Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Drive Space


  • This topic is locked This topic is locked
22 replies to this topic

#1 NiTROACTiVE

NiTROACTiVE

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:11 PM

Posted 09 February 2015 - 01:47 AM

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/564032/hard-drive-space-decreasing/ - Hamluis.

 

OK, I finally got the chance to post an update. I did what noknojon told me to do, and I attatched the TXT files Addition.txt and FRST.txt here. I'm not sure if there's reall a virus, but should I post it in the Virus, Trojan, Spyware, and Malware Removal Logs forum? I'm not sure if I really should since I'm not TOO sure if I'm infected or not. And now my hard drive is down to 175 GB.

Attached Files


Edited by hamluis, 09 February 2015 - 05:15 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 13 February 2015 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
HKU\S-1-5-21-3139485584-2481854343-2763292810-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3139485584-2481854343-2763292810-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3139485584-2481854343-2763292810-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3139485584-2481854343-2763292810-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
URLSearchHook: HKU\S-1-5-21-3139485584-2481854343-2763292810-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3139485584-2481854343-2763292810-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3139485584-2481854343-2763292810-1000 -> {767A3FD2-E2B1-41AC-8E24-6B7E4EBAAA84} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3299568&CUI=UN11182891971186227&UM=2
SearchScopes: HKU\S-1-5-21-3139485584-2481854343-2763292810-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3139485584-2481854343-2763292810-1000 -> {B47DCA45-B87A-46E1-89A5-15C21F5BAD9D} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002UVUS&apn_uid=523c6fce-d126-4603-8542-a1dbe7f1efab&apn_sauid=D82F5988-2427-49BA-A6A8-8FD3EC94F4CE
SearchScopes: HKU\S-1-5-21-3139485584-2481854343-2763292810-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6PQWQEWM35&i=26
SearchScopes: HKU\S-1-5-21-3139485584-2481854343-2763292810-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-3139485584-2481854343-2763292810-1000 -> No Name - {E5B66461-19EB-4DA5-BBF7-DF2D266D975B} -  No File
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ei.Zwinky_5q.com/Plugin -> C:\Program Files (x86)\Zwinky_5qEI\Installr\1.bin\NP5qEISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin HKU\S-1-5-21-3139485584-2481854343-2763292810-1000: nkltd.appspot.com/SSHProxy -> C:\Users\Scott House\AppData\Local\VPNReactor\Chrome\npSSHProxy.dll No File
FF SearchPlugin: C:\Users\Scott House\AppData\Roaming\Mozilla\Firefox\Profiles\vbxhf2al.default\searchplugins\google-avast.xml
CHR Extension: (Avast SafePrice) - C:\Users\Scott House\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-05]
CHR HKU\S-1-5-21-3139485584-2481854343-2763292810-1000\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Scott House\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [Not Found]
CHR HKU\S-1-5-21-3139485584-2481854343-2763292810-1000\...\Chrome\Extension: [pcajpdcjfekhfnapaiphaecoajeollnc] - C:\Users\Scott House\AppData\Local\CRE\pcajpdcjfekhfnapaiphaecoajeollnc.crx [2013-12-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaiognmpgbjoffachmpnnppfnokcbe] - C:\ProgramData\AskPartnerNetwork\Toolbar\FWV7\CRX\ToolbarCR.crx [2013-06-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Scott House\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pcajpdcjfekhfnapaiphaecoajeollnc] - C:\Users\Scott House\AppData\Local\CRE\pcajpdcjfekhfnapaiphaecoajeollnc.crx [2013-12-30]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-13] (APN LLC.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
Task: {644E360E-B75A-4CCC-A958-96124064CF38} - \Updater21804.exe No Task File <==== ATTENTION
Task: {6CE75E2A-AC7A-49AD-BAC6-D7F0691A9C5E} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {A4FE2021-33A8-46BE-B08E-DAC6EF6ED21E} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {F81A1334-F1C6-46DC-8CDD-FCB989B13413} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:CB945D3B
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
C:\Program Files\OutfoxTV

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===


What is the current problem with your HARD DRIVE space.

Wait for further instructions.

#3 NiTROACTiVE

NiTROACTiVE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:11 PM

Posted 16 February 2015 - 11:55 PM

Sorry for the late reply, I was busy with schoolwork. I ran the fix feature with FRST with the text file you told me to make, and I got the results in Fixlog.txt.

 

I then ran AdwCleaner and got the results as seen in AdwCleaner[R0].txt, but I'm trying to figure out what should be deleted or not.

 

As for my hard drive problem, I started this thread that explains my problem. So what now?

