Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System drive fills up, reboot clears it. Got all clear from Malware fo

Started by rgforest , Jun 28 2010 09:43 PM

  • Please log in to reply

#1
rgforest
Posted 28 June 2010 - 09:43 PM

rgforest

    Member

  • Member
  • PipPip
  • 34 posts
Back on 6/15/2010 I got a disk full warning on my system drive which should only be about 1/3 full (18 out of 55 gb) and Explorer crashed while I tried to find what was taking up the extra space.

Reboot cleared it, but it continued to fill with unaccessible data at 10mb a minute. I also noticed that the recycle bin was empty and the "Empty Recycle Bin" line was missing from the menu.

A search on the web found a site called Kellys Korner at http://www.kellys-ko...m/xp_tweaks.htm. I applied a registry patch labeled "Replace/Repair the Recycle Bin in Windows XP" It fixed the bin but the C drive is still filling up.

I then posted on this site and after nearly 2 weeks trying to find any virus, malware or errant program causing the problem. I was given an all clear.

So I guess the next step is to see if Windows XP if the problem. A failed install/uninstall of SP2 about 4 years ago left windows update broken so I am unable to add SP2 or 3 from there. It also means that most firewall and antivirus software won't run on my system.

I'm using Avast and Malwarebytes for now. I'd like to solve the disk problem before archiving a copy of the drive.

Then I'd feel willing to try a manual install of SP 2 & 3 or even a repair install with my OEM disks.

Any suggestiong would help, such as how to examine the invisible data and find out what's writing it.

Thank you;

Edited by elise025, 10 July 2010 - 01:40 PM.
email address removed for security reasons

  • 0

Advertisements

#2
SweetTech
Posted 10 July 2010 - 01:13 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I apologize for the delay in someone responding to your query for assistance.

I feel the need to inform you up front that my main specialty is in Malware removal on this forum, but thought that I may have a solution, for the issues you are experiencing with Windows Update not working properly.

There is a possibility that the space issues you are experiencing is an issue that was fixed/patched with SP2 and/or SP3.

Lets see if this tool below fixes the issue with your Windows Update not working properly.

Dial-A-Fix

We need to repair some of windows' internal registration settings

  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

    Posted Image

    Posted Image
  • Click on Go.
  • Exit/Close Dial-A-Fix.

Next please go to windows update and install all critical updates

http://www.windowsupdate.com


Cheers,
SweetTech.
  • 0

#3
Macboatmaster
Posted 10 July 2010 - 02:35 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
I realise you are running AVAST and Malwarebytes but is there by any chance BitDefender on the computer or was there, because there have been instances of BitDefender Scanner, filling hard drives with backup files every time it thought it detected a threat.

Edited by Macboatmaster, 10 July 2010 - 02:36 PM.

  • 0

#4
Rorschach112
Posted 10 July 2010 - 02:49 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
He doesn't appear to have Bitdefender in his malware logs

rgforest, can you post the name of these files that are filling up your hard drive ?
  • 0

#5
rgforest
Posted 10 July 2010 - 02:54 PM

rgforest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
@Macboatmaster & Rorschach112

I had a redirect virus back in May and tried a bunch of things before I found this site.
It may have been one of them. How do I check?

The data does not show up in Windows Explorer (I have it set to show all files)

@SweetTech

Thank you for your help.

I ran dial a fix but I still get the message:

Problem: A problem on your computer is preventing updates from being downloaded or installed

I disabled Avast and shut down Malwarbytes active protection before I started. Is it possible that I need to uninstall Avast or maybe disable it's startup. It was still getting updates even during Windows Update.

Can you suggest a tool that can ID what is writing to the disk or examine and identify the data written?

Please let me know if there is anything I can do to keep this topic open.

By the way, Since I made the original post I:

bought a 500gb drive and backed up everything.

made the system drive as close to just system and program files as I can get.

cloned the system drive (the clone also has the problem)

added SP2 to the clone without using windows update

made an SP3 disk and was about to use it when I found your mail.


Because I am working on a clone I can try more risky methods of repair before I give up.
Since I have an Dell OEM disk, I don't think I can do a repair installation.
In the meantime I am trying to catalog and track down the install packages for everything on my system.


