1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus eating my hard disk space

Discussion in 'Virus & Other Malware Removal' started by apixz, Oct 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. apixz

    apixz Thread Starter

    Joined:
    Oct 28, 2010
    Messages:
    7
    My laptop always low memory...i have delete many file but in a minute it become low...plz help me..
     
  2. Ent

    Ent Josiah Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,407
    When you say Memory, I presume you are referring to Hard disk space rather than to RAM. Try using a disk space analysis tool such as JDiskReport to find out where the additional files are building up. I am assuming that the problem is not in fact a virus, but if this turns out to be incorrect the thread should be moved to the virus removal forum. However please submit a Hijackthis log.
    _____

    Please go here to download HijackThis.
    • To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.exe file to your desktop.
    • Double-click the HijackThis.exe file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
    • Click on the Scan button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
    • Save the log file to your desktop. Copy and paste the contents of the log in your post.
    Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary..
     
  3. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    Right-click MY COMPUTER, then click Properties.

    What's listed for the amount of RAM?

    ----------------------------------------------------------------

    Open the MY COMPUTER main window, then right-click the C hard drive icon, then click Properties.

    What's listed for capacity, used space, and free space?

    ----------------------------------------------------------------
     
  4. apixz

    apixz Thread Starter

    Joined:
    Oct 28, 2010
    Messages:
    7
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:13:39 PM, on 10/31/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\SYSTEM32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\ibmpmsvc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\tp4mon.exe
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\WINDOWS\system32\igfxpers.exe
    D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\SweetIM\Messenger\SweetIM.exe
    D:\PROGRA~1\AVG\AVG8\avgtray.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Internet Download Manager\IDMan.exe
    D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\Program Files\uTorrent\uTorrent.exe
    D:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    D:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\RALINK\Common\RaUI.exe
    D:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    C:\Blaze Media Pro\NMSAccess32.exe
    D:\PROGRA~1\AVG\AVG8\avgam.exe
    D:\PROGRA~1\AVG\AVG8\avgrsx.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\PROGRA~1\AVG\AVG8\avgnsx.exe
    D:\WINDOWS\system32\PnkBstrB.exe
    D:\WINDOWS\system32\svchost.exe
    D:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
    D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    D:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
    D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    D:\Program Files\Internet Download Manager\IEMonitor.exe
    D:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    D:\Program Files\AVG\AVG8\avgcsrvx.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Mozilla Firefox\plugin-container.exe
    D:\WINDOWS\system32\igfxsrvc.exe
    D:\WINDOWS\system32\msfeedssync.exe
    D:\WINDOWS\explorer.exe
    D:\WINDOWS\system32\msiexec.exe
    D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qword.com/?s=1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?&o=13799&l=dis&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://malaysia.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost/phpmyadmin/
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O1 - Hosts: 64.22.121.141 nprotect.pangya.in.th
    O1 - Hosts: 64.22.121.141 update.nprotect.com
    O1 - Hosts: 64.22.121.141 update.nprotect.net
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - D:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - D:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - D:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\VHD\RDTask.exe"
    O4 - HKLM\..\Run: [SweetIM] D:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"D:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] D:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKLM\..\Policies\Explorer\Run: [csrcs] D:\WINDOWS\system32\csrcs.exe
    O4 - Startup: Microsoft Office Groove.lnk = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe
    O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.qword.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O20 - Winlogon Notify: csbdll - csbdll.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - D:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Blaze Media Pro\NMSAccess32.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - D:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11973 bytes
     
  5. apixz

    apixz Thread Starter

    Joined:
    Oct 28, 2010
    Messages:
    7
    RAM=0.99
    Used Space=15.7GB
    Free Space=190MB
    Capacity=15.9GB
     
  6. Frank4d

    Frank4d Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    You probably don't have anything eating up the space, you hard drive or partition is just really small, so a new hard drive would help. For today you can make more disk space available by using the Disk Cleanup Tool in XP: http://support.microsoft.com/kb/310312
    Delete all of the $NTUninstallKBxxxxxx$ (x = numbers) and $NtServicePackUninstall$ folders in D:\Windows. Don't delete the $hf_mig$ folder though!
    Delete all files in D:\Temp, D:\Windows\Temp, D:\Documents and Settings\your_username\Local Settings\Application Data\Temp, D:\Documents and Settings\your_username\Local Settings\Temp.
    Be sure to empty the Recycle Bin after doing the above.
     
  7. Ent

    Ent Josiah Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,407
    16GB isn't really enough to work with, but it might be possible to bring a few things down.

    Please download the free CCleaner and run the main cleaning section. Do not run the registry cleaner section. That will get rid of temporary files, the same job as the Windows utility but doing a more complete job. Such tools don't delete files to the recycle bin (and CCleaner empties the recycle bin) so clearing the recycle bin afterwards isn't really relevant.

    Download JDiskReport to find out where the majority of space is being taken up.

    I am curious about why your D drive holds windows and your programs, and am wondering therefore whether you might have a second drive or partition for documents.
     
  8. Frank4d

    Frank4d Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    I just noticed you have a malware issue that needs to be addressed too. A malware removal expert can help you with that.
     
  9. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    With having only 15.9 GB of hard drive space in that computer, you have way too much unneeded and space-hungry crap installed.

    There is also way too many programs and services auto-loading and running in the background that don't need to be doing so.

    This log entry:

    O4 - HKLM\..\Policies\Explorer\Run: [csrcs] D:\WINDOWS\system32\csrcs.ex

    indicates an infection. Since you're using uTorrent, that's not surprising.

    I'm curious as to why everything is installed and running from D:\ instead of from C:\.

    To be honest with you, a hard drive format and reinstall of XP so you can start out clean would be your best option.

    ---------------------------------------------------------------
     
  10. Ent

    Ent Josiah Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,407
    You have AVG 8 installed. AVG is a particularly resource-hungry antivirus, and version 8 is outdated anyway. I would suggest that you consider removing it and switching to something else, such as Avira Antivir.
     
  11. apixz

    apixz Thread Starter

    Joined:
    Oct 28, 2010
    Messages:
    7
    Maybe it old version because my laptop model is IBM ThinkPad...
     
  12. apixz

    apixz Thread Starter

    Joined:
    Oct 28, 2010
    Messages:
    7
    Where to seacrh that malware removal expert?
     
  13. apixz

    apixz Thread Starter

    Joined:
    Oct 28, 2010
    Messages:
    7
    i will try using Avira Aintivir
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/959193