Losing Gigabytes of HDD Memory by the Hour

dhoff10 · 06-14-2008, 07:43 PM

Dear Analyst,

I just purchased my new desktop with a 500 gigabyte harddrive. The C-Drive has a total of 456 gigabytes of memory available and after the initial setup it had aorund 430 left. Ever since the first day the C-drive has been going down in available free space. It started to go down to 425,420, 419, and kept going until now it only has 393 gigabytes left of available free space. I have not installed any new programs and have followed the 5 steps discussed in the posting new threads section. I did install a music downloader called mp3 rocket, but the computer was losing free space before that installation. I have norton antivirus and another hp virus scanner and both state that there are no problems with my files. The more I am using the computer the more space I lose. On average I would say that 5 through 8 gigabytes of space are lost everyday. I have a wireless connection and no other problems such as popups or system corruption.

Deckard's System Scanner v20071014.68
Run by Sergio on 2008-06-14 21:10:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
36: 2008-06-15 00:10:35 UTC - RP48 - Scheduled Checkpoint
35: 2008-06-14 06:35:27 UTC - RP47 - Windows Update
34: 2008-06-12 05:46:16 UTC - RP46 - Windows Update
33: 2008-06-12 04:04:01 UTC - RP45 - Scheduled Checkpoint
32: 2008-06-10 03:11:17 UTC - RP44 - Windows Update

-- First Restore Point --
1: 2008-06-05 03:25:15 UTC - RP4 - Installed Microsoft Office Home and Student 2007

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-14 21:12:16
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\jusched.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\TRENDnet\TEW-421PC&TEW-423PI\WlanCU.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Sergio\Downloads\Deckard'sSystemScanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/public/us?mod=DNH_WSJ
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O4 - Global Startup: TEW-421PC&TEW-423PI.lnk = C:\Program Files\TRENDnet\TEW-421PC&TEW-423PI\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxMediaDB9.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe

--
End of file - 9914 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-14 10:39:10 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{55CCE5D1-29DE-4E3A-82EC-F2B441988BB3}.job
2008-06-05 01:08:32 548 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Sergio.job

-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-11 19:39:03 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-09 22:44:12 0 d-------- C:\PerfLogs
2008-06-09 22:11:36 0 d-------- C:\be733e1c3b50a76548203675687b4d
2008-06-09 21:19:58 0 d-------- C:\ie-spyad_zo
2008-06-09 21:10:16 0 d-------- C:\Users\All Users\TEMP
2008-06-09 21:10:11 0 d-------- C:\Program Files\SpywareBlaster
2008-06-09 20:09:45 0 d-------- C:\Program Files\Panda Security
2008-06-07 14:04:44 0 d-------- C:\Users\All Users\SonicStage
2008-06-07 13:21:29 770048 --a------ C:\Windows\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-06-07 13:21:29 532480 --a------ C:\Windows\system32\CddbPlaylist2Sony.dll <Not Verified; ; CddbPlaylist2 Module>
2008-06-07 13:21:29 589824 --a------ C:\Windows\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-06-07 13:21:29 73728 --a------ C:\Windows\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-06-07 13:21:29 655360 --a------ C:\Windows\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-06-07 13:20:45 0 d-------- C:\Users\All Users\Sony Corporation
2008-06-07 13:20:00 0 d-------- C:\Program Files\Sony
2008-06-07 13:19:59 0 d-------- C:\Windows\system32\Iosubsys
2008-06-07 13:19:23 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-06 23:55:27 0 d-------- C:\Users\Sergio\Shared
2008-06-06 23:55:20 0 d-------- C:\Users\Sergio\Incomplete
2008-06-06 23:54:58 0 d-------- C:\Program Files\MP3 Rocket
2008-06-06 12:27:13 0 d-------- C:\Users\All Users\NVIDIA
2008-06-05 23:05:27 0 d-------- C:\Program Files\Winamp
2008-06-05 06:35:38 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-06-05 06:28:49 0 d-------- C:\Program Files\MSXML 4.0
2008-06-05 01:21:33 69632 --a------ C:\Windows\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-06-05 01:21:33 110592 --a------ C:\Windows\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-06-05 01:21:33 135168 --a------ C:\Windows\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-06-05 01:21:33 163840 --a------ C:\Windows\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-06-05 01:21:14 0 d-------- C:\Users\All Users\Logitech
2008-06-05 01:21:11 0 d-------- C:\Program Files\Logitech
2008-06-05 01:21:09 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-05 01:04:54 0 d-------- C:\Program Files\TRENDnet
2008-06-04 23:46:40 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-06-04 22:28:22 0 d-------- C:\Users\All Users\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2008-06-04 22:28:17 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-06-04 22:27:22 0 d-------- C:\Windows\PCHEALTH
2008-06-04 22:27:22 0 d-------- C:\Program Files\Microsoft.NET
2008-06-04 22:25:51 0 d-------- C:\Users\All Users\Microsoft Help
2008-06-04 22:25:23 0 dr-h----- C:\MSOCache
2008-06-04 22:07:03 0 dr------- C:\Users\Sergio\Searches
2008-06-04 22

