whats eating my hd

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

crazy3sl

Thread Starter
Joined
Apr 9, 2005
Messages
7
Please someone help me, i loss close to 100kb evry second, maybe even faster at times, i deleted some files and ended up having 1g of free space, within two days i was back to zero

im not even dl things, when i do a scan with spy ware doctor and adaware, i see it looking through my c drive and theres like thousends of pornographic things that when i thy and serch for then in my c drive i cant find, i cant even run adaware or anything because it is never ending, it just shows all this bad stuff forever, i cant wait a week for a scan

i just dl hijack this and im not really sure what its gonna help me but i did a scan and im gona send it just because thats why i see on this web site alot......the reason i know im loosing space is my os gives my a pop up message that im running low on disk space

hers the hijackthis scan

Logfile of HijackThis v1.99.1
Scan saved at 4:14:00 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.exe
c:\windows\system32\qwlplyc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MsUpdate\MsUpdate.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\windows\dinst.exe
C:\windows\system32\winlogi.exe
C:\windows\etb\pokapoka79.exe
C:\Program Files\Common Files\mc-58-12-0000137.exe
C:\windows\system32\scvhost.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\windows\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\IA\command.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\windows\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\System32\wdfmgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\System32\alg.exe
C:\DOCUME~1\jasna\LOCALS~1\Temp\aurareco.exe
C:\DOCUME~1\jasna\LOCALS~1\Temp\dinst.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jasna\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search345quest.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=Explorer.exe C:\windows\Nail.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MsUpdate] C:\Program Files\MsUpdate\MsUpdate.exe /auto
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Dinst] C:\windows\dinst.exe
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [glehini] c:\windows\system32\qwlplyc.exe r
O4 - HKLM\..\Run: [System service79] C:\windows\etb\pokapoka79.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\jasna\Local Settings\Temporary Internet Files\Content.IE5\MVKN3WDK\framxpro[1]\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000137.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\windows\IA\command.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\windows\system32\FreezeScreenSaver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\windows\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Joined
Sep 7, 2004
Messages
49,014
· http://users.pandora.be/bluepatchy/miekiemoes/tools/LQfix.exe to download LQfix.exe and Save it to your desktop.
· Doubleclick LQfix.exe and click install.
· Leave the default settings. If you change them, the fix will fail.
· Make sure 'Launch LQfix' is checked. After clicking finish in the install, the fix will start.
· Follow the prompts on the screen.
· Your system will reboot afterwards.
· Please be patient after reboot, because there is a script running in the background.
· When it is finished, come back here and post a new Hijack This log.
================================================
First do this

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
===============================

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries
 
Joined
Sep 7, 2004
Messages
49,014
You are loaded

Do this also

http://www.noidea.us/easyfile/index.php?folder=2

download Nailfix.zip
Unzip it to the desktop but do NOT run it yet.

Restart in safe mode

Now in Safe Mode:
Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top