Help - Search - Members - Calendar
Full Version: Infected? not sure- cant defrag or install -UGH
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
ChopShop
Nov 16 2008, 02:11 PM
My C drive says its full but I have removed almost every program other than Office and other things I despereatly need.
I cant defrag . My system says it has under 60MB of available space on my C drive- I also have a D drive that is 95% empty and it seems as if it isnt dumping from C to d (sorry -not technical so Im not sure what the proper term is)

Any ideas?

Here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:53 AM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Plaxo\3.15.0.30\PlaxoHelper_en.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
D:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.Begin2Search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = (value not set)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = (value not set)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = (value not set)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.15.0.30\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.15.0.30\PlaxoSysTray.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\program files\mcafee.com\shredder\SHRED32.EXE" /q C:\DOCUME~1\DANASC~1\LOCALS~1\TEMPOR~1\Content.SH!
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O24 - Desktop Component 1: Anfy MOSAIC - (no file)

--
End of file - 5040 bytes

I dwonloaded the MAlware program suggest on the forum and even that was a difficult process to save to run- HELP!
LoPhatPhuud
Nov 17 2008, 06:20 PM
If your C: drive is truly full, then there is nothing Ican do that will make it any bigger. There is a possibility, that errors in the various directories that Windows uses contain incorrect information about the amount of free space.

Try doing the following, then post back to this thread about your free space.


From the Desktop

Start -> Run -> cmd (press Enter)

At the command prompt:
chkdsk C: /f (press Enter)

Acknowledge that question regarding running at boot time, and reboot your computer if not already done. Chkdsk will run on reboot before Windows is loaded. It will make any repairs, if needed. Once done, I want you to post the Chkdsk Log in this thread. You'll find instructions for getting it following:


In XP, open the Control Panel, double click on "Adminstrative Tools", double click on the "Event Viewer" icon, then click on "Application". In the "Source" column, look for the "Winlogon" item. Double click it and you should see the results of your Chkdsk.

In Vista, open the Control Panel, double click on "Adminstrative Tools", double click on the "Event Viewer" icon, toggle the triangle next to "Windows Logs" if necessary, then click on "Application". In the "Source" column, look for the "Chkdsk" item. Double click it and you should see the results of your Chkdsk.



This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.