Virus eating up hdd space?

[Skorpian]

Hi Tech-Forums people.
I have something very weird with this computer
Once, my E partition had like gigabytes of free space, but once I noticed the free space got down to bytes, Then 0 kilobytes free! I wasn't downloading a thing...
IDK but it disappeared.
But now it came back again, not the same badly, but annoying.
If I right click the partition itself, and click properties, the used space is 77.2 GB
But if I enter the actual partition, right click everything and click properties, the space used is only 68 GB ( Size on disk 68.2 GB )
I have the option show hidden files, folders and drives ticked. And hide protected operating system files unticked.
This problem is in all partitions of this Sata 250 GB hdd, but I have an IDE one and it doesn't have this problem.
The windows is on a partition of the 250 GB hdd not the 160 GB IDE one.
The IDE one is 1 partition. But the Sata 250 GB one is divided into 3 partitions, 50 GB windows partition and 2 other partitions for storing data.
Could it be bad sectors?
Thanks and sorry if this is in wrong section.

 

[KSoD]

It could be bad sectors. It could be something else.

Open up Computer (or My Computer in XP) and right click on the drive in question. Select Properties. There go under the Tools Tab. There click on Error Checking. Select every option and click Start. Since it is not your system drive you may not have to restart the system.

This will perform a check disk and verify that you dont have any bad sectors. If your worried about drive health head over to Major Geeks and search for Drive Health utilities they have some free ones there you can use. They will tell you how good or bad of shape your drive is in.

After all of that if your still getting this vanishing space, head over to Spyware Asylum and run some scans.

 

[Skorpian]

Scanning with windows found nothing.
The list of drive utilities is too large, can you recommend some drive health utilities?
Thanks.

 

[KSoD]

|MG| Disk Heal 1.47 Download
|MG| Drive Health 2.5.194 Download
|MG| DiskState 3.70 Download
|MG| Disktest PRO 1.3 Download

 

[Skorpian]

Second app link isn't working for me.
I couldn't run the first or the third ( Didn't get them ) But I did download an app called Drive Health and it reports my hdd as good.
Also now in C partition, if I right click all files and click properties, the size is more than if I right click the partition and click properties.
Something is wrong.
Imma go to Spyware website you said and Imma run some scans

 

[Skorpian]

Hello.
Sorry for super late reply, been so **** busy with school.
Anyway, I head over to Spyware Asylum and used ComboFix and MBAM ( IDK if combofix found anything, but MBAM removed 3 viruses ) still nothing.
I tried to boot in safe mode, but still the size is gone.
I have 0 restore points
Like I said before, once a drive of mines reached 0 bytes for no apparent reason.
And yesterday and today, I noticed the C driver hopping from 800 MB to like 1.6 GB free space.
any other suggestions? Is the hdd dead? apps list my hdd as working....
Thanks everyone.

 

[KSoD]

We need to see the logs. There is no guarantee that everything was found with just those 2 applications. Most things can be found with them but you may need something more specific. So we need the logs for Combofix, MBAM and HiJack This before we can continue.

 

[Skorpian]

Hello here are the logs

MBAM log :
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4801

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/12/2010 8:05:12 PM
mbam-log-2010-10-12 (20-05-12).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 357927
Time elapsed: 52 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\برامج\Important Programs\Internet Download Manager 5.18 Build 8.By.vibration\MaZiKa2DaY.CoM. Internet-Download-Manager-5.19-Build-3\MaZiKa2DaY.CoM. Internet-Download-Manager-5.19-Build-3\Patch 5.xx(2009-07-10).exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\برامج\Important Programs\Internet Download Manager 5.18 Build 8.By.vibration\MaZiKa2daY.Internet.Download.Manager.6.0.Beta.By.ShohdY2daY\Patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\برامج\Important Programs\Internet Download Manager 5.18 Build 8.By.vibration\MaZiKa2daY.Internet.Download.Manager.6.0.Beta.By.ShohdY2daY\MaZiKa2daY.Internet.Download.Manager.6.0.Beta.By.ShohdY2daY\Patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

HijackThis log:
Note : When I was running the hijackthis scan, it showed up this but I just clicked ok

EDIT : Forget about this one, I ran as admin and the hijackthis log was a little more through. Please check page 2 for the newer HJT log thank you.
Also, today I freed up my C to about 4.68 GB and my E was at 7.01 GB, I thought of going to Safe mode and trying to scan by MBAM. But then my C was down to 1.48 GB and my E was up to 10.1 GB Hmmm? ( The space got down before I even ran the scan )

 

[Skorpian]

Ok I ran HijackThis as adminstrator and here's the new log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:58 PM, on 10/15/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\Ultimate\Documents\Downloads\Programs\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEFEF7A-36F6-495D-9030-15A5D830E481}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 7648 bytes

 

[KSoD]

Split the combofix log into a couple of posts. You have an infection on your PC. Very few people are going to risk downloading something to read from an infected PC as they run the risk of getting the infection. Yes even through a simple text document it can happen.

I would remove your Internet Download Manager as 2 of your infections are from that program alone. You also have a couple of IP's setup in your TCPIP. Did you set them up?

O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEFEF7A-36F6-495D-9030-15A5D830E481}: NameServer = 163.121.128.134,163.121.128.135