Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something eating up the available hard drive space...


  • This topic is locked This topic is locked
7 replies to this topic

#1 sean75070

sean75070

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 21 December 2009 - 10:20 PM

Not sure what is going on, but I am running Windows 7 Professional. I noticed the other day I got a warning about my hard drive not having enough space. Troubled, I looked and saw that I didnt have any disk space left. I moved about 15Gb of data to a backup folder across the my network. It freed up some space, but it was temporary.. my hard drive keeps "filling" back up. I downloaded and ran Malwarebytes, but the scan came back clean. Just wondering now if it is a Windows 7 issues or possibly a hard drive issue. I have the DDS file if someone would want to take a look at it. Also, I am running Spyware Doctor from PC Tools as my antivirus.

BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:32 PM

Posted 21 December 2009 - 10:33 PM

Greetings sean75070 and Welcome to the Forums,

I wanted to say first thing that your hard drive will shrink somewhat from time to time just because of the System Restore feature...but of course, it shouldn't be anything that would cause a warning unless you just didn't have sufficient hard disk space to begin with. Windows 7 requires at least 30 gigs just to breathe. What size partition did you create for Windows 7? I'd like to see that DDS log if you don't mind. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 sean75070

sean75070
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 21 December 2009 - 10:43 PM

Thanks for the welcome!! I am running Windows 7 on a 320G hard drive. It is the only partition on the drive. I have monitoring my hard drive over time tonight..

158G free 6:28pm
152G free 6:34pm
140G free 6:48pm
96.9G free 7:38pm
84G free 7:51pm
74G free 8:02pm
62.4G free 8:15pm
49.9G free 8:29pm
27.8G free 8:54pm
26.8G free 9:05pm
15.3G free 9:27pm
9.74G free 9:33pm
5.12G free 9:38pm