Thank you again for your help.
  • 0

#6
Rorschach112
Posted 10 July 2010 - 03:03 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
sweettech and macboatmaster will have some more ideas for you ( don't let me stop you guys ), I just want to check something

You are saying your system drive fills up, are you saying that the folder C:\ is getting filled ? If so do this

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
C:\
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#7
SweetTech
Posted 10 July 2010 - 03:07 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I'd like for you to try the following below:

Go to Start > Run > Type the bolded text regsvr32 wuapi.dll

Once you receive the message telling you that the DLL has been registered, click OK and perform the same steps for each of the following commands below:

regsvr32 wuaueng1.dll
regsvr32 wuaueng.dll
regsvr32 wucltui.dll
regsvr32 wups2.dll
regsvr32 wups.dll
regsvr32 wuweb.dll

After doing the above, please go ahead and reboot your computer. Upon startup of your computer see if your able to run Windows Updates successfully.
  • 0

#8
Macboatmaster
Posted 10 July 2010 - 03:19 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
On any Windows explorer application ie My Computer - Tools, Folder Options. Then, you should be on General tab, click on View tab. Choose the "Show hidden files" and remove checkmark from "Hide protected operating system folders and files" and then click OK.

May I suggest you do this AFTER the advice from SweetTech
We may then have a clue what these files that are filling the disc are.
My money is that one of the rogue programmes you have OR did have on the computer is still there and is generating files for every application or process running.

NB I have just read that you have set it to show all files, please confirm THE ABOVE is what you have done.

Edited by Macboatmaster, 10 July 2010 - 03:43 PM.

  • 0

#9
rgforest
Posted 10 July 2010 - 03:41 PM

rgforest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I registered the dlls and rebooted... no change.

The "used space" in the properties dialog for C: increases every time I check it, but a search for all files (with subfolders, system folders and hidden files and folders checked) does NOT show any significant change. Similar searches with Total Commander and Agent Ransack show no increase.

I keep "Hide protected operating system folders and files" always unchecked.


Sorry about some of the junk in the root.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:24 on 10/07/2010 by RG (Administrator - Elevation successful)

========== dir ==========

C: - Parameters: "(none)"

---Files---
All bare1.txt --a--- 1162 bytes [09:11 10/07/2010] [09:11 10/07/2010]
All bare2.txt --a--- 69216 bytes [09:11 10/07/2010] [09:11 10/07/2010]
ASTROCLK RAINBOW.PAL --a--- 58 bytes [08:44 26/03/2009] [08:43 26/03/2009]
AUTOEXEC.BAT --a--- 0 bytes [14:59 03/09/2002] [12:34 19/12/2005]
bare1.txt --a--- 477 bytes [09:16 10/07/2010] [09:16 10/07/2010]
bare2.txt --a--- 16008 bytes [09:11 10/07/2010] [09:58 10/07/2010]
Boot.bak --a--- 245 bytes [19:17 12/05/2010] [15:14 12/05/2010]
BOOT.INI -rahs- 309 bytes [04:55 18/03/2003] [08:11 10/07/2010]
BOOTSECT.DOS --ahs- 512 bytes [14:38 03/09/2002] [14:38 03/09/2002]
both bare1.txt --a--- 1639 bytes [09:19 10/07/2010] [09:19 10/07/2010]
cmldr --a--- 245920 bytes [19:17 12/05/2010] [05:05 29/08/2002]
colorValue.txt --a--- 6 bytes [07:24 25/09/2005] [10:49 06/01/2006]
CONFIG.SYS --a--- 0 bytes [14:59 03/09/2002] [14:59 03/09/2002]
Copy of RAINBOW.PAL --a--- 58 bytes [03:49 20/03/2009] [09:32 10/11/2005]
DELL.SDR -rah-- 4912 bytes [04:55 18/03/2003] [04:55 18/03/2003]
EGA80WOF.FON --a--- 52848 bytes [21:59 29/05/2010] [12:49 23/03/2009]
EGW40WOA.FON --a--- 15952 bytes [02:04 13/02/2009] [01:53 13/02/2009]
fixstart.bat --a--- 351 bytes [15:55 29/08/2004] [16:11 29/08/2004]
fixvol.bat --a--- 166 bytes [14:52 29/08/2004] [14:52 29/08/2004]
hcwclear.exe --a--- 102468 bytes [16:34 04/04/2003] [16:34 04/04/2003]
hcwclear.txt --a--- 239089 bytes [05:43 14/10/2003] [21:20 24/03/2005]
hcwclearold.txt --a--- 24452 bytes [14:43 12/04/2003] [08:43 09/05/2003]
help.txt --a--- 4174 bytes [22:14 23/04/2007] [14:37 12/10/2008]
helpxp.txt --a--- 4174 bytes [22:26 23/04/2007] [22:26 23/04/2007]
IO.SYS --ah-- 0 bytes [14:59 03/09/2002] [14:59 03/09/2002]
IPH.PH --ah-- 503 bytes [05:23 18/03/2003] [05:24 18/03/2003]
MDacLog.txt --a--- 25570 bytes [08:02 10/05/2005] [08:10 10/05/2005]
mplayerc.exe --a--- 1340416 bytes [22:10 23/08/2004] [22:46 28/03/2004]
MSDOS.SYS --ah-- 0 bytes [14:59 03/09/2002] [14:59 03/09/2002]
net_save.dna --a--- 1088 bytes [01:07 21/01/2004] [01:13 21/01/2004]
NTDETECT.COM --ahs- 47564 bytes [11:00 29/08/2002] [08:06 10/07/2010]
NTLDR --ahs- 250032 bytes [11:00 29/08/2002] [08:06 10/07/2010]
pagefile.sys --ahs- 1610612736 bytes [05:00 18/03/2003] [21:17 10/07/2010]
Prodinfo.txt --a--- 1392 bytes [19:04 12/02/2008] [05:08 03/07/2009]
quick --a--- 0 bytes [09:17 10/07/2010] [09:17 10/07/2010]
quick launch.txt --a--- 994 bytes [09:17 10/07/2010] [09:17 10/07/2010]
RAINBOW.PAL --a--- 58 bytes [12:17 13/06/2004] [04:07 20/03/2009]
rp1 --a--- 1 bytes [07:57 10/05/2005] [07:57 10/05/2005]
SA.DAT --ah-- 6 bytes [09:46 08/09/2004] [09:46 08/09/2004]
SystemInfo.ini --a--- 87 bytes [05:15 18/03/2003] [05:15 18/03/2003]
t.txt --a--- 11446 bytes [04:52 18/03/2009] [04:52 18/03/2009]
treeinfo.wc ---h-- 102664 bytes [18:28 03/11/2008] [05:06 09/07/2010]

