is there a way i can sweep my harddrive of anything thats not system important so i can just reinstall afterwards?

I'm really not sure what you mean. If you want to free up disk space, just go through your Program Files directory and uninstall anything you don't need via Ass/Remove programs. Don't go digging through the Windows directory if you are not sure of what you're doing. Come to think of it, find your restoration disks or make them before doing this. Also, make a system restore point in case you don't screw up your Windows partition too badly.

You can also just compress anything you have not used in a while into a neat little ball you can open up later by using the "free up space on my hard drive" feature in the Performance and Maintenance tab in the Control Panel.

I'm assuming you are using Windows XP SP2. If you are using Vista, don't mess with anything, as there is no one in the world who can help you if something goes wrong.

well i just did a system restore and to my utter dissapoint ment kept all my files even though i wanted them all gone

so i deleted those but there is a hidden file somewhere on my computer and its taking up 20 of my 34 gigs and i want it gone

Something like this (http://dban.sourceforge.net/) can completely and irrevocably erase your drive. But, before you do something like that, make sure you know how to reinstall your OS and get everything running again.

Out of curiosity, how do you know there's a file if it's hidden?

well i just did a system restore and to my utter dissapoint ment kept all my files even though i wanted them all gone
What did you do, exactly? What is the point of what you are trying to do?:inquisitive:


so i deleted those but there is a hidden file somewhere on my computer and its taking up 20 of my 34 gigs and i want it gone
Dude, you can't have a hard drive with Windows on it and have it be empty. Maybe I'm not understanding. What programs do you have installed and give me your system specs. Somethings not right.

Something like this (http://dban.sourceforge.net/) can completely and irrevocably erase your drive. But, before you do something like that, make sure you know how to reinstall your OS and get everything running again.
Giving Jk that was probably not a good idea.

Out of curiosity, how do you know there's a file if it's hidden?
I'm pretty sure he's trying to remove his Windows install without knowing it.

no im not as noobish as i sound just suck at explaining

I did a system restore(with the disk)

once it finished i checked my harddrive space and it said 97% used and 3% unused

well then i went to program files and found all my old games still installed(along with programs) and i went through and deleted those. after that i went to look at how much freespace i had it turned into 65% used and 45% unused well i was like this isnt right since last time i did system restore i had 15% used and 85% unused.

Alright so i went and brought up every file i had on my computer and even after deleting the game they were still on my computer(yes i emptied the recycle bin)

well after all that i was still having a huge chunk used so now im stuck...

if i can get an os disk i might use the nuke

OK, before you try to do anything else, try defragmenting the target disk. That might make the problem better. If you've never done this before, fragmented files may be causing a huge issue. If you see that the bar is almost completely red after the preliminary analysis, go do something else since the operation is going to take HOURS. In the end, you get a nicer, cleaner computer without having to reformat.

I advise against doing such a radical reformat that would require you to actually go get an OS disk and reinstall Windows or whatever. That is usually reserved for computers that crash every five to ten minutes.

Post thought: OK, I got what you meant by system restore. You actually used a restore disk. If this is (or not for another case), go to My Computer and and open properties from your Program Files and Windows folder. Tell me the size of those folders in gigs.

There are tools out there to give a visual representation of how your HD is being used. But you can do it yourself with a little bit of detective work. Go to root directory of the partition/drive you are worried about, ie. C:/ Now for each folder in that directory, right click, Properties, and look at the size of the folder contents. Find the one that is using the most and then repeat the process in that directory, and again, till you find the offending files. Note, a blank XP install will take up about 3-5 gigs by itself. This is the space the Operating System itself takes up on the disk. From what you have described it sounds like you may have some files within your or other User Profile's My Documents directory, or indeed anywhere in the User Profile. Remember, DONT delete anything you dont understand without having things backed up and with the understanding that you may have to reinstall if you mess up.:smash:

You know, before you have found some solution to your problem, it would probably be easier and faster to just save some data, format the HDD and reinstall windows completely, this whole system restore stuff is something I never trusted and thus never even tried, a clean install is usually the better solution IMO.

You know, before you have found some solution to your problem, it would probably be easier and faster to just save some data, format the HDD and reinstall windows completely, this whole system restore stuff is something I never trusted and thus never even tried, a clean install is usually the better solution IMO.
I think that is what he was trying to ask how to do. If he has an XP disc, he could just boot to it and reformat his drive, then reinstall. I only mentioned DBAN because it leaves no room for error- it will erase everything from your drive.

