HDD is filling itself up?

MSgherzi

MSgherzi

Member
Reaction score
0
Location
Tehachapi, California
So for quite some time now I've been trying to figure out why my HDD just keeps losing space. I'm running Windows Vista using an HP dv6000 notebook and I have a 150 gb that's down to 10 gb. It was originally at 300 mb but I used TreeView (I think that's what it's called) from my thumb drive using the Computer Repair Utility Kit and I deleted about 60 gb (Sims 2 and Drive Image XML backup). I used I think it's called Reco from the Repair Utility as well and uninstalled some applications and all traces of them. So after that I had about 60 gb left and I was feeling good about it. I checked that earlier today but now it says I only have 10 gb left again on Drive C:

I'm confused as to what is filling up my HDD because the only thing I've done since the last time I checked it was save a couple of RTF files no larger than 5 kb and I used CCleaner. I regularly clean my computer with CCleaner but this is the first time I've ever had this issue.
 
Well TreeView should tell you where all your space has gone, its quite good for that.


You could always reduce your pagefile, or reduce/turn off system restore as well. That will give you a few gigz back there. Deleting temp files etc. Deleting old archives. Running Windows Disk Cleanup as well can help. Reduce the amount reserved for recycle bin to. Uninstalling unused programs.

Other than that I couldn't say what is eating up your hdd space.
 
You could do a search for * in files and then sort by date modified and see what is getting created. In other words look at all the files for ones that were modified recently.
 
Your Windows Vista might be generating a lot of errors and is filling up the error logs.
Try stopping the error reporting logs or function in Vista.

And Vista does make a lot of shadow copies of the the hard drive. You might want
to see how often this is being done on your system.
 
Last edited:
So I cleared my Shadow Copy usage. It was at around 15 gb so I put it down to 2gb. It gave me about 12 gb more of space, but that doesn't account for the other like 40 to 50 gb that have disappeared.

After going into C: and viewing files by date, there are two interesting files. One was created and modified two nights ago, and the other was created a 1 am yesterday morning. One is 17 gb and the other is 47.7 gb. I have no idea what they are or where they came from, and here are the names of them:

ZNIZOTPLHUVPQBBN

and

FUOCBWOKDMQYBMRA


I've tried opening them up with a text editor but Notepad says it's too large (obviously), Wordpad says it encountered an error, and MS Word says it encountered a "very serious" error. I've scanned them both with NOD32 and even tried Googling them and came up with nothing. When I look at the type of file it is, it says it's type is "File" which doesn't tell me much.

I've never encountered anything like these files before. I don't want to cause any issues with my system stability. So I want to check if anyone else has ever heard of this before I delete them.

In the mean time, I'm going to submit these files to some online file scanners and see what pops up.

Thanks.
 
Perhaps a nice hex editor would be able to open the file. The only thing I found online referencing large random files was superfetch but those sizes seem absurd. Perhaps it's a nice little virus you have, and maybe it's full of kiddy porn, would be a lot of it though. Are they located in the same directory?
 
Yes, they're all located in C:

I'm extremely careful with what I download online and I actually run a computer repair business so I know what I should and shouldn't download. And I don't do that porn stuff.

I want to try deleting them, but I'm wondering if I should find out what's in them first. I'm trying to open them with a hex editor but the editor just freezes. Probably because they're so large. I did however manage to open up the 17 gb one though and all I see is a bunch of letters and numbers, because it's a hex editor. But that still doesn't tell me what it's actual contents are or where they came from. Should I find out whats in them or delete them? What do you think?
 
Last edited:
1) ZNIZOTPLHUVPQBBN and FUOCBWOKDMQYBMRA look like random names that malware would generate. I would go through your malware cleanup routine in Safe Mode and see what you find. There aren't any 47 GB automatic Windows updates so these files are suspect.

What directory are they located in?

If they are being actively accessed, FileMon from Microsoft's http://www.sysinternals.com/ can tell you what program is working with them.

Could you have a keylogger or screen capture program working without your knowledge? The screen captures could build large files.


2) WinDirStat is a Sourceforge.net project that I believe was the first of its kind for Windows: http://windirstat.sourceforge.net/. It is another utility that will show you graphically what files and folders are using the most space on your drive. Sounds like you are already beyond this.

3) Are you using any peer-to-peer programs or Internet backup programs that might allow others to store files on your computer?

4) Does your firewall show any unexpected connections transferring GB's of data?

5) Also, at a command prompt, NETSTAT -abo will tell you what connections exist, on what port, by what application, and with what process ID. If some malware has an open connection phoning home, you may notice the odd entry in this list.

-- Patrick B.
 
MSgherzi said:
Yes, they're all located in C:

I'm extremely careful with what I download online and I actually run a computer repair business so I know what I should and shouldn't download. And I don't do that porn stuff.

I want to try deleting them, but I'm wondering if I should find out what's in them first. I'm trying to open them with a hex editor but the editor just freezes. Probably because they're so large. I did however manage to open up the 17 gb one though and all I see is a bunch of letters and numbers, because it's a hex editor. But that still doesn't tell me what it's actual contents are or where they came from. Should I find out whats in them or delete them? What do you think?
Click to expand...

The porn reference was to a story I read about a man charged with distributing kiddy porn. Both the defense and prosecution found that he had some malware on there that used his companies laptop as a proxy to hold and then distribute the porn to the buying clients. Basically the malware guys got control of a computer, uploads the stuff and then directs people wanting to buy it to that specific machine.

Any file that large I would just delete, a reinstall in worst case doesn't take that long and may actually be good to clean it up a bit.
 
Well I deleted them, all 65 gb worth. :eek:

I have 86 gb free and so now we'll just have to see if they show up again.

Tonight I used UBCD4Win and scanned with all of the anti-virus and anti-spyware and they found a thing here and there, but nothing too threatening. They certainly didn't find those two files thats for sure. And while I have BitLord installed, I don't use it. So technically yes I have a P2P application but it's never used.
 
You must log in or register to reply here.

Similar threads

Appletax
[REQUEST] Client's iTunes not working right
Replies
7
Views
234
dcomp12
D
britechguy
Today's BSOD, Code BAD_SYSTEM_CONFIG_INFO - What's actually going on here?
Replies
13
Views
866
fincoder
fincoder
britechguy
Outlook 365 - Where is the mysterious "subfolder1"?
Replies
0
Views
318
britechguy
britechguy
Appletax
[REQUEST] How to Backup AutoDesk Land Desktop 2007?
2 3 4
Replies
60
Views
3K
GTP
GTP
NviGate Systems
Found My New Windows 11 Test Machine
Replies
3
Views
467
NviGate Systems
NviGate Systems
Back
Top