Virus eating up hdd space?

[Skorpian]

Okay Imma split it up now.
Couple of IP's? I didn't set that up. Those are my DNS settings, the primary and secondary ones.
Imma split it :
ComboFix 10-10-07.02 - Ultimate 10/08/2010 21:55:37.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1256.20.1033.18.3328.2401 [GMT 2:00]
Running from: c:\users\Ultimate\Documents\Downloads\Programs\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 19:59 . 2010-10-08 19:59 -------- d-----w- c:\users\Ultimate\AppData\Local\temp
2010-10-08 19:59 . 2010-10-08 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-08 13:51 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-10-07 13:35 . 2010-10-07 13:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-06 15:55 . 2010-10-06 15:55 -------- d-----w- c:\programdata\Gogii
2010-10-06 13:20 . 2010-10-06 13:19 720896 ----a-w- c:\windows\iun6002ev.exe
2010-10-01 07:50 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-10-01 07:50 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-10-01 07:50 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-01 07:50 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-01 07:50 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-10-01 07:50 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-10-01 07:50 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-01 07:50 . 2010-10-01 07:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-28 10:15 . 2010-09-28 10:15 -------- d-----w- c:\program files\SysTools ZIP Repair Software
2010-09-27 18:20 . 2010-09-27 18:21 -------- d-----w- c:\users\Ultimate\AppData\Local\Microsoft Games
2010-09-27 08:56 . 2010-09-27 08:56 0 ----a-w- c:\users\Ultimate\AppData\Roaming\IDM\DwnlData\Ultimate\One.Zero.DVDRip.MaZiKa2daY_371\One.Zero.DVDRip.MaZiKa2daY.CoM
2010-09-15 15:27 . 2010-09-15 15:27 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Gaijin Ent
2010-09-15 15:27 . 2010-09-15 15:27 -------- d-----w- c:\programdata\55-6q-2q-p2-15-4s
2010-09-15 15:22 . 2010-09-15 15:22 -------- d-----w- c:\programdata\Oberon Games
2010-09-15 11:38 . 2010-09-15 11:40 -------- d-----w- c:\programdata\Zbshareware Lab
2010-09-15 11:33 . 2010-09-15 11:37 -------- d-----w- c:\program files\USB Disk Security
2010-09-15 00:26 . 2010-09-15 00:26 -------- d-----w- c:\users\Ultimate\AppData\Roaming\ProgSense
2010-09-15 00:26 . 2010-09-15 00:26 -------- d-----w- C:\Downloads
2010-09-15 00:26 . 2010-09-15 12:19 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Orbit
2010-09-14 16:25 . 2010-09-14 16:25 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-14 13:54 . 2010-10-01 07:48 -------- d-----w- c:\users\Ultimate\AppData\Local\Geekcorp
2010-09-12 14:48 . 2010-09-12 14:48 -------- d-----w- c:\programdata\AltrixSoft
2010-09-12 14:48 . 2010-09-28 12:42 -------- d-----w- c:\program files\Common Files\AltrixSoft
2010-09-12 14:43 . 2010-09-12 14:43 -------- d-----w- c:\program files\Helexis
2010-09-11 20:56 . 2010-09-11 20:56 -------- d-----w- c:\program files\TryMedia
2010-09-11 20:56 . 2010-09-11 21:11 -------- d-----w- c:\program files\PopCap Games
2010-09-11 20:47 . 2010-09-11 20:47 -------- d-----w- c:\program files\Diamonds

