Virus eating up hdd space?

[Skorpian]

ComboFix log :
ComboFix 10-12-11.06 - Ultimate 12/12/2010 20:48:06.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1256.20.1033.18.3328.2453 [GMT 2:00]
Running from: c:\users\Ultimate\Documents\Downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 18:52 . 2010-12-12 18:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-12 18:52 . 2010-12-12 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 18:46 . 2010-12-12 18:46 -------- d-----w- C:\32788R22FWJFW
2010-12-02 18:58 . 2010-12-02 18:58 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Oberon Games
2010-11-25 18:19 . 2010-11-25 18:19 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Apowersoft
2010-11-18 12:34 . 2010-11-18 12:34 -------- d-----w- c:\users\Ultimate\.kp
2010-11-13 14:27 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-11-13 14:26 . 2010-11-13 14:26 -------- d-----w- c:\program files\Softvnn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 15:42 . 2010-08-04 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 15:42 . 2010-08-04 18:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 15:35 . 2010-11-09 14:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-15 15:35 . 2010-11-09 14:58 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-20 11:23 . 2010-10-20 11:23 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-10-20 11:23 . 2010-10-20 11:23 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-10-16 18:23 . 2010-10-16 18:23 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-10-08 20:26 . 2010-08-13 19:34 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-06 13:19 . 2010-10-06 13:20 720896 ----a-w- c:\windows\iun6002ev.exe
2010-09-15 02:50 . 2010-08-04 18:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-08-02 3883856]
"Google Update"="c:\users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-06 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IDMan"="c:\program files\Internet download manager\IDMan.exe" [2010-04-28 3220912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-09-15 824224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-6-20 5976064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Ultimate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Ultimate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup_9.0.0.722_21.08.2010_23-47.lnk]
path=c:\users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_21.08.2010_23-47.lnk
backup=c:\windows\pss\setup_9.0.0.722_21.08.2010_23-47.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 12:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-10-08 721904]
S0 88843642;88843642 Boot Guard Driver;c:\windows\system32\DRIVERS\88843642.sys [2009-10-22 37392]
S1 88843641;88843641;c:\windows\system32\DRIVERS\88843641.sys [2009-09-25 128016]
S1 aswSP;aswSP; [x]
S1 setup_9.0.0.722_21.08.2010_23-47drv;setup_9.0.0.722_21.08.2010_23-47drv;c:\windows\system32\DRIVERS\8884364.sys [2009-10-09 311312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-07-06 716024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2391490541-441746723-3100270073-1001Core.job
- c:\users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 12:18]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2391490541-441746723-3100270073-1001UA.job
- c:\users\Ultimate\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
TCP: {5AEFEF7A-36F6-495D-9030-15A5D830E481} = 163.121.128.134,163.121.128.135
FF - ProfilePath - c:\users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\gzs7892o.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\users\Ultimate\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ultimate\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Ultimate\AppData\Roaming\IDM\idmmzcc3
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\gzs7892o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2391490541-441746723-3100270073-1001_Classes\CLSID\{0457250f-77b2-459a-be03-580a25d57e43}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000151
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_USERS\S-1-5-21-2391490541-441746723-3100270073-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a5,a6,48,28,9b,11,71,c0,76,24,6f,5c,91,ba,fc,0d,e8,47,72,0f,94,
f9,f2,e1,85,0e,4b,ff,ee,ee,5d,14,89,af,04,17,3d,62,1a,62,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2391490541-441746723-3100270073-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3064)
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-12-12 20:55:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 18:55
ComboFix2.txt 2010-10-08 20:01

Pre-Run: 934,912,000 bytes free
Post-Run: 1,820,168,192 bytes free

- - End Of File - - 5820DFCE1483A9E4D400B1C07772D2BF

 

[Skorpian]

Btw, once ComboFix was done, I noticed free space in "C" went up from 800 MB to 1.77 GB. Nothing seems to be absent from my files so it seems a hidden infection was deleted. The problem is still there though but I'm glad it's possibly *partially* fixed.

 

[KSoD]

Yeah you still have some infections. But since you have now gotten your system clean and you answered all the other questions there still isnt any real solution. Cause there is nothing that explains what is going on with your system. That is not normal behavior and now that you have gone through all teh checks there is nothing left that i can possibly think of to explain why this is still happening. Sorry but something is wrong with your install.

 

[Skorpian]

Space free in C went last night to 1.55 GB despite fact that I installed nothing. I woke up today to find it went down to 1.38 GB.
So this is either a bad windows install or corrupted hdd, correct?

 

[Skorpian]

I think I shall bump this?
I reinstalled windows 7 and the problem in C drive seems to have disappeared....nothing weird in C drive up till now since the installation. So I guess I need a fresh format for the other 2 drives? I'll need to hunt for an external hdd or maybe borrow an external one from a friend... If a friend of mines has one.