Click here for important information about Computing.net.
I left my family use my laptop while I was away for a week and came back to an infected PC. The free space on my disk drive is currently 8.51 GB out of 97.3 GB, and periodically shrinks without me having done anything on my computer. I have no files of on computer at this time.
I have run ESET Online Scanner, TDSSKiller, Avast's aswMBR, RogueKiller, Trend Micro Rootkit Buster, and Malwarebytes Anti-Malware. The majority of them didn't detect any problems. Those that did, didn't seem to help fix them.
If anyone can help me fix this, I would greatly appreciate it.
While you are waiting for further attention download, save and run the file from here:
http://www.bleepingcomputer.com/dow...
(blue download button top right)
Scan then run "Cleaning".Save all logs because they are likely to be required
Always pop back and let us know the outcome - thanks
"Those that did, didn't seem to help fix them"
Copy & Paste the contents of those that did logs, in your reply please.Ditto for the AdwCleaner log.
AdwCleaner Log: https://www.dropbox.com/s/vbw23zq0x... TDDSKiller Log: https://www.dropbox.com/s/qeyiq672j...
ComboFix Log: https://www.dropbox.com/s/i98itwn5z...
ESET Log: https://www.dropbox.com/s/6rqxgosci...
aswMBR also found a rootkit, but I can't find the log for it.
Thanks. Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them please.
Farbar Logs: Addition.txt - https://www.dropbox.com/s/htw5reu67...
FRST.txt - https://www.dropbox.com/s/tdgq3nvfc...
Need about 3/4 of an hour, back ASAP.
In the meantime, can you run aswMBR again please. Post the log.
aswMBR Log: https://www.dropbox.com/s/iqqy2f0t7...
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.closeprocesses:
emptytemp:
HKU\S-1-5-21-44363915-1807462207-3784643384-1000\Software\Classes\exefile: <===== ATTENTION!
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
HKU\S-1-5-21-44363915-1807462207-3784643384-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-44363915-1807462207-3784643384-1000 -> {50206772-A040-47C3-9804-463D87F21289} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://www.bing.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.bing.com/", "hxxp://myschool.pacyber.org/"
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
U3 aswMBR; \??\C:\Users\PACYBE~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\PACYBE~1\AppData\Local\Temp\aswVmm.sys [X]
C:\Users\PA CYBER\AppData\Local\Temp\dllnt_dump.dll
C:\Users\PA CYBER\AppData\Local\Temp\Quarantine.exe
C:\Users\PA CYBER\AppData\Local\Temp\sqlite3.dllRun FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
FRST Fixlog: https://www.dropbox.com/s/d22i96f6f...
Run Malwarebytes again please. Post the log. Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gifIf potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.From the aswMBR log.
19:48:49.622 File: C:\windows\system32\autochk.exe **INFECTED** Win32:Rootkit-gen [Rtk]
False positive.
http://www.freefixer.com/library/fi...
19:49:19.137 File: C:\windows\system32\rpcnetp.exe **SUSPICIOUS**
Probably a false positive, run VirusTotalScanner on it.
http://www.softpedia.com/get/Securi...
http://securityxploded.com/virus-to...
Malwarebytes Log: https://www.dropbox.com/s/fsur4id28...
"The free space on my disk drive is currently 8.51 GB out of 97.3 GB"
Delete files using Disk Cleanup
http://windows.microsoft.com/en-au/...
With the browsers you use, set the Temp files setting to 50mb.
Java in Control Panel, set that to 100mb for temps.
System Restore, make sure that is set on Min.
I used Disk Cleanup, set System Restore to minimum, and changed Java to 100mb for temporary files. I wasn't sure how to change the temp file settings for Chrome. I now have 18.8 GB free out of 97.3 GB. This is without any documents of any kind being on my computer, so I'm wondering what's still taking up all the space?
We shall find out soon where your space is going. Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.
When you ran disk cleanup did you use the Cleanup System Files button? Always pop back and let us know the outcome - thanks
message edited by Derek
I ran the 1st 3 tabs in Wise Disk Cleaner and rebooted.
Then pasted " --disk-cache-size=50000" in Chrome's properties.I opened Disk Cleanup, selected Windows7_OS (C:), clicked OK. I checked the boxes beside Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary files. Selected OK, then Delete Files.
"so I'm wondering what's still taking up all the space?"
TreeSize Free
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/TreeSi...
http://www.freewarefiles.com/screen...
http://www.jam-software.com/freewar...
According to TreeSize, there is only 36.7 GB used on C:. That's still about 55 GB of space unaccounted for? Screenshot: https://www.dropbox.com/s/wnuy9fwaz...
Can I have a SS ( screenshot ) of everything that shows in Wise. Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...
Whilst I remember, just in case more SS's are needed, when you save, change the setting to GIF, quality is Ok & a fraction of the size.
Will do, thanks for letting me know.
Are you using the Apple stuff & QuickTime.
Your logs show iTunes, but that may be tied in with the above.
No, I'm not using them. Uninstall?
Yep, process of elimination. Use Wise, it is a 2 step process.
Alright, they've been uninstalled.
Tell me your unused space. message edited by Johnw
Rebooted, 18.4 GB free.
Uninstall Google Drive, Silverlight & Bonjour.
Uninstalled all of them. Rebooted, 18.3 GB unused space. message edited by Mmai
Followed the instructions, made sure settings were the same as in SS. Rebooted. Still only 18.3 GB of free space.
Now to make really sure the hard drive isn't misreporting it's size. Here are some checks. 1: Physically look at the label.
2: Device Manager & give me the model of the drive.
message edited by Johnw
Model of disk drive: Samsung MZ7TE128HMGR-000 SCSI Disk Device
All Ok.
Time for a break for both of us. I'll be back.
I'm here.
http://www.timeanddate.com/worldclo...
One more thought, SS of the System page.
Misread the clock there. It's 1 am here, so I'm fine with a break. Thanks for the help so far. SS of System page: https://www.dropbox.com/s/pjdx1qru2...
message edited by Mmai
Your Farbar log shows this > Partition: GPT Partition Type I reckon a different setting in the bios may get the correct reading of the drive status.
But it is only a guess & you will need to google it.UEFI & Legacy are the other settings.
"Misread the clock there"
Thought you must have.I haven't been able to come up with any better suggestions, shall wait to see what your researching finds.
Nearly my bed time, I'm an early riser.
Re #21 Disk Cleanup After you have checked the boxes and told Disk Cleanup to do its thing it should eventually show a button Cleanup System Files. You then have a chance to run it to include Windows Update setup files etc. That will remove some more unwanted items (check box screen comes up again)..
Always pop back and let us know the outcome - thanks
Just to add that you might not be able to do much better with that free space. About every computer I've had dealings with the free space keeps gradually reducing over time. There are several possible reasons for this (having got malware out of the way), such as Windows Updates, updates to other programs on board, videos (which are big) and even pictures and documents take up space. Go into "Control Panel > Programs and Features". See if there are any big programs that you don't really need.
Other than that it is a matter of scouring the hard drive to see the large folders/files that are using space. Careful what you delete though - could cause issues.
Always pop back and let us know the outcome - thanks
Ad Choices