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 19:53 . 2010-08-14 17:04 0 ----a-w- c:\windows\system32\Access.dat
2010-10-08 13:39 . 2010-08-03 16:27 -------- d-----w- c:\users\Ultimate\AppData\Roaming\IDM
2010-10-08 11:28 . 2010-08-02 22:57 -------- d-----w- c:\users\Ultimate\AppData\Roaming\uTorrent
2010-10-07 21:17 . 2010-08-03 16:27 -------- d-----w- c:\users\Ultimate\AppData\Roaming\DMCache
2010-10-06 16:48 . 2010-08-04 20:51 -------- d-----w- c:\programdata\Fugazo
2010-09-29 17:39 . 2010-08-02 22:57 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Media Player Classic
2010-09-08 01:21 . 2010-09-08 01:21 -------- d-----w- c:\program files\SpeedFan
2010-09-07 15:12 . 2010-08-12 13:43 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-08-12 13:43 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-08-12 13:43 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-08-12 13:43 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-08-12 13:43 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-08-12 13:43 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-08-12 13:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-05 15:21 . 2010-08-02 22:28 8059 ----a-w- c:\windows\gdrv.sys
2010-09-05 15:14 . 2010-09-05 15:13 152064 ----a-w- C:\Ahmed.exe
2010-09-05 03:03 . 2010-09-05 03:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-05 03:02 . 2010-08-02 22:30 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-03 18:31 . 2010-08-14 17:03 -------- d-----w- c:\programdata\Tunngle
2010-09-03 18:31 . 2010-08-14 17:03 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Tunngle
2010-09-03 17:46 . 2010-08-20 23:19 -------- d-----w- c:\users\Ultimate\AppData\Roaming\ImgBurn
2010-09-01 23:09 . 2010-08-04 15:25 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Hamachi
2010-09-01 01:43 . 2010-09-01 01:43 -------- d-----w- c:\users\Ultimate\AppData\Roaming\HP
2010-09-01 01:43 . 2010-08-02 22:24 109592 ----a-w- c:\users\Ultimate\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-01 01:43 . 2010-09-01 00:21 -------- d-----w- c:\programdata\HP
2010-09-01 01:43 . 2010-09-01 01:43 -------- d-----w- c:\programdata\WEBREG
2010-09-01 01:43 . 2010-09-01 01:33 178111 ----a-w- c:\windows\hpoins44.dat
2010-09-01 01:42 . 2010-09-01 00:22 -------- d-----w- c:\program files\HP
2010-09-01 01:41 . 2010-09-01 01:41 -------- d-----w- c:\programdata\HP Product Assistant
2010-09-01 01:40 . 2010-09-01 01:40 -------- d-----w- c:\program files\Common Files\HP
2010-09-01 00:33 . 2010-09-01 00:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-29 21:28 . 2010-08-29 21:28 -------- d-----w- c:\program files\Konami
2010-08-28 14:07 . 2010-08-02 22:57 -------- d-----w- c:\program files\uTorrent
2010-08-26 00:15 . 2010-08-26 00:15 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Ludia
2010-08-26 00:15 . 2010-08-26 00:15 -------- d-----w- c:\programdata\Ludia
2010-08-26 00:13 . 2010-08-26 00:13 -------- d-----w- c:\users\Ultimate\AppData\Roaming\PlayFirst
2010-08-26 00:13 . 2010-08-26 00:13 -------- d-----w- c:\programdata\PlayFirst
2010-08-22 22:29 . 2010-08-22 22:29 -------- d-----w- c:\program files\Common Files\Common Share
2010-08-22 22:23 . 2010-08-22 22:23 -------- d-----w- c:\program files\OJOsoft
2010-08-22 00:13 . 2010-08-22 00:12 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-20 23:28 . 2010-08-20 23:28 -------- d-----w- c:\program files\WinDirStat
2010-08-20 23:17 . 2010-08-20 23:17 145 ----a-w- c:\users\Ultimate\ahmed.bat
2010-08-20 20:36 . 2010-08-20 20:36 -------- d-----w- c:\program files\EASEUS
2010-08-19 14:09 . 2010-08-19 14:09 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
2010-08-19 02:42 . 2010-08-06 01:21 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-19 02:42 . 2010-08-19 02:42 92280 ----a-w- c:\users\Ultimate\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
2010-08-19 02:42 . 2010-08-06 01:21 -------- d-----w- c:\users\Ultimate\AppData\Roaming\SystemRequirementsLab
2010-08-18 18:28 . 2010-08-18 18:28 -------- d-----w- c:\programdata\Sandlot Games
2010-08-18 18:27 . 2010-08-18 18:27 -------- d-----w- c:\programdata\Trymedia
2010-08-17 18:44 . 2010-08-17 18:44 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-16 23:34 . 2010-08-16 23:32 39072 ----a-w- c:\windows\system32\clocklog.bin
2010-08-15 01:34 . 2010-08-15 01:33 -------- d-----w- c:\program files\OpenVPN
2010-08-15 01:18 . 2010-08-15 01:18 -------- d-----w- c:\programdata\ATI
2010-08-15 01:18 . 2010-08-02 22:39 -------- d-----w- c:\program files\ATI Technologies
2010-08-15 01:16 . 2010-08-15 01:16 10134 ----a-r- c:\users\Ultimate\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe
2010-08-14 23:57 . 2010-08-14 23:56 -------- d-----w- c:\program files\Tunngle
