You certainly could have an infected system, but that wouldn't be one of my first suspicions in terms of the cause of the fragmentation and free space issues. I don't know of any infections which specifically cause the problems you describe, and such symptoms are usually more indicative of something like file or file-table corruption.

However, have you been able to run any anti-virus/anti-spyware utilities on the system? If so, what (if anything) did they find?

I actually just did a few hours ago. Norton found 4 items. It deleted 3. The one that wasn't deleted said it was already in the Norton quaritine folder? I guess it is from the problems I had before. I looked the file up in Norton's virus definitions and it said its a low exploit of a trojan horse that had no removal information. The file was like t10 or a10. No clue what to do about it as it appears it may be related to the problem before. That's why I was thinking of completely reformatting, but if that can be avoided I would be happy. lol Thank you for your reply. I hope you maybe have a little more insight on this. Also here is a link to the problem I had before. http://www.daniweb.com/techtalkforum...phanie953.html

Norton picked up MHTML.Redir.Exploit . It can't quarantine it or delete it. What do I do?

It would probably help us if you could post a HijackThis log; you can get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with HijackThis, copy the log, and paste it here.

The exploit itself is an MHTML-handling flaw/weakness in Windows, and can be taken advantage of through both Internet Explorer and Outlook Express. Microsoft has released a fix for the Outlook vulnerability, but I don't think the IE side of things has been patched yet.

Merijn's free BugOff utility can disable the vulnerable MHTML functions of IE and Outlook (as well as other vulnerabilities in Windows); you might want to give it a try.


The files that get identified as being associated with the exploit are usually in your Temporary Internet Files folder; emptying the entire contents of that folder should remove the current suspect(s). Flushing your TIF folder is a good thing to do as a routine clean up measure, because corrupt, infected, or simply space-wasting files can accumulate in that folder. Here's a more complete drill:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!


1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

- It is also safe to delete the contents of your \Windows\Prefetch folder if you want. The files in that folder do help Windows speed up its boot process somewhat, but stale files can also build up there.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.