Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Disk Space


  • Please log in to reply
13 replies to this topic

#1 Indrananda

Indrananda

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 04 January 2007 - 12:23 AM

Hello there. I come to you from a google search. I appreciate all the help I've come across so far just briefly looking through things here. I can usually suss things out myself with some internet help, and maybe a phone call to a friend or two re: computer/tech support, but some things are beyond me... Like what's been happening to me lately.

The problem - This computer is 3-4 years old, running WinXP. For the last 2-3 weeks, I have been losing available disk space on my C: drive. I've removed 3-4 GB of unused programs, files, etc. over that time, and the next day, or even later that hour, I get a low disk space warning again. It's happened several times in one day, and has been getting worse. I am now at 1.2 GB free (of 32), and hoping to keep it that way

Steps taken so far - besides removing extra crap, I ran Spyware S&D, and cleaned up 93 or so problems there. I have installed and ran HiJackThis, log to follow. I've also run stinger, housecall (wouldn't work) and AVG. I run Zonealarm and use Mozilla, so I'm pretty sure it's been a long time recurring problem. My stepson does not recall having problems before, but all the tracking cookies, dialers, etc. were from when he had the computer before. It's mine now, as my laptop died recently and this is all I have access to. I have noticed Mega2.exe sitting in a file, apparently doing nothing... I can't delete it though, which I tried to do after a search showed up that it can be a problem, and most likely unwanted. Do I need to get rid of it? I don't see it on the scans...

I'm asking here for more help. I have not had much time since running SS&D, etc., maybe 1 hour, but so far no disk space lost... I'm hoping you can look and see if there is anything you see that would be causing this problem, or anything else I need to fix. Thanks in advance for the input.

HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:08:14 AM, on 1/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\My Downloads\Vidalia\vidalia.exe
C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
C:\My Downloads\Privoxy\privoxy.exe
C:\My Downloads\Tor\tor.exe
F:\Mozilla\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.paviliondownload.com/2.0/h...tp://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
O1 - Hosts: 1159680172 auto.search.msn.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\DOWNLO~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Vidalia] "C:\My Downloads\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Privoxy.lnk = C:\My Downloads\Privoxy\privoxy.exe
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/a0x9zfMib5IzKKT6seOH.chm::/on-line.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://superprogdownload.com/download/helps/id/187787/2906364371.chm::/win.exe
O19 - User stylesheet: (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe



Thanks again guys,
Indy

Edited by Indrananda, 04 January 2007 - 01:38 AM.


BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 06 January 2007 - 08:07 PM

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries

========================
Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Indrananda

Indrananda
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 07 January 2007 - 11:18 PM

Okay, here goes.

Ran easy clean. Got rid of junk. Avoided duplicate files like you said. I noticed that it clears IE stuff, but I'm running Mozilla... Not sure if/how to rid it's cache, temp internet history, etc... Ideas?

SASW showed nothing. Zip, nada, zilch. Didn't bother to copy log. I can if you want.

Hijack this is as follows,

Logfile of HijackThis v1.99.1
Scan saved at 11:08:00 PM, on 1/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\My Downloads\Vidalia\vidalia.exe
C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
C:\My Downloads\Privoxy\privoxy.exe
C:\My Downloads\Tor\tor.exe
C:\Program Files\Downloads\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Works\wkswp.exe
c:\Program Files\Microsoft Works\MSWorks.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
F:\Mozilla\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.paviliondownload.com/2.0/h...tp://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
O1 - Hosts: 1159680172 auto.search.msn.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\DOWNLO~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Vidalia] "C:\My Downloads\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Privoxy.lnk = C:\My Downloads\Privoxy\privoxy.exe
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/a0x9zfMib5IzKKT6seOH.chm::/on-line.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://superprogdownload.com/download/helps/id/187787/2906364371.chm::/win.exe
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Downloads\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

I do appreciate the help, and apologize for the breifness/bruskness of this post. I'm in that too tired to sleep mode after being woken up after a much needed nap that should have/could have lasted 3 days but didn't :thumbsup:

Thanks again, in advance,
Indy

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 08 January 2007 - 01:47 PM

Be sure to allow the following changes in teatimer


Fix these with HiJackThis – mark them, close IE, click fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm

O1 - Hosts: 1159680172 auto.search.msn.com

O4 - Startup: PowerReg Scheduler V3.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/a0x9zfMib5IzKKT6seOH.chm::/on-line.exe

O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:
oo.mht!http://superprogdownload.com/download/helps/id/187787/2906364371.chm::/win.exe

O19 - User stylesheet: (file missing)


START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Indrananda

Indrananda
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 09 January 2007 - 01:37 AM

Here goes... I freed up a lot of space as we were doing this (Thank You!). I'm at about 850 mb or so free, pretty consistently so far. Much better than 38mb!!! There was a bit more before easyclean, etc, but cest la vie... Things seem to be running smoothly now, and I've had no problems with booting or any of my every day tasks, so again, Thank you.

