Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hard drive keeps filling up even after deleting programs


  • This topic is locked This topic is locked
234 replies to this topic

#31 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 09:26 PM

i have it seen it before so I know what your talking about. I do have a place on the computer that shows errors but its really long. I can't get it to copy and paste. so I don't know how to do it



BC AdBot (Login to Remove)

 


#32 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 09:29 PM

It did just freeze and I had t restart it. Chrome froze.



#33 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 06 March 2015 - 09:37 PM

Thanks,

Let's take a look at some error information this way.

===================================================

Event Viewer Critical Information Windows 8/7/Vista

--------------------
  • Boot into Safe Mode
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • Click on the arrow to the left of Windows Logs to expand the category
  • Left click on System
  • On the right hand side of the screen click Filter Current Log...
  • Select Critical, then click OK
  • Select Save Filtered Log File As...
  • Under File Name: please type System then save it to your desktop
  • Left click on Application and repeat the above steps saving the file as Application
  • Zip the files and upload them here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uploaded Event Viewer files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#34 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 09:42 PM

safemode with networking?



#35 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 06 March 2015 - 09:46 PM

Yes you can.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#36 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 10:38 PM

I don't know that this is right. I didn't think it was right the first time and I deleted what I saved. So I hope I didnt lose anything. I did it again two different ways, I hope one of them works

Attached Files


Edited by dee455, 06 March 2015 - 10:50 PM.


#37 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 10:51 PM

oops sent one wrong log

Attached Files


Edited by dee455, 06 March 2015 - 10:51 PM.


#38 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 10:53 PM

sorry did it again this one is the one I meant to send

Attached Files



#39 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 06 March 2015 - 11:05 PM

Your Event Viewer files were created properly but unfortunately there was no workable information.

Let's run FRST again making sure to place a check mark in Addition.txt. Please post both reports.

I will be logging off soon so I may or may not see your reply tonight.

Edited by Oh My!, 06 March 2015 - 11:06 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#40 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 11:10 PM

ok. do I copy and paste the same stuff as last time



#41 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 06 March 2015 - 11:11 PM

Yes, copy and paste the contents of frst.txt and Addition.txt. Both should appear on your desktop after the programs finishes running.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#42 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 11:16 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by me at 2015-03-06 20:15:53 Run:4
Running from C:\Users\me\Desktop
Loaded Profiles: me (Available profiles: me & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKU\S-1-5-21-3678120768-2371748754-349669163-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3678120768-2371748754-349669163-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S3 HPSLPSVC; C:\Users\me\AppData\Local\Temp\7zS59A2\hpslpsvc64.dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cmdGuard; system32\DRIVERS\cmdguard.sys [X]
S1 cmdHlp; System32\DRIVERS\cmdhlp.sys [X]
S3 cpuz136; \??\C:\Users\me\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S1 inspect; system32\DRIVERS\inspect.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
C:\Users\me\ATT_SST.exe
C:\Users\me\ChromeSetup.exe
C:\Users\me\DropboxInstaller.exe
Task: {06B76195-25E0-4403-965C-77DA8E511B4D} - \COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} No Task File <==== ATTENTION
Task: {277F0241-C967-44F2-94BE-2182C18367B4} - \COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} No Task File <==== ATTENTION
Task: {5275CB87-E740-4227-B6DF-541C083A4C75} - \COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} No Task File <==== ATTENTION
Task: {5D76E656-ECFE-454A-8674-ED94A4A14D7C} - \COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} No Task File <==== ATTENTION
Task: {7F3F2BDC-5501-421E-B88A-34860F86F135} - \COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} No Task File <==== ATTENTION
Task: {C5570C8E-A83B-4261-B755-BD93D68FFD19} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {E9AD77E4-F166-4A43-A628-E69E6075BEE9} - System32\Tasks\4391 => Wscript.exe C:\Users\me\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\me\AppData\Local\Temp\launchie.vbs
AlternateDataStreams: C:\ProgramData\Temp:ADF211B1
AlternateDataStreams: C:\Users\me\goldengatebridge Invoice Payment Confirmation.eml:OECustomProperty
Task: {236ECF6B-77D3-4345-85BD-3C5DC7F2B11F} - System32\Tasks\{30EE85CA-52AC-4EA0-BCF6-3A882B74C908} => pcalua.exe -a F:\install.exe -d F:\
*****************
 
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key not found. 
HKU\S-1-5-21-3678120768-2371748754-349669163-1000\SOFTWARE\Policies\Google => Key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\S-1-5-21-3678120768-2371748754-349669163-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key not found. 
HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
HPSLPSVC => Service not found.
catchme => Service not found.
cmdGuard => Service not found.
cmdHlp => Service not found.
cpuz136 => Service not found.
inspect => Service not found.
MREMPR5 => Service not found.
MRENDIS5 => Service not found.
"C:\Users\me\ATT_SST.exe" => File/Directory not found.
"C:\Users\me\ChromeSetup.exe" => File/Directory not found.
"C:\Users\me\DropboxInstaller.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06B76195-25E0-4403-965C-77DA8E511B4D} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{277F0241-C967-44F2-94BE-2182C18367B4} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5275CB87-E740-4227-B6DF-541C083A4C75} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D76E656-ECFE-454A-8674-ED94A4A14D7C} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F3F2BDC-5501-421E-B88A-34860F86F135}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F3F2BDC-5501-421E-B88A-34860F86F135}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5570C8E-A83B-4261-B755-BD93D68FFD19} => Key not found. 
C:\Windows\System32\Tasks\0 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9AD77E4-F166-4A43-A628-E69E6075BEE9} => Key not found. 
C:\Windows\System32\Tasks\4391 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4391 => Key not found. 
"C:\Users\me\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
"C:\ProgramData\Temp" => ":ADF211B1" ADS not found.
C:\Users\me\goldengatebridge Invoice Payment Confirmation.eml => ":OECustomProperty" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{236ECF6B-77D3-4345-85BD-3C5DC7F2B11F} => Key not found. 
C:\Windows\System32\Tasks\{30EE85CA-52AC-4EA0-BCF6-3A882B74C908} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30EE85CA-52AC-4EA0-BCF6-3A882B74C908} => Key not found. 
 
==== End of Fixlog 20:15:54 ====

I dont see another log.



#43 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 06 March 2015 - 11:16 PM

We don't want to run the fix but rather open FRST, check Addition.txt, then click the Scan button.

Edited by Oh My!, 06 March 2015 - 11:17 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#44 dee455

dee455
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:24 AM

Posted 06 March 2015 - 11:19 PM

have a good night, if I don't talk to you again tonight



#45 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 06 March 2015 - 11:20 PM

Thanks, you too.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users