2010-08-14 23:55 . 2010-08-13 19:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-14 22:28 . 2010-08-14 22:28 -------- d-----w- c:\program files\TeamViewer
2010-08-14 21:01 . 2010-08-02 22:52 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Winamp
2010-08-14 20:10 . 2010-08-13 20:16 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-14 15:56 . 2010-08-04 15:25 -------- d-----w- c:\program files\Hamachi
2010-08-14 15:56 . 2010-08-14 15:56 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-08-13 20:06 . 2010-08-13 20:06 -------- d-----w- c:\programdata\Blizzard Entertainment.temp
2010-08-13 19:38 . 2010-08-13 19:34 -------- d-----w- c:\users\Ultimate\AppData\Roaming\DAEMON Tools Lite
2010-08-13 19:37 . 2010-08-13 19:37 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-08-13 19:36 . 2010-08-13 19:36 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-13 19:36 . 2010-08-13 19:36 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-13 19:34 . 2010-08-13 19:34 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-12 13:43 . 2010-08-02 22:44 -------- d-----w- c:\programdata\Alwil Software
2010-08-09 22:16 . 2010-08-09 22:16 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Soldat
2010-08-06 01:21 . 2010-08-06 01:21 85504 ----a-w- c:\users\Ultimate\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-08-04 18:32 . 2010-08-04 18:32 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-03 16:27 . 2010-08-03 16:27 218544 ----a-w- c:\users\Ultimate\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-08-03 08:19 . 2010-08-03 08:19 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-02 22:40 . 2010-08-02 22:40 9158 ----a-r- c:\users\Ultimate\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-08-02 22:31 . 2010-08-02 22:31 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-08-02 22:30 . 2010-08-02 22:30 315392 ----a-w- c:\windows\HideWin.exe
2010-07-27 15:42 . 2010-08-20 20:36 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-15 05:44 . 2010-08-20 20:36 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 05:44 . 2010-08-20 20:36 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 05:44 . 2010-08-20 20:36 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 05:44 . 2010-08-20 20:36 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-08-02 3883856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-08-03 3220912]
"Google Update"="c:\users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-06 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-09-15 824224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-6-20 5976064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Ultimate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Ultimate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup_9.0.0.722_21.08.2010_23-47.lnk]
path=c:\users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_21.08.2010_23-47.lnk
backup=c:\windows\pss\setup_9.0.0.722_21.08.2010_23-47.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 12:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-13 721904]
S0 88843642;88843642 Boot Guard Driver;c:\windows\system32\DRIVERS\88843642.sys [2009-10-22 37392]
S1 88843641;88843641;c:\windows\system32\DRIVERS\88843641.sys [2009-09-25 128016]
S1 aswSP;aswSP; [x]
S1 setup_9.0.0.722_21.08.2010_23-47drv;setup_9.0.0.722_21.08.2010_23-47drv;c:\windows\system32\DRIVERS\8884364.sys [2009-10-09 311312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-07-06 716024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2391490541-441746723-3100270073-1001Core.job
- c:\users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 12:18]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2391490541-441746723-3100270073-1001UA.job
- c:\users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
TCP: {5AEFEF7A-36F6-495D-9030-15A5D830E481} = 163.121.128.134,163.121.128.135
FF - ProfilePath - c:\users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\gzs7892o.default\
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\users\Ultimate\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ultimate\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2391490541-441746723-3100270073-1001_Classes\CLSID\{0457250f-77b2-459a-be03-580a25d57e43}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000115
"Therad"=dword:00000008
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_USERS\S-1-5-21-2391490541-441746723-3100270073-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a5,a6,48,28,9b,11,71,c0,76,24,6f,5c,91,ba,fc,0d,e8,47,72,0f,94,
f9,f2,e1,85,0e,4b,ff,ee,ee,5d,14,89,af,04,17,3d,62,1a,62,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2391490541-441746723-3100270073-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.

