Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

811 GB .etl file? What is That?


  • Please log in to reply
14 replies to this topic

#1 pkbrooks

pkbrooks

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 21 November 2014 - 03:48 PM

BC Community,

 

Have a business desktop that out of the blue had memory problems yesterday.  It has a 1 TB hard drive and I know it doesn't even have 100 GB of files yet (its not even 4 months old).  I downloaded WinDirStat to see where the problem was and it shows a series of .etl files run the end of tuesday and in the morning on wednesday that spiked at the 811 GB file and then tappered back off the normal 155 KB size. 

 

Not really sure what Im dealing with here.  I research online and found that they are log files and one person said they can be deleted.  I tried but Windows 7 says the files are being used by Windows Audio and can't be deleted.

 

I have no idea what this is nor how to address it.  The computer is completely useless right now so any help would be nice.  I put a screen shot of the WinDirStat info below.

 

Thanks,  pkbrooks

 

CzTzrBV.png



BC AdBot (Login to Remove)

 


#2 pkbrooks

pkbrooks
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 24 November 2014 - 11:51 AM

Just an update.  Tried to start up this computer this morning and it forced me into safe mode.  I assume because it doesn't have any memory left to run at full strength.  Any help would be great.

 

pkbrooks



#3 pkbrooks

pkbrooks
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 24 November 2014 - 03:03 PM

Still have no idea what is causing this, but decided to just delete the .etl files.  Found a place where I could do that.  Computer is now functional.  There hasn't been any other .etl file generation since event.

 

If anyone knows anything about this I would still like to know what caused it.



#4 bandicoot_

bandicoot_

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 24 November 2014 - 03:12 PM

Wow.

 

To make sure, run Malwarebytes Anti-Malware from http://www.malwarebytes.org. If you already have it, then update it and run a scan.

 

Post the log results here.


Edited by bandicoot_, 24 November 2014 - 03:13 PM.


#5 pkbrooks

pkbrooks
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 25 November 2014 - 08:56 AM

bandicoot_

 

thanks for stepping in.  Wow is right.

 

After running windirstat i downloaded malwarebytes and ran a scan.  It turned up a group of processes that I started in scheduler to move documents between a folder and dropbox.  It works in conjunction with freefilesynch.  I did not however save the logs, so I will do that soon.  I'm actually having to work with another desktop that got the Sirius Win 7 Antivirus Malware yesterday.  Cleaned it out following the BC guide on that one and somehow it's raging again this morning.  When I get done with that I will post the logs for this issue.



#6 pkbrooks

pkbrooks
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 25 November 2014 - 10:07 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/25/2014
Scan Time: 9:54:49 AM
Logfile: Malwarebytes Log 20141125.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.25.06
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Design Center

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327063
Time Elapsed: 6 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Not seeing the items from the scan yesterday.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 PM

Posted 26 November 2014 - 04:22 PM

Not seeing the items from the scan yesterday.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

NOTE: History Tab > Application Logs inlcudes all Scan (& Protection Logs) by date and time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 pkbrooks

pkbrooks
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 01 December 2014 - 01:27 PM

Long weekend.  finally back in the office.  Here is the first MBAM run I did. 

 

 

Log

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/11/20 13:34:30 -0500</date>
<logfile>mbam-log-2014-11-20 (13-34-29).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.11.20.06</malware-database>
<rootkit-database>v2014.11.18.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Design Center</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>325895</objects>
<time>1064</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>2</folders>
<files>6</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<folder><path>C:\Users\Design Center\AppData\Roaming\OpenCandy</path><vendor>PUP.Optional.OpenCandy</vendor><action>none</action><hash>e0260f2fceae75c1515339cfc043f40c</hash></folder>
<folder><path>C:\Users\Design Center\AppData\Roaming\OpenCandy\5E8CE09F18014B9CBD3D9A0388553519</path><vendor>PUP.Optional.OpenCandy</vendor><action>none</action><hash>e0260f2fceae75c1515339cfc043f40c</hash></folder>
<file><path>C:\Users\Design Center\Downloads\FreeFileSync_6.0_Windows_Setup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>none</action><hash>996d76c86715c27410f6d2a32fd60bf5</hash></file>
<file><path>C:\Users\Design Center\Downloads\FreeFileSync_6.1_Windows_Setup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>none</action><hash>54b2d36b4735a98dad595b1ae61fdd23</hash></file>
<file><path>C:\Users\Design Center\Downloads\FreeFileSync_6.3_Windows_Setup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>none</action><hash>bc4a3c02720af73fe422561f08fdaf51</hash></file>
<file><path>C:\Users\Design Center\Downloads\FreeFileSync_6.4_Windows_Setup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>none</action><hash>2fd72618ef8dbd79db2bacc9ca3bb749</hash></file>
<file><path>C:\Users\Design Center\Downloads\FreeFileSync_6.6_Windows_Setup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>none</action><hash>bc4ae45ae29a68ce7096fc799f6644bc</hash></file>
<file><path>C:\Users\Design Center\Downloads\FreeFileSync_6.8_Windows_Setup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>none</action><hash>e422a5996517e84e788e0a6bdc292ed2</hash></file>
</items>
</mbam-log>

