Computer Hope
Microsoft => Microsoft Windows => Windows Vista and 7 => Topic started by: Bobh on June 11, 2009, 12:12:57 PM
-
I am running Vista Home Basic on an E Machine. I have been having troubles, including not being able to restore and low space on the D drive. I tried several things but nothing seems to help. I decided to get a full factory recovery and start all over. I did this after which I deleted all the programs I don't use which are quite a lot. I now have 26 programs. I have ran Ccleaner and disk cleaner. I thought this would reduce the space that is being used in D drive. Not so. I now have 27.5 MB free of 8.36 GB in Bob-PC (D:). Needless to say I am getting low space messages. The only thing that is in the D drive is "RECOVERY" . What do I do now? Thanks for help. Bob
-
do you have an external hard disk? if so copy your recovery to that.
-
Potere scuro -
Thanks for your reply but I do not have an external hard drive. I use the computer for fun. I play jigsaw puzzles, get news, weather reports, check the stock market, etc. I have resisted extra things like external drives and such because I don't know to use them and I don't have anybody to teach me. I have learned a lot from forums like this one. Bob
-
they are very easy to use and if you stuck im sure someoneon here would be more than happy to help you.
Do you have important info on this computer?
-
Unfortunately you have a very low hard drive for today's programmes. You seem to be Ice skating up hill. The more programmes you add to clear the problem the more space you are taking. I'm not exactly clear what it is you want to do?? You need to upgrade plain and simple.
-
Mulreay -
I have not added programs. I have deleted programs. I agree that I need to upgrade but how? I have a page from Gateway (they make E Machines) that tell what to do for low space on drive D but It did not help. They said get rid of unused programs, which I did. I am not too smart about computers but I will try to follow any suggestions. Bob
-
Do you have important info on this computer?
-
Do you realise that deleting a programme does not fully get rid of it? Have you done a 'disk cleanup' and a (de-frag)?
-
Potere Scuro -
What kind of information do you want? It is 32 bit . The processor : Intel(R)
Celeron(R) D CPU 3.33GHz Memory 1.49 GB
-
Mulreay -
I did a disk clean up on both the C & D drives. I started a defag but it ran so long I gave up. I did delete one temp file from D drive but it was listed as ) bytes so that did no good. I also have a page titled "Can I repartition my hard disk?" but it uses terms that I don't know what they mean, therefore I can not follow the instructions. I need a simple way to get more space in my D drive. Bob
-
I have been told that a person should never put anything in D drive. It is for the recovery and only recovery. Is this true? I don't know how things get there. I suppose when you run a program part of it is in D drive but I have no idea how. I know that sometimes D drive has more stuff in it than at other times and I never put anything there. What I need is more space or some way to get rid of some of what is there. Bob
-
Mulreay -
I did a disk clean up on both the C & D drives. I started a defag but it ran so long I gave up.
You gave up? Why would you give up? Disk de-frag is one of the most important things you do on your system atleast once a month. It may take minutes or hours but you let it run. I had a De-frag take 7hrs but it cleared over 12gb of storage. You need to do a disk clean first and de-frag then we will see what your left with. CLEAN-DISK first though. You will get that right next to de-frag. Deleate all the crap you don't need go to accessories then to system tools. You want to run a disk cleanup first 'let it run' then run a defrag. But leave it alone it can take hours. I know it's a pain but it's worth remembering in the future dont leave it so long! ;D
-
Once you have done it then let's look at the problem!
-
in the windows disk cleanup tool, did you have it clean out system restore points? That's one place that takes up a lot of space if you have restore points that are really old and therefore not really something you're keeping.
-
2x3i5x -
Yes I deleted all but the last restore points. Since I did a full factory restore there was no restore points to start . I got rid of everything I could think of and after that I ran a backup onto a DVD. It took two DVDs which surprised me. I haven't tried to use them to run a restore but I will in the next day or two. Thanks Bob
-
DE-FRAG please and then I we can see what it is. Turn off your screensaver and any other power saving programmes then leave it over night.