The most recent HJT logs is as follows,

Logfile of HijackThis v1.99.1
Scan saved at 1:31:34 AM, on 1/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\My Downloads\Vidalia\vidalia.exe
C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
C:\My Downloads\Privoxy\privoxy.exe
F:\Mozilla\firefox.exe
C:\My Downloads\Tor\tor.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.paviliondownload.com/2.0/h...tp://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\DOWNLO~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Vidalia] "C:\My Downloads\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Privoxy.lnk = C:\My Downloads\Privoxy\privoxy.exe
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {11010101-1001-1111-1000-110112345678} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Downloads\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Again, I appreciate it. Whatever we're doing seems to be working.
Indy

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 09 January 2007 - 10:06 AM

fix these - make sure teatimerallows the changes

O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {11010101-1001-1111-1000-110112345678} -


Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 Indrananda

Indrananda
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 12 January 2007 - 12:38 AM

Well, I've tried to turn off system restore for the last few days, but to no avail. I can fix the 2 items mentioned above, but when I reboot, they're there again. Any suggestions on how to turn off sysresto would be appreciated. Here's the latest log -


Logfile of HijackThis v1.99.1
Scan saved at 12:34:29 AM, on 1/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\My Downloads\Vidalia\vidalia.exe
C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
C:\My Downloads\Privoxy\privoxy.exe
C:\My Downloads\Tor\tor.exe
F:\Mozilla\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.paviliondownload.com/2.0/h...tp://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\DOWNLO~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Vidalia] "C:\My Downloads\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Privoxy.lnk = C:\My Downloads\Privoxy\privoxy.exe
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {11010101-1001-1111-1000-110112345678} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Downloads\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


Memory seems to be doing okay now. I'm not losing most of it everyday like before. So what we've done has worked so far, but I'd like to clear up this last bit if we can figure out how. Thanks,
Indy

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 12 January 2007 - 11:18 AM

DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"

Boot and see if they are gone if not fix them again and then boot
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 Indrananda

Indrananda
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 15 January 2007 - 11:13 PM

Well, back to less than 200mb disk space. Dammit. Like i said earlier, I can't turn off system restore. CWshredder didn't find anything. I've emptied every temp file I can find, sometimes twice... I had 208 mb free, deleted 100mb or so of stuff, and had 209 mb free. ??? Then everytime I check, I have less and less... grr. I'm at a loss completely here. I ran easyclean, spybotSD, superantispyware, and still am losing memory, probably even as we speak! Anyway, here's the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:06:45 PM, on 1/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\My Downloads\Vidalia\vidalia.exe
C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
C:\My Downloads\Privoxy\privoxy.exe
C:\My Downloads\Tor\tor.exe
F:\Mozilla\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.paviliondownload.com/2.0/h...tp://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Vidalia] "C:\My Downloads\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Privoxy.lnk = C:\My Downloads\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - (no file) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {11010101-1001-1111-1000-110112345678} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Downloads\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thanks again for looking,
Indy

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 16 January 2007 - 09:09 AM

You need to do post 6 again making sure teatimer allows the changes

Based on this

http://trac.vidalia-project.net/ticket/45

Tor/Vadilia could be the problem

I know nothing of these - can you remove them
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 Indrananda

Indrananda
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 16 January 2007 - 07:30 PM

I've tried that again, (post #6). No luck. I can't turn off system restore on my C: drive. I can on the others, but it will not allow me to do so on my system disk. Dunno why not. Ideas?

Tor/vidalia is an anonomizer/proxy server program. I could turn it off, but I like having something between me and snoopy people. It isn't bulletproff, but it at least makes them try harder... It's not taking up large amounts memory anyway... 15-21mb.

180-190 mb free last night. 160 today... grrr... And that's AFTER cleaning temp folders, caches, etc last night. (sigh) :thumbsup:

I'm gonna start from the beginning again, cause something worked. At least for a while, but if you can offer anything more, I'd be grateful.
THanks,
Indy

Logfile of HijackThis v1.99.1
Scan saved at 7:28:47 PM, on 1/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\My Downloads\Vidalia\vidalia.exe
C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
C:\My Downloads\Privoxy\privoxy.exe
C:\My Downloads\Tor\tor.exe
F:\Mozilla\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.paviliondownload.com/2.0/h...tp://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Vidalia] "C:\My Downloads\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Privoxy.lnk = C:\My Downloads\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - (no file) (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Downloads\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 16 January 2007 - 07:40 PM

I have no idea what you have on your disk, but you might consider buying one to add to your space
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 Indrananda

Indrananda
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 20 January 2007 - 01:23 AM

Okay, so I have no idea WTF is going on. After a few days of VERY low disk space, i.e. 16 MB, and many restarts, freezes and a new mouse, I now have 21.6 GB!!!! of free space. What the Hell?!?!?!?

I ran cleansweep, spybots&d and avg last night. No viri, nothing out of the ordinary, and the computer froze up today on my wife, so she turned it off. I get home and start 'er up, and lo' and behold, 21 GB of space. I am so confused. My HJT log looks okay, or at least like it has looked in the past, but I may be missin' something... Ideas? My thread over at the XP forum has been locked until my HJT log is cleared... so I can only ask here, I guess...

Logfile of HijackThis v1.99.1
Scan saved at 1:20:16 AM, on 1/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\My Downloads\Vidalia\vidalia.exe
C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
C:\My Downloads\Privoxy\privoxy.exe
C:\My Downloads\Tor\tor.exe
F:\Mozilla\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.paviliondownload.com/2.0/h...tp://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Vidalia] "C:\My Downloads\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Downloads\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Privoxy.lnk = C:\My Downloads\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - F:\Mozilla\extensions\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3F31E416-86AC-4F90-B951-7584B1B76603} - (no file) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {11010101-1001-1111-1000-110112345678} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169097376984
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Downloads\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thanks,
Indy

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 20 January 2007 - 09:09 AM

Fix these

O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {11010101-1001-1111-1000-110112345678} -

log is clean

Vidalia evidently grows, so maybe it needs to be shut down and restarted - dunno.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users