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 17 February 2015 - 09:37 AM

Please run the AdwCleaner tool one more time.
When the scan is finished run the clean option to remove everything.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 22 February 2015 - 09:26 AM

Are you still with me?

#6 NiTROACTiVE

NiTROACTiVE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:11 PM

Posted 23 February 2015 - 01:17 AM

Sorry for the late reply as I was busy with college again. I did what you said about deleting what AdwCleaner found as junk, but my space didn't go up at all as it stayed the same. My hard drive space is now 154 GB as it used to be 232 GB, so I'm not sure if it's just some sort of glitch with the system or if it's something else.

Anyways, here's my results from the Security Check program:
 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox 33.0.2 Firefox out of Date!  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 23 February 2015 - 10:15 AM

Have a look at your Virtual memory settings.
http://www.tech-recipes.com/rx/36092/windows-7-and-8-change-the-size-of-virtual-memory/

Follow the instructions on this page.

Quote from the article.

Users of SSD drives have a more complex problem. Since virtual memory writes to the hard drive very frequently, using SSD drives in this fashion can theoretically decrease the life of the drive. However, SSD drives are so quick that this drive style reduces a lot of the performance limitations associated with virtual memory.


If you have a Solid State Drive I would leave it alone.
===

You have the latest version of Java.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 NiTROACTiVE

NiTROACTiVE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:11 PM

Posted 23 February 2015 - 03:51 PM

OK I'll try that, but would I know if I have an SSD or not? My computer is a Dell Inspiration One 19, and I never got it's hard drive changed.

 

And if I have an SSD, then did you say I should not do what that link said about my virtual memory?


Edited by NiTROACTiVE, 23 February 2015 - 04:41 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 24 February 2015 - 08:43 AM

You DO NOT have a SSD driver.
http://www.01net.com/fiche-produit/fiche-technique-7171/desktops-dell-inspiron-one-19-touch/
Specifications.
Vitesse de rotation du disque 1 7200tr/mn <--- The speed of the disk is 7200 turns per minute.

===

So you can Change the Virtual memory.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 24 February 2015 - 09:32 AM

In you previous topic, the first one you started member dinodod had requested you run the TreeSize application

He has now requested that you run it again

Please have him rerun the TreeSize application and have him post it here so we can compare the 2 snapshots. He lost another 20 gigs already and we need to see where the data is.


Refer to your the post no 3 in your previous topic.
http://www.bleepingcomputer.com/forums/t/564032/hard-drive-space-decreasing/

p.s. if you did not reset your virtual memory DO NOT do it just yet. Run the TreeSize application.

#11 NiTROACTiVE

NiTROACTiVE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:11 PM

Posted 25 February 2015 - 02:52 AM

If you meant WinDirStart rather than TreeSizethen I used WinDirStart again, but it came up as 203.5 GB being used overall despite my hard drive being at 153 GB. Unless if I really should use the TreeSize program or some other similar program, then would it work better?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 25 February 2015 - 09:26 AM

I'm not familiar with either tools.

Member dinodod who helped you in the other log is guiding me on this issues.
I hope I get something out of it also.

Either one will work. Can you post the results of the Windirstat after hiding the bottom pane (I believe it was F9?)

If you use TreeSize, you should be able to simply post a screenshot of the results.

Please be sure to expand the folders taking up all the room so we can see what folders are using up the space.


Post what you have.

#13 NiTROACTiVE

NiTROACTiVE
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:11 PM

Posted 26 February 2015 - 04:05 AM

I decided to do a scan with TreeSize, and I found something I didn't find with WinDirStart. If you look at these images, I found a folder called System Volume Information. It also recently updated, and it has more space used than the Program Files (x86). So could that be the cause of the problem?


Edited by NiTROACTiVE, 26 February 2015 - 04:05 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 26 February 2015 - 08:59 AM

Stay with me I'm waiting for advice from dinodod.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 27 February 2015 - 07:44 AM

Here is dinodod's instructions.

The System Volume Information folder is a hidden system folder that the System Restore tool uses to store its information and restore points. There is a System Volume Information folder on every partition on your computer.

System Restore uses by default, 3%-5% of your entire drive

MS article
http://windows.microsoft.com/en-us/windows7/how-much-disk-space-does-system-restore-require

https://www.youtube.com/watch?v=oGXbMyFaROw#t=50

gives you an overview of how to manage your system restore allocated space.

If you really need the space, simply adjust the slider to reduce the amount of space used and then System restore will simply start to overwrite the oldest restore points when it runs out of room.

Please send us an expanded view of your Users folder and Program Files which were taking up all the space. It is in these 2 folders that you will probably be able to make the most changes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users