I have a 1TB internal SATA HDD in my desktop, but it is having some "mahhhhhaahhhahhhaajor" issues at the moment. For lack of a better way to describe it...space is disappearing from it. It's almost like something is eating it, like a virus/malware. I did a complete scan (twice) with CCleaner, Malwarebytes, and Spybot Search and Destroy, and everything returned as clean as a whistle. It is getting extrememly annoying because it's constantly telling me that my drive has no space left. As a result, I have to delete stuff or move it to an external drive in order to use my system on a daily basis. It is not a meg here and a meg there...I'm talking bout gigs lost. I have lost massive amounts of space and no idea where they're going or what's going on. According to some utilities, my drive is extremely active (presumably because it's swapping between RAM and HDD), but that's just an educated guess. My system includes: Windows 7 Professional (64-bit), AMD Athlon II x3 455 3.3 GHz CPU, 8 GB RAM, AMD Radeon HD XFX 6850 graphics card. Can someone please shed some light on this. I'm starting to worry that this is a security issue for my house, and thus have disconnected it from the network and homegroup. I have a fair bit of computer knowledge (currently studying it in college) and it's my entire background, but I'm in way over my head with this. I've tried going through the registry and that didn't turn up anything uber suspicious (and i dare not **** with it too much because i know what can happen when you mess with the registry).
Disappearing Memory
- Thread starter Greecian
- Start date
Since you have already done malwarebytes do the following and post the logs.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
In your next reply please post:
To post a hijackthis log do the following.
Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.
Post the logfile that HijackThis produces
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
- Download this file here :
Combofix
- When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
- Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
- We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
- Close all open Windows including this one.
- Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
- Please click on I agree on the disclaimer window.
- ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
- ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
- Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
- At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
- Please click on yes in the next window to continue scanning for malware.
- ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
- ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
- While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
- When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
- This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
- When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
- Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
In your next reply please post:
- The ComboFix log
- A fresh HiJackThis log
- An update on how your computer is running
To post a hijackthis log do the following.
Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.
Post the logfile that HijackThis produces
LukeCarbone
New Member
You may have automatic updates for video drivers or for motherboard drivers or just OS updates that are filling up your SATA drive, try to get an external and run the OS off the external use your SATA for games only
i just finished running combofix, and it worked...sorta. I'm not losing anymore HDD space, but I haven't gotten back nearly what I've lost. I've lost over 300 gigs and i only got back 34.5 gigs. also, the display and settings went back to the way they were on day 1 (black background, no pinned programs on the start menu or on the taskbar, clock in wrong format, not recognizing my hardwired internet connection). However...I still have all of my files and programs. You said you wanted the log from combofix, but its HUGE! i have a 24 inch monitor and notepad was in fullscreen and i could barely see the scrollbar on the side. It also took forever to complete the scan and stuff. i started it about 30 minutes after your post yesterday, and it just finished.
when i went to use it after the log had been produced, i kept getting error messages saying that files were to be deleted (don't remember the exact message but it happened for anything that I tried to open...even task manager), so I rebooted and had to fiddle with the display settings because it was in "legacy" display mode.
What do I do now? I'm not sure if I should run the other program since combofix displayed some odd symptoms "duration of scan and whatnot"
when i went to use it after the log had been produced, i kept getting error messages saying that files were to be deleted (don't remember the exact message but it happened for anything that I tried to open...even task manager), so I rebooted and had to fiddle with the display settings because it was in "legacy" display mode.
What do I do now? I'm not sure if I should run the other program since combofix displayed some odd symptoms "duration of scan and whatnot"
WeatherMan
Active Member
If you can, post the log. The logs are usually huge.
But judging by the size and slowness that it took to create the file, a reformat may be the better option.
Again, I recommend posting the log if you can, see what John has to say
But judging by the size and slowness that it took to create the file, a reformat may be the better option.
Again, I recommend posting the log if you can, see what John has to say
the error message says (and i'm typing it exactly as it's displayed)
"1. Your submission could not be processed because a security token was missing.
If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error."
"1. Your submission could not be processed because a security token was missing.
If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error."
That is a vbulletin issue, which we use on this forum. I'll give you my email address if you want to email them to me or you can host the files on a file sharing site and give me the link to them.
Another possibility... You are actually copying and pasting the logs directly into your reply correct and not trying to attach them?
Another possibility... You are actually copying and pasting the logs directly into your reply correct and not trying to attach them?
Download Filefind By Attribune.
•Unzip the file and save it to your desktop.
•Double-click on FileFind.exe
•In the box labeled "Enter the directory to search" type C:\
•(note if your default Windows boot drive is not drive C, substitute your drive letter).
•In the box labeled "Enter the file to search" type services.exe
•Click on the Find button.
•Once the utility has found the files click on Export. This will save a text file to your C:\ drive (or your default Windows drive) as Export.txt.
Add the C:\Export.txt log to your next message.
Also, For each file it lists please upload that specific file to www.virustotal.com You will get a results link for each upload, please copy and paste the results link for each file in your next reply as well. We need to find the services.exe file that isn't infected and replace it with the one that is.
•Unzip the file and save it to your desktop.
•Double-click on FileFind.exe
•In the box labeled "Enter the directory to search" type C:\
•(note if your default Windows boot drive is not drive C, substitute your drive letter).
•In the box labeled "Enter the file to search" type services.exe
•Click on the Find button.
•Once the utility has found the files click on Export. This will save a text file to your C:\ drive (or your default Windows drive) as Export.txt.
Add the C:\Export.txt log to your next message.
Also, For each file it lists please upload that specific file to www.virustotal.com You will get a results link for each upload, please copy and paste the results link for each file in your next reply as well. We need to find the services.exe file that isn't infected and replace it with the one that is.