---Folders---
Audio d----- [08:14 13/05/2003]
cmdcons drahs- [19:17 12/05/2010]
Config.Msi d----- [20:33 08/12/2005]
DELL d----- [04:51 18/03/2003]
Documents and Settings d----- [04:51 18/03/2003]
downloads d----- [01:31 14/06/2004]
DRIVERS d----- [04:51 18/03/2003]
I386 d----- [04:51 18/03/2003]
Media d----- [05:14 18/03/2003]
My Downloads d----- [08:53 15/01/2004]
My Music d----- [05:23 18/03/2003]
My Web Sites d-a--- [09:00 14/06/2008]
MyVideos d----- [23:40 23/03/2005]
NVIDIA d----- [16:16 20/01/2004]
pebuilder3110a d----- [16:02 18/07/2009]
Perl d----- [23:15 14/06/2003]
Program Files dr---- [04:51 18/03/2003]
Ptools d----- [11:50 08/06/2010]
RECYCLER d--hs- [11:25 19/05/2010]
skins d----- [09:46 11/01/2010]
System Volume Information d--hs- [04:51 18/03/2003]
Temp d----- [21:31 10/09/2004]
Templates d----- [04:49 21/08/2005]
Temporary Internet Files d---s- [03:43 09/07/2010]
WINDOWS d----- [04:49 18/07/2000]

-=End Of File=-
  • 0

#10
Macboatmaster
Posted 10 July 2010 - 04:15 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
rgforest
I wish you the best of luck.
I am sorry but I have no further advice, other than to say that my bet is still as above in post 8.
Insofar as the updates are concerned Windows Automatic Update is NOT always reliable in indicating which updates are required and the installation order. ie: So
me updates cannot be installed until others are already in place .
Use this and then at least you will know for certain which are needed,
Hope it is not insulting, but do not forget that spyware and pop up blockers will prevent many updates from downloading as will of course some Firewalls

http://support.micro...kb/320454/en-us

Edited by Macboatmaster, 10 July 2010 - 04:20 PM.

  • 0

#11
rgforest
Posted 10 July 2010 - 04:52 PM

rgforest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thanks All

If nobody has anything to add I have one question.

If something changes or I find out more about what's going on, how do I ask for help again without getting automatically deleted as a repost.

----------------

Since I am doing this on a clone of my system disk I plan to get a little more aggressive since I can just restore the image if I screw up.

I just wish I knew how to monitor what was accessing the hd. Isn't there a utility that can do that?

I have a spare drive to start rebuilding my system in. If that starts to fill up without any contact with the other disks, it will almost certainly be a hardware problem.

I will post if I finally figure this out, but I'm still open to any suggestions.
  • 0

#12
SweetTech
Posted 10 July 2010 - 05:03 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello rgforest,

I'd like to have you post in our malware forum again, so we can ensure that no malware is lurking on your system.

If you'd like, I can continue to work with you in the Malware forum. If you'd like me to do so, then I ask that you include my name in the topic title somewhere, so that I'll be able to spot it easily.

I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the requested logs in THAT forum. If you are unable to run and/or post the required logs, then post that in your initial post in the topic you create in that forum.

If we shall determine that it's not malware related, then we can come back to this thread here and see if we have any other options available.

Cheers,
SweetTech.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP