Virus eating up hdd space?

[KSoD]

Why do you need a tut to check the hdd? All you have to do is run chkdsk /r/f and that is it. There is no tut needed to run a single command. There is only 1 other command and that is the sfc /scannow that can be used. Other than that you dont need a tut or any other software. Sorry maybe you misunderstood my when i said there was tuts on that page. But there is no tuts needed for those commands. You can use some other programs that are available but they are only graphical versions of what those 2 tell you. Plus those programs are straight forward. Install them, run them, view results.

Yes if you turn off hibernation you can turn it on later.

 

[Skorpian]

Sorry for late reply. My problem isn't fixed yet, I noticed C was in the morning today 700 MB free, now it's 400 MB free only. Any ideas? I'll try to reinstall windows later but I prefer another solution as setting up drivers and necessary apps all way back is very time-consuming.
Thanks, sir.

 

[KSoD]

I dont know what you want. There is nothing more anyone on this site or any other can do for you. If you have removed the hiberfil.sys, turned off shadow copies, removed the pagefile.sys from your main drive and moved your personal files from the main drive then there is nothing more than anyone here can suggest to offer as a solution. You neglected to test your hard drive and yet you still think we can offer a solution when you have yet to even do what was previously suggested?

Sorry but that cant happen. You have yet to post the results from your chkdsk or your system file checker. You have yet to report if you have turned off anything. You cant just right click on the drive and run the chkdsk, you need to use the specific command i gave. Stop using shortcuts and think they will produce results. The last log posted was 2 months ago and there is no way to know that your still clean. You had an infected download manager, how are we to know you didnt install it again?

There is no solution. Cause you skipped steps and neglected to do what was asked and report back in a timely manner. We cant assist you if you dont take the appropriate steps to try and solve your own issues. Sorry if it sounds harsh, but it is the dead honest truth. You dont try enough to get us the results and we cant try anymore to help you. Providing information months after the problem started to occur doesnt help anyone. So much can change.

Yeah we all have a life to live. But if your that concerned about getting this issue resolved you can find a few minutes to post and check the topic at least once a week, not once in almost 2 months. Sorry but we can no longer be of assistance. I hope that your format goes well and solves your issue.

 

[Skorpian]

Okay I tried the commands and I did test the hard drive and I stated that in my previous post and it didn't work and the hdd was reported good. Shadow copies are turned off, I realised I needed hibernation, and I thought pagefile.sys was important.
Okay, I'm sorry for the thing of posting once every few months. We all have a life to live, you're right , and I'm concerned with the issue , but I had much more important stuff to do than to think of a hdd issue.
Thanks for all the help so far, if you don't want to continue helping, no problems, just say so. I'll then just look for another website to post this problem in.
Thanks again.

 

[KSoD]

Why is Hibernation important? You do realize that you have hard drive space being taken up by this file. As much hard drive space as you have RAM. So right there is a chunk of HDD Space. Pagefile is important, but it doesnt have to be on your OS Drive. You can create a specific partition for just that file.

You will have to go through Spyware Asylum again. There is no way we can be sure that this isnt an issue. You never said a thing after the last checkup only to return 2 months later saying it is still a problem. You never mention any changes you made, you never said a single thing about what you have tried or anything. You looking for solutions without helping us to help you.

 

[Skorpian]

There is not a single pagefile on either of my 2 hdd's... weird :S
So to get this clear, you want me to re-use Malware Bytes, ComobFix and Hijackthis, then post their logs?
Thanks

 

[KSoD]

Yes. I need updated logs. Having logs from 2 months ago doesnt mean your secure now.

 

[Skorpian]

Sorry for late reply. I'm working on downloading & installing the files now, been a bit busy lately, sorry :S
Once I'm done with them, I'll post my logs here.

 

[Skorpian]

HijackThis log :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:03:44 PM, on 12/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Ultimate\Documents\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet download manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEFEF7A-36F6-495D-9030-15A5D830E481}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 7646 bytes

 

[Skorpian]

MBAM Log :
Malwarebytes' Anti-Malware 1.50
Malwarebytes

Database version: 5298

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/12/2010 3:19:24 PM
mbam-log-2010-12-12 (15-19-24).txt

Scan type: Full scan (C:\|D:\|E:\|I:\|)
Objects scanned: 363904
Time elapsed: 53 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)