56 0 dr------- C:\Users\Sergio\Contacts
2008-06-04 22

11 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Videos
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\Templates
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\Start Menu
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\SendTo
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Saved Games
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\Recent
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\PrintHood
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Pictures
2008-06-04 22:01:22 6291456 --ahs---- C:\Users\Sergio\NTUSER.DAT
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\NetHood
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\My Documents
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Music
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\Local Settings
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Links
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Favorites
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Downloads
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Documents
2008-06-04 22:01:22 0 dr------- C:\Users\Sergio\Desktop
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\Cookies
2008-06-04 22:01:22 0 d--hs---- C:\Users\Sergio\Application Data
2008-06-04 22:01:22 0 d--h----- C:\Users\Sergio\AppData

-- Find3M Report ---------------------------------------------------------------

2008-06-13 18:33:24 0 d-------- C:\Program Files\Windows Mail
2008-06-11 19:39:03 0 d-------- C:\Program Files\Common Files
2008-06-09 22:51:52 174 --ahs---- C:\Program Files\desktop.ini
2008-06-09 22:45:44 0 d-------- C:\Program Files\Windows Sidebar
2008-06-09 22:45:44 0 d-------- C:\Program Files\Windows Calendar
2008-06-09 22:45:43 0 d-------- C:\Program Files\Movie Maker
2008-06-09 22:45:40 0 d-------- C:\Program Files\Windows Journal
2008-06-09 22:45:40 0 d-------- C:\Program Files\Windows Collaboration
2008-06-09 22:45:39 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-09 22:45:36 0 d-------- C:\Program Files\Windows Defender
2008-06-07 14:04:47 0 d-------- C:\Users\Sergio\AppData\Roaming\Sony Corporation
2008-06-07 13:22:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-07 13:19:11 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-07 12:48:22 0 d-------- C:\Users\Sergio\AppData\Roaming\MP3Rocket
2008-06-05 23:09:51 0 d-------- C:\Users\Sergio\AppData\Roaming\Winamp
2008-06-05 17:21:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-05 01:23:47 0 d-------- C:\Users\Sergio\AppData\Roaming\Logitech
2008-06-05 01:08:24 0 d-------- C:\Program Files\Norton Internet Security
2008-06-05 00:46:59 0 d-------- C:\Program Files\Symantec
2008-06-04 23:46:40 0 d-------- C:\Users\Sergio\AppData\Roaming\Yahoo!
2008-06-04 22:49:11 0 d-------- C:\Users\Sergio\AppData\Roaming\Adobe
2008-06-04 22:27:37 0 d-------- C:\Program Files\Microsoft Works
2008-06-04 22:07:46 0 d-------- C:\Users\Sergio\AppData\Roaming\Hewlett-Packard
2008-06-04 22:07:15 0 d-------- C:\Users\Sergio\AppData\Roaming\Snapfish
2008-06-04 22

57 0 d-------- C:\Users\Sergio\AppData\Roaming\Identities
2008-06-04 22:03:44 0 d-------- C:\Users\Sergio\AppData\Roaming\Macromedia

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 02:38 AM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [04/18/2007 10:01 AM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 11:16 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 06:59 AM]
"RtHDVCpl"="RtHDVCpl.exe" [07/06/2007 06:06 AM C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/24/2007 04:13 PM]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [04/07/2007 05:56 AM]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 02:11 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 05:59 PM]
"@"="" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [01/23/2007 03:44 PM C:\Windows\KHALMNPR.Exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 01:49 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [07/06/2007 08:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/06/2007 08:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/06/2007 08:15 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 02:33 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"HPADVISOR"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [06/01/2007 04:40 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 02:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/5/2008 1:21:32 AM]
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [5/7/2007 1:35:56 PM]
TEW-421PC&TEW-423PI.lnk - C:\Program Files\TRENDnet\TEW-421PC&TEW-423PI\WlanCU.exe [5/6/2007 12:15:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-14 21:13:44 ------------

dhoff10 · 06-20-2008, 09:49 PM

BUMP, please

Ried · 06-20-2008, 10:23 PM

Hello dhoff10,

I'm not seeing any malware here. Did you run the online scan at Panda? Do you have those results to post?

06-20-2008, 09:49 PM	#2 (permalink)
dhoff10 Registered User Join Date: Jun 2008 Posts: 2 OS: Windows Vista Service Pack 1	Re: Losing Gigabytes of HDD Memory by the Hour BUMP, please

06-20-2008, 10:23 PM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,095 OS: WinXP and Vista	Re: Losing Gigabytes of HDD Memory by the Hour Hello dhoff10, I'm not seeing any malware here. Did you run the online scan at Panda? Do you have those results to post? __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."