ....]...........
9e 07 00 00 01 00 00 00 b3 01 00 00 00 00 00 00 ................
fc da ce 0e 00 00 00 00 36 1d f7 b4 00 00 00 00 ........6.......
36 8f 39 15 00 00 00 00 bc 48 ee 1b 05 00 00 00 6.9......H......
a2 f7 64 a7 04 00 00 00 32 cd 33 a4 0a 00 00 00 ..d.....2.3.....
40 aa 42 be 00 00 00 00 90 38 07 00 c0 6b 02 00 @.B......8...k..
00 00 00 00 00 f0 e7 b4 06 00 00 00 92 37 00 00 .............7..
Windows has finished checking your disk.
Please wait while your computer restarts.
************************
Also, did an -- fsutil dirty query C: -- says, "NOT dirty."
So...you still think I should NOT uninstall/reinstall GHOST and NSW? What about NIS 2009?
************************
And, on the Windows Event Viewer/Security Tab: You don't think those many "Anonymous Logon" things are significant? What about the "Failed Audits"?
Again, tks for the help.
Kind Regards,
Robby