losing hard drive space

[gargoyle62]

Hey all.... I am experiencing a similar situation as described by Skorpian's post to this forum on 12-13-10. Here is my situation: I will check available hard drive space as soon as I turn on my computer and as the day progresses, I will lose what I consider huge chunks of space, even though I have d.l.'d nothing. For example; I had 420GB free space when I booted up this morning, and now I have 413GB of free space. I realize this may not be considered huge in the grand scheme of things; but if this continues, it won't be long until I eventually run out of space.

I have read through the post stated above and gleaned as much info as I could understand out of it (I don't profess myself to be anything more than computer fluent).
I have already run disk check, which came back saying my disk was clean - which I would hope, as it is only a month old.
I ran ComboFix - which for some reason insisted that my McAfee AntiVirus was still enabled during the scan regardless of the fact that I turned it off before running the scan as it requested.
I ran Malwarebyte which came back with "no infections" - although I don't seem to be able to locate the log for that one.
And I ran HiJackThis.

I can post whatever logs you'd like to see (when I find them), just let me know. Thanks for the help.

 

[gargoyle62]

Re: losing hard drive space - CombFix log added

ComboFix 10-12-15.04 - darkchocolate 12/15/2010 18:39:28.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1135 [GMT -8:00]
Running from: c:\users\darkchocolate\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
.