Here is my DDS log file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Sean at 21:00:06.59 on Mon 12/21/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1292 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\tracerpt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sean\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
TCP: {28889D33-A619-4699-91C1-96F11A16827B} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2008-7-22 24608]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-21 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-12-21 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-12-21 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-21 233136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-21 112592]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-12-21 583640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-21 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-21 1141712]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-12-21 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-12-21 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\common files\just flight limited shared\service\JustFlightLimitedLicSvc.exe [2009-10-30 69632]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2009-12-22 02:26:59 0 d-----w- c:\users\sean\appdata\roaming\Malwarebytes
2009-12-22 02:26:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 02:26:50 0 d-----w- c:\programdata\Malwarebytes
2009-12-22 02:26:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 02:26:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 00:30:11 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-12-22 00:30:11 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-12-22 00:30:11 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-12-22 00:20:07 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2009-12-22 00:20:07 506368 ----a-w- c:\windows\system32\msxml.dll
2009-12-22 00:20:07 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2009-12-22 00:20:07 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2009-12-22 00:15:27 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-22 00:15:27 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-22 00:15:27 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-22 00:15:26 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-22 00:15:26 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-22 00:15:26 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-22 00:15:26 131 ----a-w- c:\windows\IDB.zip
2009-12-22 00:15:26 1152444 ----a-w- c:\windows\UDB.zip
2009-12-22 00:13:48 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-22 00:13:48 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-22 00:13:48 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-22 00:13:45 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-22 00:13:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-22 00:13:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-22 00:13:45 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-22 00:13:42 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-22 00:13:42 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-22 00:13:38 0 d-----w- c:\users\sean\appdata\roaming\PC Tools
2009-12-21 21:18:03 0 d-----w- c:\program files\TrendMicro
2009-12-20 22:30:11 0 d--h--w- c:\windows\AxInstSV
2009-12-20 16:14:45 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-20 16:14:45 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-20 16:13:32 0 d-----w- c:\windows\system32\xlive
2009-12-20 16:13:31 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-12 03:29:30 0 d-----w- c:\programdata\BOINC
2009-12-12 03:29:30 0 d-----w- c:\program files\BOINC
2009-12-11 21:26:22 39 ----a-w- c:\windows\vbaddin.ini
2009-12-11 21:25:30 162 ----a-w- c:\windows\ODBC.INI
2009-12-11 21:11:05 0 d-----w- c:\users\sean\appdata\roaming\GetRightToGo
2009-12-10 23:19:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-10 23:03:39 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-10 23:03:39 22328 ----a-w- c:\users\sean\appdata\roaming\PnkBstrK.sys
2009-12-10 23:03:10 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-10 23:03:06 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-10 23:03:06 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-10 22:58:14 0 d-----w- c:\programdata\Electronic Arts
2009-12-10 22:14:24 0 d-----w- c:\programdata\WinZip
2009-12-06 03:49:20 0 d-----w- c:\program files\Codemasters
2009-12-04 22:53:57 3497984 ----a-w- c:\windows\system32\cdintf300.dll
2009-12-04 22:53:52 0 d-----w- C:\PCOMP5
2009-12-01 00:02:40 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-12-01 00:02:38 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-28 17:17:33 0 d-----w- c:\program files\uCertify
2009-11-27 18:46:09 0 d-----w- c:\program files\SiSoftware
2009-11-27 10:41:26 0 d-----w- c:\windows\Hewlett-Packard
2009-11-27 00:45:08 65536 --sha-w- c:\users\sean\ntuser.dat{0f952dd4-daee-11de-9a5d-0022157f8ad4}.TM.blf
2009-11-27 00:45:08 524288 --sha-w- c:\users\sean\ntuser.dat{0f952dd4-daee-11de-9a5d-0022157f8ad4}.TMContainer00000000000000000002.regtrans-ms
2009-11-27 00:45:08 524288 --sha-w- c:\users\sean\ntuser.dat{0f952dd4-daee-11de-9a5d-0022157f8ad4}.TMContainer00000000000000000001.regtrans-ms
2009-11-26 19:10:42 65536 --sha-w- c:\users\sean\ntuser.dat{a8fadf96-dab9-11de-b4b1-0022157f8ad4}.TM.blf
2009-11-26 19:10:42 524288 --sha-w- c:\users\sean\ntuser.dat{a8fadf96-dab9-11de-b4b1-0022157f8ad4}.TMContainer00000000000000000002.regtrans-ms
2009-11-26 19:10:42 524288 --sha-w- c:\users\sean\ntuser.dat{a8fadf96-dab9-11de-b4b1-0022157f8ad4}.TMContainer00000000000000000001.regtrans-ms
2009-11-26 16:40:55 65536 --sha-w- c:\users\sean\ntuser.dat{7d705ba5-daa5-11de-8952-0022157f8ad4}.TM.blf
2009-11-26 16:40:55 524288 --sha-w- c:\users\sean\ntuser.dat{7d705ba5-daa5-11de-8952-0022157f8ad4}.TMContainer00000000000000000002.regtrans-ms
2009-11-26 16:40:55 524288 --sha-w- c:\users\sean\ntuser.dat{7d705ba5-daa5-11de-8952-0022157f8ad4}.TMContainer00000000000000000001.regtrans-ms
2009-11-26 15:55:46 65536 --sha-w- c:\users\sean\ntuser.dat{1b632674-daa4-11de-8953-0022157f8ad4}.TM.blf
2009-11-26 15:55:46 524288 --sha-w- c:\users\sean\ntuser.dat{1b632674-daa4-11de-8953-0022157f8ad4}.TMContainer00000000000000000002.regtrans-ms
2009-11-26 15:55:46 524288 --sha-w- c:\users\sean\ntuser.dat{1b632674-daa4-11de-8953-0022157f8ad4}.TMContainer00000000000000000001.regtrans-ms
2009-11-26 13:52:43 0 d-----w- c:\users\sean\appdata\roaming\Clickteam
2009-11-26 13:49:04 0 d-----w- c:\program files\The Games Factory 2
2009-11-26 13:26:37 0 d-----w- c:\users\sean\appdata\roaming\Singlesnet
2009-11-26 13:26:26 0 d-----w- c:\program files\Singlesnet
2009-11-25 01:21:46 0 d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2009-11-25 00:44:18 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 22:22:01 0 d-----w- c:\programdata\ATI
2009-11-24 22:20:37 0 d-----w- c:\program files\ATI Technologies
2009-11-24 22:20:34 0 d-----w- c:\program files\ATI

==================== Find3M ====================

2009-11-25 01:05:12 6656 ----a-w- c:\windows\system32\lpcio.dll
2009-11-21 00:35:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-18 03:22:45 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-18 03:22:45 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-06 22:58:00 803584 ----a-w- c:\windows\boinc.scr
2009-11-06 16:59:54 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 16:59:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 19:31:45 8 ----a-w- c:\users\sean\appdata\roaming\usb.dat
2009-10-29 21:12:12 210839 ----a-w- c:\windows\hpoins21.dat
2009-10-27 23:17:42 249856 ------w- c:\windows\Setup1.exe
2009-10-27 23:17:41 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-23 05:25:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-10-23 02:23:48 453152 ----a-w- c:\windows\system32\nvusmu.exe
2009-10-23 02:23:48 453152 ----a-w- c:\windows\system32\nvusmb.exe
2009-10-23 02:23:48 122880 ----a-w- c:\windows\system32\NVCOSMU.DLL
2009-10-23 02:23:48 122880 ----a-w- c:\windows\system32\NVCOSMB.DLL
2009-10-23 02:23:06 446464 ----a-w- c:\windows\system32\nvuawy.exe
2009-10-23 02:23:06 118784 ----a-w- c:\windows\system32\NVCOAWY.DLL
2009-10-08 01:28:45 5474 ------w- c:\windows\hpomdl21.dat
2009-10-07 16:05:14 232712 ----a-w- c:\windows\system32\PDBoot.exe
2009-09-26 19:19:52 557328 ----a-w- c:\windows\system32\Dao360.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:02:27.12 ===============

It's really unusual... never seen anything like this before. Thanks for your help!! I am anxious to find the cause of this issue!!

