Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Running Out Of Space!


  • This topic is locked This topic is locked
4 replies to this topic

#1 lauren-x

lauren-x

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 28 March 2007 - 10:52 AM

I really really don't understand why I'm running out of space, as for the past few months I haven't really installed any new programs or anything. I've tried installing programs to help delete old files and such, but none of them seemed to work, and so in the long run it has turned out to be a stupid waste of time. It's gotten so bad that recently I uploaded a huge portion or the photos I'd taken and uploaded on to my laptop, before deleting them from my computer altogether. But since then nothing has changed, and if anything, my hard drive has grown even more!

I must admit that I do have a lot of music on my computer, but I've through all of the songs on there, deleted some and limited myself to 500. This is also a shared laptop, so I have no idea what the rest of my family goes on. I don't even know if this is my fault.

But, whilst trying numerous programs to help me find where the most space was being used I stumbled across one called TreeSize.. and yeah. Here are some screen shots of the folders with the most files in and stuff..

Posted Image

And I don't know if this will help, but here is a Logfile from Hijackthis...

Logfile of HijackThis v1.99.1
Scan saved at 16:24:20, on 28/03/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\ibmpmsvc.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\winnt\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\cisvc.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\svchost.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\3Com\Launcher.exe
C:\Program Files\Common Files\3Com\LanSupportService.exe
C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\cidaemon.exe
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
C:\DOCUME~1\Buyer\LOCALS~1\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\Buyer\Desktop\Downloads\KillBox.exe
C:\winnt\system32\wuauclt.exe
C:\winnt\System32\svchost.exe
C:\Documents and Settings\Buyer\Desktop\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.msn.com/umcrs/general.msnw?a...mp;all_topics=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\winnt\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [clcbt.exe] C:\winnt\system32\clcbt.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [taskdir] C:\winnt\system32\taskdir.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164480743453
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {B388ZoneIntro-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerda...sh.1.0.0.93.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87C7537A-F226-4E9B-BA5B-9DD71D9EE943}: NameServer = 203.146.250.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{E86EC157-0107-4048-8A42-407E0B6E173B}: NameServer = 203.146.250.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD4ABC44-F565-4B94-8987-3563AA4BC630}: NameServer = 203.146.250.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.72
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\winnt\
O20 - Winlogon Notify: tphotkey - C:\winnt\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\winnt\system32\ibmpmsvc.exe
O23 - Service: 3Com LAN Support (LanSupportService) - 3Com Corporation - C:\Program Files\Common Files\3Com\LanSupportService.exe

Is there any way I can make my disk space smaller? I've noticed it's running a lot slower than usual, and I would like to get it back to normal, or how it was before.

Oh yeah, my Disk has a capacity of 18.6 GB, and I have 1.76 GB left..

Please help! And thank you to anyone that reads this!

BC AdBot (Login to Remove)

 


#2 lauren-x

lauren-x
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 04 April 2007 - 12:56 PM

Nothing? =[

#3 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:04 AM

Posted 05 April 2007 - 10:32 AM

Hello lauren-x, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#4 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:04 AM

Posted 06 April 2007 - 10:52 AM

IMPORTANT
You are infected with a number of (stealth involved) backdoor trojans. Backdoor trojans are software programs that give an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. Backdoor trojan functionality allows unauthorised remote access to the infected computer while running in the background. A backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.
In short: These pieces of malware allow hackers to remotely control your computer, steal critical system information and download and execute files.

Due to the status of some of the files you have on your computer, I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer from the internet until the computer can be cleaned. Then, access this information from a non-compromised computer to follow the steps needed.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable - for email, banks, eBay, forums, etc. Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information.


Though the backdoor has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and reinstall of the OS. This is something I don't like to recommend normally, but it is the best solution for your safety. For more information, please read this reference very carefully: When should I re-format? How should I reinstall?.
If you choose to format and reinstall, see this link for instructions: Reformat Hard Drive FAQ for Windows 95/98/Me/XP.

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat. If you do make that decision, I will do my best to help you disinfect your PC, but you must understand that once a machine has been taken over by this type of malware, it can never be declared clean.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.
Below are some more links that could help you decide what to do.

Security Management - May 2004
Help: I Got Hacked. Now What Do I Do?

Security Management - July 2004
Help: I Got Hacked. Now What Do I Do? Part II
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#5 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:04 AM

Posted 23 April 2007 - 01:07 PM

Due to the lack of feedback, this topic is closed.
To get it reopened, PM a staff member with the address of this thread. This applies to the original topic starter only. Everyone else with similar problems, please start a new topic. :thumbsup:
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users