2010-12-15 06:36 . 2010-12-15 06:36 -------- d-----w- c:\users\darkchocolate\AppData\Roaming\VistaCodecs
2010-12-15 06:36 . 2010-12-15 06:36 -------- d-----w- c:\program files\VistaCodecPack
2010-12-15 06:34 . 2010-12-15 06:36 -------- d-----w- c:\programdata\VistaCodecs
2010-12-15 03:46 . 2010-12-03 19:35 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2010-12-15 03:12 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 03:12 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 03:12 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 03:12 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 03:12 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 03:11 . 2010-10-21 20:08 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-15 03:11 . 2010-10-21 18:30 389632 ----a-w- c:\windows\system32\html.iec
2010-12-15 03:11 . 2010-10-20 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-15 03:11 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 03:10 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 03:10 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 03:10 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 03:10 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 03:10 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 03:10 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 03:10 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 03:10 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-14 05:19 . 2010-12-14 05:19 318904 ----a-w- c:\temp\Apps\wmpfirefoxplugin.exe
2010-12-11 23:42 . 2009-11-25 19:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-11 07:38 . 2010-12-11 07:39 -------- d-----w- c:\programdata\MFAData
2010-12-08 03:25 . 2010-11-27 21:19 5470720 ----a-w- c:\temp\Apps\SharePod.exe
2010-12-06 06:54 . 2010-12-06 06:54 -------- d-----w- c:\users\darkchocolate\AppData\Local\Apple Computer
2010-12-06 06:54 . 2010-12-06 06:57 -------- d-----w- c:\users\darkchocolate\AppData\Roaming\Apple Computer
2010-12-06 06:53 . 2010-12-06 06:53 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-06 06:53 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-06 06:53 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-06 06:53 . 2010-12-06 06:53 -------- d-----w- c:\program files\iPod
2010-12-06 06:53 . 2010-12-06 06:53 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-06 06:53 . 2010-12-06 06:53 -------- d-----w- c:\program files\iTunes
2010-12-06 06:50 . 2010-12-06 06:53 -------- d-----w- c:\programdata\Apple Computer
2010-12-06 06:50 . 2010-12-06 06:50 -------- d-----w- c:\users\darkchocolate\AppData\Local\Apple
2010-12-06 06:50 . 2010-12-06 06:50 -------- d-----w- c:\program files\Apple Software Update
2010-12-06 06:48 . 2010-12-06 06:48 -------- d-----w- c:\program files\Bonjour
2010-12-06 06:47 . 2010-12-07 23:07 -------- d-----w- c:\program files\Common Files\Apple
2010-12-06 06:47 . 2010-12-06 06:47 -------- d-----w- c:\programdata\Apple
2010-12-05 00:10 . 2010-12-05 00:19 -------- d-----w- c:\users\darkchocolate\AppData\Local\Microsoft Games
2010-12-02 22:21 . 2010-12-02 22:32 -------- d-----w- c:\users\darkchocolate\AppData\Local\Adobe
2010-12-02 22:20 . 2010-12-02 22:20 -------- d-----w- c:\programdata\McAfee Security Scan
2010-12-02 22:20 . 2010-12-02 22:20 -------- d-----w- c:\program files\McAfee Security Scan
2010-12-01 06:50 . 2010-10-14 06:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-12-01 06:50 . 2010-10-14 06:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-12-01 06:49 . 2010-10-14 06:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-12-01 06:49 . 2010-10-14 06:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-12-01 06:49 . 2010-10-14 06:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-12-01 06:49 . 2010-10-14 06:28 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-12-01 06:49 . 2010-10-14 06:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-12-01 06:49 . 2010-10-14 06:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-12-01 06:49 . 2010-10-14 06:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-12-01 06:49 . 2010-10-14 06:28 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-12-01 06:49 . 2010-10-14 06:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-12-01 06:49 . 2010-10-14 06:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-12-01 06:49 . 2010-12-01 06:51 -------- d-----w- c:\program files\Common Files\Mcafee
2010-11-30 22:49 . 2010-12-02 04:56 -------- d-----w- c:\program files\McAfee
2010-11-30 16:33 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E79E36AB-AE3C-4195-B316-2F7EA4DF1B5A}\mpengine.dll
2010-11-26 02:21 . 2010-11-26 02:21 -------- d-----w- c:\users\darkchocolate\AppData\Roaming\GRETECH
2010-11-26 02:16 . 2010-11-26 02:16 7567520 ----a-w- c:\temp\Apps\GOMPLAYERENSETUP.EXE
2010-11-25 04:00 . 2010-11-25 06:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-25 04:00 . 2010-11-25 04:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-25 03:57 . 2010-11-25 03:57 16409960 ----a-w- c:\temp\Apps\spybotsd162.exe
2010-11-24 07:18 . 2010-11-24 07:18 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-11-24 07:18 . 2010-11-24 07:18 -------- d-----w- c:\program files\Common Files\xing shared
2010-11-24 07:18 . 2010-11-24 07:18 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-11-24 07:18 . 2010-11-24 07:18 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-11-24 07:18 . 2010-11-24 07:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-24 07:18 . 2010-11-24 07:18 -------- d-----w- c:\program files\Real
2010-11-24 07:14 . 2010-11-24 07:14 598368 ----a-w- c:\temp\Apps\RealPlayer.exe
2010-11-22 04:58 . 2010-11-22 04:58 -------- d-----w- c:\users\darkchocolate\AppData\Local\Microsoft Corporation
2010-11-22 00:00 . 2010-11-22 00:00 22133675 ----a-w- c:\temp\Apps\VistaCodecs_v584.exe
2010-11-21 00:26 . 2010-11-21 00:26 -------- d-----w- c:\windows\system32\ca-ES
2010-11-21 00:26 . 2010-11-21 00:26 -------- d-----w- c:\windows\system32\eu-ES
2010-11-21 00:26 . 2010-11-21 00:26 -------- d-----w- c:\windows\system32\vi-VN
2010-11-20 23:39 . 2010-11-20 23:39 -------- d-----w- c:\windows\system32\EventProviders
2010-11-20 23:10 . 2009-11-08 18:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-20 23:10 . 2009-11-08 18:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-20 23:10 . 2009-11-08 18:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-20 23:10 . 2009-11-08 18:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-20 23:10 . 2009-11-08 18:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-20 23:00 . 2009-04-11 06:28 643072 ----a-w- c:\windows\system32\msrepl40.dll
2010-11-20 22:59 . 2009-04-11 06:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2010-11-20 22:58 . 2009-04-11 06:28 243712 ----a-w- c:\program files\Movie Maker\WMM2CLIP.dll
2010-11-20 22:57 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-11-20 22:39 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-11-20 22:39 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-11-20 22:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-20 22:38 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-11-20 22:38 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-11-20 22:38 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-11-20 22:38 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-20 22:38 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-20 22:38 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-20 22:38 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-11-20 22:37 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-11-20 22:36 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-11-20 22:36 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-11-20 22:36 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-11-20 22:36 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-20 22:36 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-20 22:36 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-11-20 22:36 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-11-20 22:36 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-11-20 22:35 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-11-20 22:35 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-11-20 22:35 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-11-20 22:35 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-11-20 22:35 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-20 22:35 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-20 22:35 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-20 22:35 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-11-20 22:34 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-20 22:34 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-20 22:34 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-11-20 05:42 . 2010-11-20 05:42 1364522 ----a-w- c:\temp\Apps\wrar393.exe
2010-11-20 01:52 . 2010-11-20 01:52 -------- d-----w- C:\KDS
2010-11-20 00:34 . 2010-11-26 02:20 -------- d-----w- c:\program files\GRETECH
2010-11-20 00:32 . 2010-11-20 00:32 29184 ----a-w- c:\temp\Apps\VS-F15.exe
2010-11-19 23:27 . 2010-11-19 23:27 -------- d-----w- C:\PerfLogs
2010-11-19 22:22 . 2008-01-19 07:38 90680 ----a-w- c:\program files\Windows Defender\MpOAV.dll
2010-11-19 22:21 . 2008-01-19 07:37 9728 ----a-w- c:\windows\system32\wscproxystub.dll
2010-11-19 22:20 . 2008-01-19 07:34 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2010-11-19 22:20 . 2008-01-19 07:36 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2010-11-19 22:20 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 07:18 . 2003-02-21 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-19 22:49 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-11-19 22:49 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-18 22:37 . 2010-11-18 22:37 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-11-14 23:47 . 2010-11-14 23:47 11264 ----a-r- c:\users\darkchocolate\AppData\Roaming\Microsoft\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
2010-10-14 06:28 . 2010-11-13 19:17 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-10-14 06:28 . 2010-12-01 06:50 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2010-11-24 274608]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-14 84072]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\users\darkchocolate\AppData\Roaming\Mozilla\Firefox\Profiles\xsq2kqh2.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-15 18:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2980)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2010-12-15 18:50:31
ComboFix-quarantined-files.txt 2010-12-16 02:50