-
You gave up? Why would you give up? Disk de-frag is one of the most important things you do on your system atleast once a month. It may take minutes or hours but you let it run. I had a De-frag take 7hrs but it cleared over 12gb of storage. You need to do a disk clean first and de-frag then we will see what your left with. CLEAN-DISK first though. You will get that right next to de-frag. Deleate all the crap you don't need go to accessories then to system tools. You want to run a disk cleanup first 'let it run' then run a defrag. But leave it alone it can take hours. I know it's a pain but it's worth remembering in the future dont leave it so long! ;D
I haven't defragmented in almost a year...
and "defrag" doesn't restore ANY space. EVER. it just rearranges things. It was probably disk cleanup that saved your storage.
I have been told that a person should never put anything in D drive. It is for the recovery and only recovery. Is this true? I don't know how things get there. I suppose when you run a program part of it is in D drive but I have no idea how. I know that sometimes D drive has more stuff in it than at other times and I never put anything there. What I need is more space or some way to get rid of some of what is there. Bob
it isn't ALWAYS a recovery disk- but in your case it is. In mine, for example, I have all my programs and documents going to my 433GB Drive D:\, and my Windows install resides on C:\.
However, I know exactly what your experiencing, bobh- I ran windows XP from a 2GB drive for almost 4 years, and disk space was a constant bother.
Since your space is so low, do NOT defragment the drive. you don't have enough free space.
However since I've successfully run from 2GB I'm sure we can trim off some fat!
Instead, do this:
Download random's system information tool (RSIT) (http://images.malwareremoval.com/random/RSIT.exe) by random/random from and save it to your Desktop.
- Double click on RSIT.exe to run.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open.
- log.txt <will be maximized and info.txt <will be minimized
- Please post the contents of both logs in the next reply.
-
I don't get that BC I have saved space in the past? Why do we De-frag then? Honest question?
-
Defragmenting, rearranges the files, so they are accessed faster.
Here's a good explanation:
http://www.pantherproducts.co.uk/Articles/Storage/defrag.shtml
overall, it doesn't actually save any space, since no data is removed.
the chkdsk, on the other hand, can occasionally restore missing free space, caused by disk corruption. (IE, if you delete a file, it is marked as "deleted" and it's storage space is marked as free in the "Master File Table". However if say there was a power loss between being marked as deleted and marking the space as free, the file is no longer there, but it's space is still consumed.
chkdsk can see this, and reports it as "lost chains" (or, it used to. not sure what it calls it now). it can also find, allocation errors and the like.
-
Thanks
-
BC_Programmer -
Thanks for your reply. I hate to tell you how dumb I am but there is no other way. When I click on the link you gave I get a panel that says "run" or "save". I click on save and I get another panel that I know from past experience I can put a file name in and it will be put in "documents". I don't know what I do to save it to my desktop.
Help!!! Thanks Bob
-
just run it, instead of save.
It should work, I ran it from my "downloads" folder and it worked alright.
-
BC_Programmer -
I had to shut down last evening. We had a bad storm pass close by and I had to prepare for it. Now this morning I ran the link you gave me and got a page full of stuff that is meaningless to me. You wanted me to post it. I have seen other people post logs but I don't know how. I did save it in a file in the "document" folder. How do I post it in my reply? I can post it by doing another "run" or from the saved file, which ever is easier. Bob
-
BC -
I am posting in sections as the whole thing is too big to post as one.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bob at 2009-06-12 05:15:45
Microsoft® Windows Vista™ Home Basic
System drive C: has 77 GB (73%) free of 106 GB
Total RAM: 1525 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:53 AM, on 6/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZH65T96Y\RSIT[1].exe
C:\Program Files\trend micro\Bob.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
-
BC -
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5466 bytes
-
BC -
ogfile of random's system information tool 1.06 (written by random/random)
Run by Bob at 2009-06-12 05:15:45
Microsoft® Windows Vista™ Home Basic
System drive C: has 77 GB (73%) free of 106 GB
Total RAM: 1525 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:53 AM, on 6/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZH65T96Y\RSIT[1].exe
C:\Program Files\trend micro\Bob.exe
-
BC -
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
-
You have 77G Free space out of 106G on C:.....