 

[Skorpian]

Completion time: 2010-10-08 22:01:01
ComboFix-quarantined-files.txt 2010-10-08 20:01

Pre-Run: 2,521,006,080 bytes free
Post-Run: 2,434,334,720 bytes free

- - End Of File - - 8AFA0B574C894E2ABBC24A1B9E76B2AC

 

[KSoD]

Alright now i need an updated HiJack This Log and need to know if you removed the Internet Download Manager as that was infected.

 

[Skorpian]

Alrighty thanks I removed it
And here's the updated log :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:04:41 PM, on 10/16/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Ultimate\Documents\Downloads\Programs\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEFEF7A-36F6-495D-9030-15A5D830E481}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 6873 bytes

 

[KSoD]

I see nothing in the log now. Are there still lingering problems?

 

[Skorpian]

C went back to 4 GB free
And E went back to 7 GB free
But yes there is still space eaten.
Is it possible that the drive is dead? That'd stink

 

[KSoD]

Have you run chkdsk /r /f to see if there is bad sectors? Have you checked to make sure your hiberfil.sys is not taking up this space? Have you removed such things as Shadow Copies and other backups so that your system is not eating up more space? Have you used software like a Hard Drive Doctor or the built in SMART tools to see if the drive is damaged before you chalked it up to an infection?

 

[Skorpian]

Have you run chkdsk /r /f to see if there is bad sectors?

I right clicked the partition and clicked properties, then ran a check from there for bad sectors, 0 found

Have you checked to make sure your hiberfil.sys is not taking up this space?

sorry but how do I check?

Have you removed such things as Shadow Copies and other backups so that your system is not eating up more space?

If other backups or Shadow Copies aren't made by applications automatically and made by user only, then I'm sure there are no Shadow Copies or other backups

Have you used software like a Hard Drive Doctor or the built in SMART tools to see if the drive is damaged before you chalked it up to an infection?

You sir posted a few links to some software, one of those didn't work, some 2 were so confusing ( I didn't understand them a tut would be appreciated ) but I indeed ran one and my hdd was 100% at safe side
On a side note, isn't it weird that like size of all files inside a partition is more than the actual Capacity of the partition itself? Super weird.. I didn't see such a problem on the internet via Google ( but maybe my googling skills are poor :S )
Thanks for all the help so far, I highly appreciate it. Tech-Forums rocks

 

[KSoD]

Spyware Asylum

There is all the tuts and everything located there. It is a sticky thread right above your topic and is located here and in the Analyze area as well. Without knowing exactly which Os your using we cant guide you throughly. I can tell your running Windows 7 but it doesnt tell me if it is 32 Bit or 64 Bit.

When you ran the check did you have it not only check the drive but try to fix it? As for the hiberfil.sys file that is kinda hard to explain. Do you use Hibernation? If so you need that file. If not then you can do a command to remove it completely.

How to Turn Off and Disable Hibernation in Windows Vista » My Digital Life

Explains it all there.

Shadow Copies are made by the applications. Like Office and that. They are ways for you to recover your documents incase of a power failure or something happening when your using the file or it gets corrupted. The backups is prompted by the Action Center within Win7. So you should know if it was setup as you have to take action or you will see the Red X icon by the Action Center flag in your task bar.

As for the last comment, yes it is really wierd. That shouldnt be happening. As it is kinda impossible for the system to get more space like that. So something is definately wrong. It could just be that there is a bad Windows file. You need to open the command prompt with admin rights (Right click>select run as admin) and run sfc /scannow to make sure that there is no corrupted Windows files.

 

[Skorpian]

As for the last comment, yes it is really wierd. That shouldnt be happening. As it is kinda impossible for the system to get more space like that. So something is definately wrong. It could just be that there is a bad Windows file. You need to open the command prompt with admin rights (Right click>select run as admin) and run sfc /scannow to make sure that there is no corrupted Windows files.

No corrupt files :S

When you ran the check did you have it not only check the drive but try to fix it? As for the hiberfil.sys file that is kinda hard to explain. Do you use Hibernation? If so you need that file. If not then you can do a command to remove it completely.

To check and fix.

There is all the tuts and everything located there. It is a sticky thread right above your topic and is located here and in the Analyze area as well. Without knowing exactly which Os your using we cant guide you throughly. I can tell your running Windows 7 but it doesnt tell me if it is 32 Bit or 64 Bit.

It's windows 7 32 bit

Sorry, sir, you also said there are tuts on spyware asylum for programs to check hdd etc, but I can only see tuts for MBAM, Combofix and HJT :S

EDIT : Also if I turn off hibernation, can I turn it on back later? I remember I used it only once and didn't really find interest in it.