 

 

 

Protection Log

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="1" datetime="2014-11-20T13:34:14.495907-05:00" source="Manual" type="Update" username="SYSTEM" systemname="DESIGN-PC" fromVersion="2014.9.18.1" last_modified_tag="493bdf59-3146-4cf5-ba99-de6ccb32692e" name="Rootkit Database" toVersion="2014.11.18.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-11-20T13:34:21.141519-05:00" source="Manual" type="Update" username="SYSTEM" systemname="DESIGN-PC" fromVersion="2014.9.19.5" last_modified_tag="16bee0d1-8271-4982-9570-960c04218b54" name="Malware Database" toVersion="2014.11.20.6"></record>
   <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2014-11-20T13:34:30-05:00" datetime="2014-11-20T13:54:00.178254-05:00" source="Manual" type="Scan" username="SYSTEM" systemname="DESIGN-PC" last_modified_tag="fdfee3b4-7152-4e8b-9ca9-00813890c9c4" duration="1064" malwaredetections="0" nonmalwaredetections="8" scanresult="completed"></record>
</logs>
 



#9 pkbrooks

pkbrooks
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 04 December 2014 - 10:06 AM

Weeeellll...Came into work this morning and a second computer in my network was locked down due to the above .etl file problem.  The file was 403 GB and was made yesterday.  I'm officially concerned.  What I thought was causing the problem on the above computer isn't even possible on this new one.  The only similarity that I can see is Office 365 with OneDrive.  I am completely disappointed in Onedrive and have already begun to kick it to the curb it works so poorly.  Is it possible that this is the offender here?  The .etl file is being generated in the Office folder.  Is there process going wacko in the synching funtions?  I ran windirstat and have an image if anyone needs to see it.  It looks exactly the same as the above image except size.  I also ran malwarebytes and it came up completely clean.  I have the logs, but will wait to see if that is necessary.

 

pk



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 PM

Posted 04 December 2014 - 11:09 AM

According to one poster in this Microsoft Office 365 Community topic the .etl file is related to Skydrive Pro.

Another said the same thing in this Microsoft Community forum topic OneDrive (formerly SkyDrive)

And the file was also noted here.

This Office Online support topic also mentions the .etl extension.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 pkbrooks

pkbrooks
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 04 December 2014 - 01:06 PM

Thanks.  Had run into two of those this morning.  Gives me a bit more, but there is very little in the way help on a super sized log file.  Of course, to allow my people here to keep working on time sensitive issues, all I can do is delete the log file.  This completely destroys the very thing I need to trouble shoot the problem of course. Will have to go cry to Microsoft and see what they say I guess.  Will post back when I have found out what this is.



#12 maggot7

maggot7

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 04 December 2014 - 01:11 PM

Welcome to Microsoft!

 

The road to insanity is paved with Microsoft products.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 PM

Posted 04 December 2014 - 01:12 PM

Not a problem.

Yes...for issues with Microsoft Office, you can start a new topic in the Microsoft Community Office Forums for your specific version or one of the Office Communities.

Office 365 Forums
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 pkbrooks

pkbrooks
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 04 December 2014 - 03:07 PM

thanks quietman7.  Will look into that if I can't get MS to help on the phone.

 

Maggot...insanity...no doubt!



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 PM

Posted 04 December 2014 - 04:15 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users