Jump to content

C drive filling up with no reason.


3ngel
 Share

Go to solution Solved by kevinf80,

Recommended Posts

So a few days ago, I got a windows pop up warning me that my C drive is full. I've done a partition on my 500GB SSD so I have a C drive and a D drive. I keep everything on D if its not system related, anything I install I modify the directory to D. So it was weird to me when out of no where while playing a game and not downloading anything, my C drive had literally 0 space left. I suspect a malware infection from a sketch program I tried to install a few days back. So I panicked and resetted my pc, wiped everything including the optional stuff. But even after resetting, my computer has been slowly filling up my C drive again. Just from a looking around in treesize (like a more extensive file manager), I was able to see 56.5GB of data. Yet checking the windows file manager bar for storage full or not, I only have 28GB left out of my 89GB allocated space for C. So where is the 5GB? I could not figure out what is taking up that space, even with hidding files and system files visible. Malwarebytes doesn't seem to pick up anything and the scan all came out clean every hour that I scan. I'm really concerned and any help would be appreciated.

 

P.S: Honestly, I've just been paranoid about this ever since the drive fill up the first time. I check my C drive storage every other minute and its driving me crazy. I dont even know if this is malware but I aint taking any chances. 

test 2.png

Link to post
Share on other sites

Hiya 3ngel,

What files are in the marked image added to this reply..? 10.8GB is very big for 3 files, last modified 26th Jan...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... Right click on FRST and rename FRSTEnglish
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin

3ngel.JPG

Link to post
Share on other sites

  • Solution

Hiya 3ngel,

I do not see any evidence of Malware or Infection in your FRST logs. The folder I asked you to open was exactly what I thought it would be, it holds system files that can grow as you can see by the size. Have a read at the three following links and decide whether you want to keep them or not...

hibfil.sys - https://www.howtogeek.com/howto/15140/what-is-hiberfil.sys-and-how-do-i-delete-it/

pagefile.sys - https://www.howtogeek.com/126430/htg-explains-what-is-the-windows-page-file-and-should-you-disable-it/

swapfile.sys - https://www.howtogeek.com/225143/what-is-swapfile.sys-and-how-do-you-delete-it/

Next,

Another issue I can see is all of the tasks that are running in the background, they will use valuable resources and power. Have a look at your tasks and decide if you really need them or not.

https://www.howtogeek.com/241752/how-to-stop-windows-10-apps-from-running-in-the-background/

Quote

Task: {048BC8B2-1472-4C2D-BA53-08BCDCB5BFEE} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2020-07-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {04D637EE-582B-45A1-A383-C0D804B901DB} - System32\Tasks\Driver Booster SkipUAC (ds613) => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\DriverBooster.exe [8147400 2021-01-06] (IObit Information Technology -> IObit)
Task: {07FFB5AD-8937-479F-8F9B-FAF3E0E91E3A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [736704 2020-11-03] (McAfee, LLC -> McAfee, LLC)
Task: {11A5D900-4F6A-476B-B846-8F11A874D4D3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {12069F76-6514-4991-839D-7B22021F5776} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4623976 2020-10-19] (McAfee, LLC -> McAfee, LLC)
Task: {128A337C-F0B4-4BB3-A159-7FFDED7CDA8E} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-4198547278-2140248838-4045978082-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\Windows\System32\wpninprc.dll [24064 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {1AC6F0A9-9966-406C-86AB-FE7A02A4B4D5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27396984 2019-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {1E5C95B3-4552-4B7D-9176-2FCE21BDEB21} - System32\Tasks\ASUS Update Checker 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_ff6f245ed0117f05\ASUSSoftwareManager\AsusUpdateChecker.exe
Task: {1FAE4F75-A818-45DB-AA52-18248119A1AC} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_206cee59ee512fde\ASUSOptimization\AsusHotkeyExec.exe [226232 2020-12-09] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {2D7C9675-13F3-46D6-A087-49E9C2A900BF} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993400 2020-10-30] (McAfee, LLC -> McAfee, LLC)
Task: {3751B8AA-AEC5-473B-A56F-44ADC6D012DA} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-22] (McAfee, Inc. -> McAfee, LLC.)
Task: {42ADD249-7C8A-4EBE-A544-0902507BDD70} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {45B9BDAD-76E7-43FB-B121-4B6139E546D8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167696 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {5292EDBC-99CC-45C8-BEC0-BC7D97DD47AC} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6513af162f6d => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2020-07-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {5617BF57-57BE-46CF-BE99-4EE6C3F1F838} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993400 2020-10-30] (McAfee, LLC -> McAfee, LLC)
Task: {6FF2CF9B-1AAE-48DC-8408-D80169E9FBD5} - System32\Tasks\update-S-1-5-21-4198547278-2140248838-4045978082-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Task: {76B5EC4D-F2F5-4563-8EAB-20F37C72B956} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150264 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {829E14F7-8A71-4F09-BCA9-962BAFCC7CC0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {82DBABDE-E149-4B37-AC32-F4DD9B92BF2B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {831DC149-DA07-4854-8153-CA87C54979CE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150264 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DEF3577-038B-4445-B6DC-6EE6D5719F87} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27396984 2019-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {94508AE0-635E-4B08-ABE2-015CDFE1DB48} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\Scheduler.exe [152848 2020-12-23] (IObit Information Technology -> IObit)
Task: {96BA37CE-8469-473F-A869-7FA28C32275C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {998DC300-D9B8-47BA-BB9E-B513DF8268BC} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\AutoUpdate.exe [2268432 2020-12-23] (IObit Information Technology -> IObit)
Task: {9C966676-D734-4F77-A5A9-2D4263170D58} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A87E1DD8-4F6C-4DCC-ACB1-DD6D651DE2E8} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\RtkAudUService64.exe [1063712 2020-02-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BC560695-0111-4185-9991-85FF7460784B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BE115250-53C5-4393-943B-46BB55FC323F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C0E6BC72-D1CB-4F1D-AC78-5CF2F5E392FA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167696 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C61FFBAA-0465-4B15-92F1-84D760BB810D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Task: {D6DCB049-01F9-488E-A9FD-57151864238A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D729E45C-67DC-472F-94CC-562CE43CE604} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
Task: {E025F0FE-BBF4-46A2-8CA6-77D45B77C26F} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_206cee59ee512fde\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2166712 2020-12-09] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {E273A141-2434-411A-80CF-1F98D356816B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {F57FB647-5E98-4E3A-9A73-51275189F1C2} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {F630097D-E2CD-42C7-9915-72B6066D9DD6} - System32\Tasks\Microsoft\Windows\PLA\074C0539-0999-4DA9-9D0D-3D016B62F4E9 => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1507328 2020-08-20] (Microsoft Windows -> Microsoft Corporation)
Task: {FDE1EF1E-FD2A-4BCA-A4B7-2BECF460486E} - System32\Tasks\Microsoft\Windows\PLA\AsusLinkNear => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1507328 2020-08-20] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-4198547278-2140248838-4045978082-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

Next.

It would seem that there are two versions of McAfee running, I would fully remove (unistall) McAfee then reinstall again...

Quote

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

The removal tool for McAfee can be found at the following link, scroll down to McAfee:

https://support.eset.com/en/kb146-uninstallers-removal-tools-for-common-windows-antivirus-software

Thanks,

Kevin...

 

Link to post
Share on other sites

Hiya 3ngel,

You`re very welcome, unless you have any other issues continue to clean up...

Right click on FRST here: C:\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Condsider the following:

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.