Pre-Run: 443,298,631,680 bytes free
Post-Run: 443,231,440,896 bytes free

- - End Of File - - 4804097D217B6EB3811952B2B4FEF780

 

[Alex2478]

VIRUS!!!

I've seen this before my friend and it is a nasty bug. it copies your C drive into another folder. If you open your C drive you should be able to see the weird stuff I mean. I would do this:

Download and install AVG Free Anti Virus.

Turn off your computer and run it in safe mode.

In safe mode rune AVG doing a full scan of your hard drive.

Delete any files the it shows there (it might have some registry files listed that it wont want you to delete but still delete them because they are copies from the virus)

Restart your computer and see if its fixed.

If its not a virus then you might have a torrent downloading in the background or something that you forgot about lol.

Good luck.

 

[KSoD]

What is the virus name and where it is located? I see absolutely no trace of it in the Combofix log anywhere. Just cause the symptoms are the same doesnt preclude that it is automatically a virus.

 

[Alex2478]

Re: losing hard drive space - CombFix log added

I had this exact problem before and the virus was not showing up on other anti virus programs. You could see that it was copying my windows folder in the C drive however.

Mine was just a suggestion its not going to hurt his computer to do a scan in safe mode with the anti virus program I used to fix it.

As I suggested before it could also be a torrent or something else downloading in the background.

In retrospect you also might want to do a disc cleanup and a defrag to see if you can fix any errors there.

 

[KSoD]

Well Combofix is not just an AV Program. It goes well beyond anything that AVG could ever hope to achieve. If Combofix didnt pick it up, AVG most certainly will not. Combofix is used to detect items that are not found by programs such as AVG, Avast and others. That is why I was wondering. Cause 99% of the time, if Combofix doesnt detect the infection then your not infected. There is a slight chance that it is an infection but a scan with MBAM would prove to be more useful than AVG as that wouldnt pick it up over Combofix.