#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:32 PM

Posted 22 December 2009 - 10:07 AM

Thanks...now please post the "Attach.txt" that was generated from the DDS scan.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 sean75070

sean75070
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 22 December 2009 - 11:06 AM

Here is the attached file:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/22/2009 7:52:53 PM
System Uptime: 12/21/2009 6:22:26 PM (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | M3N78 PRO
Processor: AMD Phenom™ II X4 940 Processor | Socket AM2 | 3000/206mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 29.127 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Null
Device ID: ROOT\LEGACY_NULL\0000
Manufacturer:
Name: Null
PNP Device ID: ROOT\LEGACY_NULL\0000
Service: Null

Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\4&33385313&0&5940
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\4&33385313&0&5940
Service:

==== System Restore Points ===================

RP105: 12/21/2009 4:41:52 PM - Windows Update

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AIO_Scan
BOINC
Browser Defender 2.0.6.11
BufferChm
C5200
C5200_Help
Copy
Destinations
DeviceDiscovery
DocProc
EA Download Manager
Fax
Google Toolbar for Internet Explorer
GPBaseService2
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
HiJackThis
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Java™ 6 Update 17
Junk Mail filter update
Just Flight - Traffic X
LearnSmart 011880
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 1.2
Microsoft Choice Guard
Microsoft Flight Simulator X
Microsoft Flight Simulator X SDK SP1A
Microsoft Flight Simulator X Service Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007 Trial
Microsoft Office Word MUI (English) 2007
Microsoft OLE DB Provider for Visual FoxPro
Microsoft Press Readiness Review Suite 70-272
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
OpenAL
PerfectDisk 10 Professional
PrepLogic Exam Network+ (N10-004)
Privacy Guardian 4.1
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PunkBuster Services
Registry Mechanic 9.0
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB971090)
Service Pack 1 for SQL Server 2008 (KB968369)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spyware Doctor 7.0
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Status
Steam
Team Fortress 2
Toolbox
Traffic X (Shared Components)
TrayApp
uCeritify CN10-003 - Network + (2007)
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB932232)
Update for Outlook 2007 Junk Email Filter (kb976884)
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip 14.0
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/21/2009 8:09:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool DefragFS discache Null spldr TfFsMon TfSysMon Wanarpv6
12/21/2009 7:34:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Sean-PC\Sean SID (S-1-5-21-2158642990-649734462-1855310401-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/21/2009 7:34:18 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Sean-PC\Sean SID (S-1-5-21-2158642990-649734462-1855310401-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/21/2009 6:33:12 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/21/2009 6:30:12 PM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/21/2009 6:27:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool Null TfFsMon TfSysMon
12/21/2009 6:27:14 PM, Error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.
12/21/2009 6:22:37 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
12/21/2009 6:22:37 PM, Error: atikmdag [43029] - Display is not active
12/21/2009 6:18:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/21/2009 6:18:42 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/21/2009 6:13:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/21/2009 6:09:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/21/2009 6:09:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/21/2009 6:09:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/21/2009 6:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/21/2009 6:09:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/21/2009 6:09:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool discache Null spldr TfFsMon TfSysMon Wanarpv6
12/21/2009 5:02:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows CardSpace service to connect.
12/21/2009 5:02:13 PM, Error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/21/2009 4:50:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool Null
12/21/2009 4:24:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/21/2009 2:23:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
12/21/2009 2:23:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/21/2009 2:09:47 PM, Error: Ntfs [137] - The default transaction resource manager on volume C: encountered a non-retryable error and could not start. The data contains the error code.
12/21/2009 1:18:12 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/20/2009 3:21:54 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

==== End Of File ===========================

#6 sean75070

sean75070
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 22 December 2009 - 01:21 PM

I also tried the root repeal program and got the following error:

21:11:19: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000304)
21:11:19: DeviceIoControl Error! Error Code = 0x1e7
21:11:19: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000304)

#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:32 PM

Posted 22 December 2009 - 03:02 PM

I'm not seeing a reason in those logs to explain your issue. I do notice however that you have the server software installed and running. Are you using that system as a web server...or for games perhaps? If so, that would explain your shrinking disk size while others are connected to your system (the server) for whatever purpose. Sound reasonable to you?

I also note that you have a variety of security software installed, some of which is in conflict with the other(s). F-Secure for example does not get along well with Windows 7 to begin with, and using ThreatFire along with the rest is a recipe for a complete system crash from the instability that it can cause. Is that system OEM, that is, did you buy it pre-installed? Is it an upgrade?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:32 PM

Posted 30 December 2009 - 08:24 AM

Due to lack of response, this topic will now be closed to prevent others from posting here. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter.

Other members who need assistance please start your own topicin a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users