You certainly could have an infected system, but that wouldn't be one of my first suspicions in terms of the cause of the fragmentation and free space issues. I don't know of any infections which specifically cause the problems you describe, and such symptoms are usually more indicative of something like file or file-table corruption.

However, have you been able to run any anti-virus/anti-spyware utilities on the system? If so, what (if anything) did they find?

It would probably help us if you could post a HijackThis log; you can get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with HijackThis, copy the log, and paste it here.

Norton picked up MHTML.Redir.Exploit . It can't quarantine it or delete it. What do I do?

The exploit itself is an MHTML-handling flaw/weakness in Windows, and can be taken advantage of through both Internet Explorer and Outlook Express. Microsoft has released a fix for the Outlook vulnerability, but I don't think the IE side of things has been patched yet.

Merijn's free BugOff utility can disable the vulnerable MHTML functions of IE and Outlook (as well as other vulnerabilities in Windows); you might want to give it a try.


The files that get identified as being associated with the exploit are usually in your Temporary Internet Files folder; emptying the entire contents of that folder should remove the current suspect(s). Flushing your TIF folder is a good thing to do as a routine clean up measure, because corrupt, infected, or simply space-wasting files can accumulate in that folder. Here's a more complete drill:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!


1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

- It is also safe to delete the contents of your \Windows\Prefetch folder if you want. The files in that folder do help Windows speed up its boot process somewhat, but stale files can also build up there.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.