Options
Hard Disk Space Disappearing On Windows Partition - avy
Hi!
I found this forum while trawling through Google trying to find help for my crazy computer! So I was hoping one of you wise knowledgeable people could help me please!
My PC is crap anyway (tiz a Dell laptop) - has always crashed since Day 1, have had to format & reinstall XP Pro on numerous occasions. I've two partitions - one for Windows, Programs, etc. and the other for everything else. Sometimes I use the C (Windows) partition as a temporary holder for stuff on the other partition if I run outta space. Have never encountered problems on the other partition (touch wood!), only on the Windows one.
350MB on the C partition last night, decide to install Windows Media Player 10. Starts consuming all my disk space, bringing it down to 66MB, panic ensues so I delete some stuff off the partition, then it says an error occured during installation, yet another screen comes up and continues on anyway with the install, it reboots - space is back - up to 460MB now.
Not for long - it starts decreasing 460-459-458-455-444-430MB, etc. Dunno what is happening and before I know it, tiz down to 115MB, so I reboot it. Still at 115MB when it starts up again but space appears to be static, it ain't decreasing or anything, so I use that time to uninstall programs I don't use anymore, and transferring stuff back over to the other partition. Space up to 500MB now, and then it jumps up to 700MB, before decreasing again 699-698-697, etc. until tiz down to 200MB! Reboot again, and it's at 200MB, then it climbs up again to 800MB and decreases again, reboot again and it does the same.
At this stage, I ran a chkdsk and got no errors. Thought it was maybe the pagefile gone wack so I disabled that, and space jumped up. Then started decreasing again. Switched it off, rebooted and it was up to 0.97GB, decided to put the pagefile back on again, and it went down to 667MB (understandably) - stayed at 667MB for about forty minutes til I went to bed, switched off laptop.
Up this morning and space was mysteriously at 0.97GB again, what the hell!?!! Oh then it started decreasing again, laptop started making strange weird squeaky noises (possibly coming from HD?) - it was making the same noises last night, but then this morning while it was making the noises, I got a blue screen error - Physical Memory Dump Kernel - or something. Switched it off, rebooted, and it was up to 1GB. Memory started going again so I decided to monitor the folders and see which was changing all the time in size - narrowed it down to these few in the Windows folder:
Didn't get a chance to go into the individual folders and monitor them because next thing, space had jumped back up to 1.02GB, and it has remained there ever since which is now a few hours ....
I did a bit of research on google and it sounded a bit like that HDFill trojan thing, but I ran a NAV scan and nothing showed up. Deleted all cookies and temp internet files and ran Spybot and AdAware, the following came up:
Spybot: Alexa Related and DSO Exploit
AdAware: Alexa and Windows (something about Media Player Unique ID)
What's this Alexa thing? Also did a cleanmgr incase the same was going to a temp folder but nothing is shown there.
I've also done a HijackThis scan if I should post the log here?
I'm not even sure now I did get the space back that disappeared last night with all the uninstalling, etc. - twas at least 500MB that disappeared at one stage, if not more. There's been no action for the last few hours, so maybe twas just a glitch? Or else my PC has gone insane and the only option I have is to place it under the wheel of an artic truck?
Any ideas? I'd really appreciate it, thanks a million!!!
I found this forum while trawling through Google trying to find help for my crazy computer! So I was hoping one of you wise knowledgeable people could help me please!
My PC is crap anyway (tiz a Dell laptop) - has always crashed since Day 1, have had to format & reinstall XP Pro on numerous occasions. I've two partitions - one for Windows, Programs, etc. and the other for everything else. Sometimes I use the C (Windows) partition as a temporary holder for stuff on the other partition if I run outta space. Have never encountered problems on the other partition (touch wood!), only on the Windows one.
350MB on the C partition last night, decide to install Windows Media Player 10. Starts consuming all my disk space, bringing it down to 66MB, panic ensues so I delete some stuff off the partition, then it says an error occured during installation, yet another screen comes up and continues on anyway with the install, it reboots - space is back - up to 460MB now.
Not for long - it starts decreasing 460-459-458-455-444-430MB, etc. Dunno what is happening and before I know it, tiz down to 115MB, so I reboot it. Still at 115MB when it starts up again but space appears to be static, it ain't decreasing or anything, so I use that time to uninstall programs I don't use anymore, and transferring stuff back over to the other partition. Space up to 500MB now, and then it jumps up to 700MB, before decreasing again 699-698-697, etc. until tiz down to 200MB! Reboot again, and it's at 200MB, then it climbs up again to 800MB and decreases again, reboot again and it does the same.
At this stage, I ran a chkdsk and got no errors. Thought it was maybe the pagefile gone wack so I disabled that, and space jumped up. Then started decreasing again. Switched it off, rebooted and it was up to 0.97GB, decided to put the pagefile back on again, and it went down to 667MB (understandably) - stayed at 667MB for about forty minutes til I went to bed, switched off laptop.
Up this morning and space was mysteriously at 0.97GB again, what the hell!?!! Oh then it started decreasing again, laptop started making strange weird squeaky noises (possibly coming from HD?) - it was making the same noises last night, but then this morning while it was making the noises, I got a blue screen error - Physical Memory Dump Kernel - or something. Switched it off, rebooted, and it was up to 1GB. Memory started going again so I decided to monitor the folders and see which was changing all the time in size - narrowed it down to these few in the Windows folder:
- OPTIONS
- PCHEALTH
- Prefetch
- RegisteredPackages
- Registration
- repair
- Resources
- security
- ServicePackFiles
- SHELLNEW
- SoftwareDistribution
Didn't get a chance to go into the individual folders and monitor them because next thing, space had jumped back up to 1.02GB, and it has remained there ever since which is now a few hours ....
I did a bit of research on google and it sounded a bit like that HDFill trojan thing, but I ran a NAV scan and nothing showed up. Deleted all cookies and temp internet files and ran Spybot and AdAware, the following came up:
Spybot: Alexa Related and DSO Exploit
AdAware: Alexa and Windows (something about Media Player Unique ID)
What's this Alexa thing? Also did a cleanmgr incase the same was going to a temp folder but nothing is shown there.
I've also done a HijackThis scan if I should post the log here?
I'm not even sure now I did get the space back that disappeared last night with all the uninstalling, etc. - twas at least 500MB that disappeared at one stage, if not more. There's been no action for the last few hours, so maybe twas just a glitch? Or else my PC has gone insane and the only option I have is to place it under the wheel of an artic truck?
Any ideas? I'd really appreciate it, thanks a million!!!
0
Comments
Logfile of HijackThis v1.98.2
Scan saved at 09:54:45, on 29/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Avril\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
Thanks so much!
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
Fix those entries then reboot and post a new log.