Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

low memory, Virus?


  • This topic is locked This topic is locked
36 replies to this topic

#16 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:31 AM

Posted 03 October 2014 - 11:43 AM

Hi bikefiend,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


BC AdBot (Login to Remove)

 


#17 bikefiend

bikefiend
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 04 October 2014 - 09:52 AM

my drive has only  190mb free of 679G
 
 
# AdwCleaner v3.311 - Report created 04/10/2014 at 10:45:05
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : meictong2 - CHUN-PC
# Running from : C:\Users\meictong2\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Sendori
Folder Deleted : C:\Program Files (x86)\Sendori
Folder Deleted : C:\Users\meictong2\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\meictong2\AppData\Roaming\0D0S1L2Z1P1B
Folder Deleted : C:\Users\meitong\AppData\Roaming\Mozilla\Firefox\Profiles\lrzrsc5z.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\meitong\AppData\Roaming\Mozilla\Firefox\Profiles\lrzrsc5z.default\Extensions\ffxtlbr@mysearchdial.com
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Digital Sites
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\kmh5vy4v.default\prefs.js ]
 
 
[ File : C:\Users\meictong2\AppData\Roaming\Mozilla\Firefox\Profiles\bgmi0yds.default-1394589295153\prefs.js ]
 
 
[ File : C:\Users\meitong\AppData\Roaming\Mozilla\Firefox\Profiles\lrzrsc5z.default\prefs.js ]
 
 
[ File : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\bceqo36y.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\meictong2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R1].txt - [2598 octets] - [04/10/2014 10:18:09]
AdwCleaner[R2].txt - [2800 octets] - [04/10/2014 10:43:45]
AdwCleaner[S1].txt - [2749 octets] - [04/10/2014 10:45:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2809 octets] ##########
 


#18 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:31 AM

Posted 04 October 2014 - 01:34 PM

Hi bikefiend,
 
Do you use all 3 accounts (meictong2, meictong and User1)?

 

--------------

 

Also, please see this link and scroll down to Option 1 to remove excess Shadow Copies from your system, and hopefully free up some space on your C: drive. See this link on how to reduce the amount of available space for Shadow Copies (you must scroll down to that section of the article).

Once complete, reboot your system and check the drive space.

 

--------------

 

Please re-run TreeSize, and when the program has fully loaded the whole hard drive. Click on the icon with a 9, a 1 and a down arrow. Please take a screenshot and then upload it to filedropper like you did before. Include the url in your next reply.

 

xXToffeeXx~


Edited by xXToffeeXx, 04 October 2014 - 01:34 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#19 bikefiend

bikefiend
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 05 October 2014 - 09:30 PM

<a href=http://www.filedropper.com/bleep1><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >upload files online</a></div>



#20 bikefiend

bikefiend
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 05 October 2014 - 09:31 PM

now I have 82.4 g free of 679gb.

 

I deleted some Users and cleaned up files.



#21 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:31 AM

Posted 06 October 2014 - 02:18 PM

Hi bikefiend,
 
That is much better, though I would to see whether we can free up a bit more space.
 
Please re-run TreeSize. Then expand the Users folder and expand all the folders within Users so I can see what exactly is taking up the space. Please take a screenshot and then upload it to filedropper like you did before. Include the url in your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#22 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:31 AM

Posted 12 October 2014 - 11:59 AM

Hi bikefiend,
 
This is a 3 day bump:
 
It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#23 bikefiend

bikefiend
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 13 October 2014 - 09:20 PM

http://www.filedropper.com/tree-size10132014


<a href=http://www.filedropper.com/tree-size10132014><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >upload files online</a></div>


I just got a blue screen about crash dump,does that mean anything?



#24 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:31 AM

Posted 14 October 2014 - 10:53 AM

Hi bikefiend,

 

You did not expand the Users folder in TreeSize.

 

What were you doing when the bluescreen happened? Has a bluescreen happened before?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#25 bikefiend

bikefiend
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 14 October 2014 - 06:40 PM

i just turned on computer and blue screen popped up and never happened before. 



#26 bikefiend

bikefiend
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 14 October 2014 - 06:46 PM

running treesize again



#27 bikefiend

bikefiend
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 14 October 2014 - 09:23 PM

http://www.filedropper.com/tree2



#28 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:31 AM

Posted 15 October 2014 - 01:22 PM

Hi bikefiend,

 

How is your computer running? Does the error about low memory still occur?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#29 bikefiend

bikefiend
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 15 October 2014 - 10:17 PM

No error messages



#30 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:31 AM

Posted 16 October 2014 - 11:00 AM

Hi bikefiend,
 
Your version of Adobe Reader is out of date.
 
Please follow these steps to remove older version Adobe Reader components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Reader uninstaller.
  • Reboot your computer once Adobe Reader is removed.
  • Then from your desktop double-click on the Adobe Reader installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
  • If offered any unwanted software or toolbars during installation (such as the McAfee Security Plan Plus); just uncheck the box before continuing unless you want it.
  • Adobe Reader is updated frequently. If you want to be automatically notified of future updates, or automatically have them installed then make sure to check the option in the installer

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users