I see no space problem at this point.
D: is your Recovery partition and should be left alone .....period.
The only reason you are getting low space errors is from trying to store things on D: which you shouldn't be doing.
Pretend it's not there and keep everything on C:.
-
You might want to upgrade Vista to SP1.
-
BC -
13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5466 bytes
I hope this is what you want. I had to post in parts because it was too big. I tried several things until I found out how to post the logs. I try different things and sometimes they work and sometimes I get in trouble and have to start over.
-
Patio -
I remember you told me once before to stay out of D drive and I have. I do not know how D is being filled up but it is not by me. What I am afarid of is that when D gets full my computer will quit working.
-
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
C:\Windows\system32\NOTEPAD.EXE
Your computer is infected. Visit the virus section to get the PC cleaned up.
There are probably more problems (one of them being RSIT is a temp folder), but someone else will take care of them in the malware section.
-
Kpac -
Thanks - I recently (last week) I ran a full factory restart. There should not have been any virus then. Since then I have used Norton Security and just now ran a full scan by Norton. They found only one cookie and fixed it. Do you still think I have a virus? I deleted Big Fix because it never did anything that I could see and I thought it would free up space. If I use the address you gave will it get Big Fix back?Thanks Bob
-
I opened the temporary files and found a lot of them. I didn't count them but there was a lot. Are these files used for some purpose and then filed away. If they have no future use I could delete them and gain back a lot of space. What advise do you have about this? Thanks Bob
-
Do you still think I have a virus?
Yes, using Nortan being one reason. :D
Okay seriously, yes I think you do have a virus. notepad.exe (see my last post) should be in "C:\Windows", from what I can see, not "C:\Windows\System32\". I would recommend visiting the Virus and Spyware board now.
ThreatExpert (http://www.threatexpert.com/reports.aspx?find=notepad.exe&x=0&y=0)
SystemLookup (http://www.systemlookup.com/lists.php?list=2&type=filename&search=NOTEPAD.EXE)
ProcessLibrary (http://www.processlibrary.com/search/?q=notepad.exe)
BleepingComputer (http://www.bleepingcomputer.com/startups/?&act=search&st=0&keyword=NOTEPAD.EXE)
-
Kpac -
Yes I have heard that about Norton before. I plan on changing as soon as I get my low disk space straightened out. Now about your suggestion of checking for virus. Can you give me more detailed way to do that. Note that I no longer have Big Fix. Thanks Bob
-
I plan on changing as soon as I get my low disk space straightened out.
If you want any suggestions, just ask.
Can you give me more detailed way to do that.
No problem. Read the information posted here: http://www.computerhope.com/forum/index.php/topic,46313.0.html
Then start a new topic here: http://www.computerhope.com/forum/index.php?action=post;board=7.0, refer to this topic, and post the three logs.
Good luck.
-
Kpac -
Bear with me I am slow and not to smart about computers. In your first link it talked about XP. I am running Vista Home Basic and I don't know weather or not I have SP 1. Will this make any difference? Bob
-
It's alright.
if running XP, you need to have at least SP1a installed as well.
if is a powerful word. ;D
Only joking with ya. You can start here: http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095
-
Kpac -
OK I started and checked my programs. I only deleted 1 which was log of some kind. I got to downloading CCleaner and it said to put it on my desktop. How do I do that. I have seen other instructions in the past that said download to the desktop but I have never done that.
