|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
06-24-2009, 05:36 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 4
OS: xp service pack 3
|
Losing free hard drive space
Within 24 hours I went from 2.11 GB free hard drive space to 312 MB without downloading or installing anything on my c partition..
I have run chkdsk, every virus scan, malware scan and spyware scan available. My default is Bit Defender Total Security 2009. I've cleared out System Restore. It seems like it may have started after installing Windows XP service pack 3, but I wouldn't swear that it is the problem. I'm at a loss and hope someone may see the problem. THANKS DSS.txt : DDS (Ver_09-05-14.01) - FAT32x86 Run by topgun at 18  18.52 on Wed 06/24/2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.470 [GMT -5:00] AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe c:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\VCOM\PowerDesk\pddlghlp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Norton Navigator\FILEMGR.EXE c:\2\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.isp.com/members/ uLocal Page = \blank.htm mStart Page = hxxp://www.isp.com/members/ mSearchAssistant = hxxp://search.live.com/sphome.aspx BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.3.19.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: XBTB06823: {ba463437-c3de-47da-8280-87596824388a} - XBTB06823 Class BHO: NAV Helper: {bdf3e430-b101-42ad-a544-fadc6b084872} - CNavExtBho Class BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SystemTray] SysTray.Exe mRun: [Blitzz BWI715] c:\program files\blitzz\bwi715\WLANmon.exe mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe" mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [LWBKEYBOARD] c:\program files\labtec\media keyboard\v5.0\KbdAp32A.exe mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp mRun: [VTTimer] VTTimer.exe mRun: [SoundMan] SOUNDMAN.EXE mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe" mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [InCD] c:\program files\ahead\incd\InCD.exe mRunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [Printing Migration] rundll32.exe c:\windows\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters StartupFolder: c:\docume~1\topgun\startm~1\programs\startup\dialog~1.lnk - c:\program files\vcom\powerdesk\pddlghlp.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\labtec~1.lnk - c:\program files\labtec\cordless desktop\labtec cordless keyboard\HotKeyEx.exe uPolicies-explorer: NoFavoritesMenu = 01000000 mPolicies-explorer: NoDevMgrUpdate = 0 (0x0) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) dPolicies-explorer: NoFavoritesMenu = 01000000 IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office10\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: turbotax.com DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab DPF: {3334504D-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/mpeg4ax.cab DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - hxxp://downloads.mplayer.com/MplayerAutoInstaller.exe DPF: {5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F} - hxxp://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {6BE6BDA4-394F-11D3-B6AF-00105AA51E4C} - hxxp://www.dash.com/DashInst.cab DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab DPF: {85411480-DDF9-11D0-8F52-080009CDBAA9} - hxxp://stats.espn.go.com/java/OuterComparisonChart.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\topgun\applic~1\mozilla\firefox\profiles\pcpmve6a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\mozilla firefox\components\FFComm.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmeadax.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: d:\real\realplayer\netscape6\nppl3260.dll FF - plugin: d:\real\realplayer\netscape6\nprjplug.dll FF - plugin: d:\real\realplayer\netscape6\nprpjplug.dll ---- FIREFOX POLICIES ---- user_pref(network.protocol-handler.app.mailto,/usr/bin/thunderbird-bin);FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-31 64160] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-6-24 13696] R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1005904] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-6-1 604416] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-10-5 13592] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328] R3 BWI715;BWI715 Wireless Network Adapter Service;c:\windows\system32\drivers\BWI715.sys [2006-1-2 344096] S2 itesd;ITESD_Service_Install;c:\windows\system32\drivers\itesd.sys [2006-11-8 13133] S2 ITESM;ITESM_Service_Install;c:\windows\system32\drivers\itesm.sys [2006-11-8 19053] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784] S3 iteio;iteio;c:\windows\system32\drivers\iteio.sys [2006-11-5 3680] S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;c:\windows\system32\drivers\itsernum.sys [2006-11-5 20133] =============== Created Last 30 ================ 2009-06-24 18:05 <DIR> --d----- C:\2 2009-06-24 17:57 16,384 a------- c:\temp\Perflib_Perfdata_6e0.dat 2009-06-24 17:57 16,384 a------- c:\temp\Perflib_Perfdata_71c.dat 2009-06-24 17:45 16,384 a------- c:\temp\Perflib_Perfdata_7bc.dat 2009-06-04 06:53 16,384 a------- c:\temp\Perflib_Perfdata_7b0.dat 2009-06-03 16:24 <DIR> --d----- c:\documents and settings\topgun\DoctorWeb 2009-06-03 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2009-06-03 14:41 16,384 a------- c:\temp\Perflib_Perfdata_bc.dat 2009-06-03 13:58 16,384 a------- c:\temp\Perflib_Perfdata_6f0.dat 2009-06-03 07:20 103,720 a------- c:\documents and settings\topgun\GoToAssistDownloadHelper.exe 2009-06-03 06:41 16,384 a------- c:\temp\Perflib_Perfdata_5d4.dat 2009-06-03 06:41 16,384 a------- c:\temp\Perflib_Perfdata_75c.dat 2009-06-02 18:25 16,384 a------- c:\temp\Perflib_Perfdata_754.dat 2009-06-02 18:25 16,384 a------- c:\temp\Perflib_Perfdata_5c4.dat 2009-06-01 19:15 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-06-01 19:15 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-06-01 18:55 16,384 a------- c:\temp\Perflib_Perfdata_5e4.dat 2009-06-01 17:22 16,384 a------- c:\temp\Perflib_Perfdata_65c.dat 2009-06-01 08:19 16,384 a------- c:\temp\Perflib_Perfdata_4a8.dat 2009-06-01 08:13 1,891 a------- c:\windows\imsins.BAK 2009-06-01 08:10 604,416 a------- c:\windows\system32\TUProgSt.exe 2009-06-01 08:10 28,928 a------- c:\windows\system32\uxtuneup.dll 2009-06-01 08:10 361,216 a------- c:\windows\system32\TuneUpDefragService.exe 2009-06-01 08:10 <DIR> --d----- c:\docume~1\topgun\applic~1\TuneUp Software 2009-06-01 08:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software 2009-06-01 08:10 <DIR> --d----- c:\program files\TuneUp Utilities 2009 2009-06-01 08:09 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357} 2009-06-01 08:08 16,384 a------- c:\temp\Perflib_Perfdata_598.dat 2009-06-01 07:37 16,384 a------- c:\temp\Perflib_Perfdata_468.dat 2009-05-31 19:46 138,384 a------- c:\windows\system32\drivers\tmcomm.sys 2009-05-31 19:45 <DIR> --d----- c:\docume~1\topgun\applic~1\HouseCall 6.6 2009-05-31 19:39 16,384 a------- c:\temp\Perflib_Perfdata_27c.dat 2009-05-31 19:39 16,384 a------- c:\temp\Perflib_Perfdata_550.dat 2009-05-31 19:25 15,688 a------- c:\windows\system32\lsdelete.exe 2009-05-31 19:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop 2009-05-31 18:52 <DIR> --d----- c:\program files\MeadCo Neptune 2009-05-31 18:19 <DIR> --d----- c:\program files\Trend Micro 2009-05-31 15:04 16,384 a------- c:\temp\Perflib_Perfdata_5f8.dat 2009-05-31 15:04 16,384 a------- c:\temp\Perflib_Perfdata_780.dat 2009-05-31 15:02 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-05-31 14:58 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800} ==================== Find3M ==================== 2009-06-03 14:05 81,984 a------- c:\windows\system32\bdod.bin 2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-05 07:51 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-10-07 07:18 431,504 a------- c:\docume~1\topgun\applic~1\GDIPFONTCACHEV1.DAT 2008-03-20 13:17 87,608 a------- c:\docume~1\topgun\applic~1\inst.exe 2008-03-20 13:17 47,360 a------- c:\docume~1\topgun\applic~1\pcouffin.sys 2004-02-08 15:33 266 ---sh--- c:\program files\desktop.ini 2004-02-08 15:33 11,079 ----h--- c:\program files\folder.htt 2001-05-12 20:23 94 a------- c:\program files\User_base.jnp ============= FINISH: 18:07:56.41 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
| Thread Tools | |
|
|