-
Kpac -
Have to leave now for a social event. Will try to finish tomarrow. Thanks for your help and time. Bob
-
Yes, using Nortan being one reason. :D
Okay seriously, yes I think you do have a virus. notepad.exe (see my last post) should be in "C:\Windows", from what I can see, not "C:\Windows\System32\". I would recommend visiting the Virus and Spyware board now.
And yet, on both my Vista and XP PC, notepad resides in both System32 and Windows.
But carry on.
-
Kpac -
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/13/2009 at 10:51 AM
Application Version : 4.26.1004
Core Rules Database Version : 3938
Trace Rules Database Version: 1881
Scan type : Complete Scan
Total Scan Time : 00:20:54
Memory items scanned : 667
Memory threats detected : 1
Registry items scanned : 5155
Registry threats detected : 32
File items scanned : 18322
File threats detected : 31
Adware.SystemSearchDispatch
C:\PROGRAM FILES\SYSTEM SEARCH DISPATCHER\1.2.0.750\SSD.DLL
C:\PROGRAM FILES\SYSTEM SEARCH DISPATCHER\1.2.0.750\SSD.DLL
HKLM\Software\Classes\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\InprocServer32
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\InprocServer32#ThreadingModel
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\ProgID
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\Programmable
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\TypeLib
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\VersionIndependentProgID
HKCR\ExplorerBar.FunRedirector.1
HKCR\ExplorerBar.FunRedirector.1\CLSID
HKCR\ExplorerBar.FunRedirector
HKCR\ExplorerBar.FunRedirector\CLSID
HKCR\ExplorerBar.FunRedirector\CurVer
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0\0
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0\0\win32
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0\FLAGS
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0\HELPDIR
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
HKU\S-1-5-21-3206373129-98774604-3863853047-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
C:\Program Files\System Search Dispatcher\1.2.0.750\Data
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe
C:\Program Files\System Search Dispatcher\1.2.0.750
C:\Program Files\System Search Dispatcher
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}\ProxyStubClsid
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}\ProxyStubClsid32
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}\TypeLib
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}\TypeLib#Version
Adware.DesktopSmileyToolbar
HKU\S-1-5-21-3206373129-98774604-3863853047-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKU\S-1-5-21-3206373129-98774604-3863853047-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Adware.MediaAccessStartup
C:\Program Files\Media Access Startup\1.3.0.790\Data\config.md
C:\Program Files\Media Access Startup\1.3.0.790\Data
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome.manifest
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js
C:\Program Files\Media Access Startup\1.3.0.790\FF\components
C:\Program Files\Media Access Startup\1.3.0.790\FF\install.rdf
C:\Program Files\Media Access Startup\1.3.0.790\FF
C:\Program Files\Media Access Startup\1.3.0.790\HPCommon.dll
C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
C:\Program Files\Media Access Startup\1.3.0.790\hppx.exe
C:\Program Files\Media Access Startup\1.3.0.790\MAHelper.exe
C:\Program Files\Media Access Startup\1.3.0.790\unins000.dat
C:\Program Files\Media Access Startup\1.3.0.790\unins000.exe
C:\Program Files\Media Access Startup\1.3.0.790
C:\Program Files\Media Access Startup
Adware.JuicyAccess
HKU\S-1-5-21-3206373129-98774604-3863853047-1000\Software\DoubleD
HKLM\Software\DoubleD
HKLM\Software\DoubleD\DoubleD
-
Kpac -
Malwarebytes' Anti-Malware 1.37
Database version: 2271
Windows 6.0.6000
6/13/2009 11:47:04 AM
mbam-log-2009-06-13 (11-47-04).txt
Scan type: Quick Scan
Objects scanned: 70133
Time elapsed: 3 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Again D: is supposed to be nearly full...it's a Recovery partititon...
-
Kpac -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:26 PM, on 6/13/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Bob\Desktop\CCleaner\CCleaner.exe
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG29JCTB\HJTInstall[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5624 bytes
-
Then start a new topic here: http://www.computerhope.com/forum/index.php?action=post;board=7.0, refer to this topic, and post the three logs.