A concern I would have if my PC had huge files somewhere that I couldn't locate, would be malware hidden in alternate data streams (http://www.windowsecurity.com/articles/Alternate_Data_Streams.html).When dealing with network security, administrators often times don’t truly appreciate the lengths that a sophisticated hacker would go through to hide his tracks. Simple defacements and script kiddies aside, a sophisticated hacker with more focused goals looks to a perimeter system breach as an opportunity to progress further inside a network or to establish a new anonymous base from which other targets can be attacked.

In order to achieve this task, a sophisticated hacker would need time and resources to install what is known as a root kit or hacker tools with which he can execute further attacks. With this, comes the need to hide the tools of his trade, and prevent detection by the systems administrator of the various hacking applications that he might be executing on the breached system.

One popular method used in Windows Systems is the use of Alternate Data Streams (ADS). A relatively unknown compatibility feature of NTFS, ADS is the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer. Found in all version of NTFS, ADS capabilities where originally conceived to allow for compatibility with the Macintosh Hierarchical File System, HFS; where file information is sometimes forked into separate resources. Alternate Data Streams have come to be used legitimately by a variety of programs, including native Windows operating system to store file information such as attributes and temporary storage.

Amazingly enough, Alternate Data Streams are extremely easy to make and require little or no skill on the part o the hacker. Common DOS commands like “type” are used to create an ADS. These commands are used in conjunction with a redirect [>] and colon [:] to fork one file into another.

For instance: the command

“type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe”

will fork the common windows calculator program with an ADS “anyfile.exe.”

Alarmingly files with an ADS are almost impossible to detect using native file browsing techniques like command line or windows explorer. In our example, the file size of calc.exe will show as the original size of 90k regardless of the size of the ADS anyfile.exe. The only indication that the file was changed is the modification time stamp, which can be relatively innocuous.

Once injected, the ADS can be executed by using traditional commands like type, or start or be scripted inside typical scripting languages like VB or Perl. When launched, the ADS executable will appear to run as the original file - looking undetectable to process viewers like Windows Task Manager. Using this method, it is not only possible to hide a file, but to also hide the execution of an illegitimate process.

Unfortunately, it is virtually impossible to natively protect your system against ADS hidden files if you use NTFS. The use of Alternate Data Streams is not a feature that can be disabled and currently there is no way to limit this capability against files that the user already has access to. Freeware programs like lads.exe by Frank Heyne (www.heysoft.de) and crucialADS by CrucialSecurity can be used to manually audit your files for the presence of Alternate Data Streams. Alternatively, the action of moving a file into another file system that doesn’t support ADS will automatically destroy any Alternate Data Streams.

Ultimately only a third party file checksum application can effectively maintain the integrity of an NTFS partition against unauthorized Alternate Data Streams. Recently dubbed as host based “Intrusion Prevention Systems” or “Intrusion Detection Systems”, third party security applications like eTrust Access Control from Computer Associates have been used for years in high-end government networks to verify the integrity of files used in the most secure environments. In addition to a heightened level of auditing and access control, these applications typically create an MD5 hashed database of file checksums that are used to validate a file’s trustworthiness. File injection techniques like Alternate Data Streams trigger an action by which the file is deemed untrusted and therefore prevented from executing or better yet, prevented from being changed in the first place.

Rootkit Revealer (http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx) can scan for that sort of stuff, but it already sounds like he deleted all of his personal data anyhow- so I would just wipe the drive and start over once he locates his XP install disc. :shrug:

OK, before you try to do anything else, try defragmenting the target disk. That might make the problem better. If you've never done this before, fragmented files may be causing a huge issue. If you see that the bar is almost completely red after the preliminary analysis, go do something else since the operation is going to take HOURS. In the end, you get a nicer, cleaner computer without having to reformat.

I advise against doing such a radical reformat that would require you to actually go get an OS disk and reinstall Windows or whatever. That is usually reserved for computers that crash every five to ten minutes.

Post thought: OK, I got what you meant by system restore. You actually used a restore disk. If this is (or not for another case), go to My Computer and and open properties from your Program Files and Windows folder. Tell me the size of those folders in gigs.



Program Files: 9.34 gigs
My Documents: 4.31 gigs
Windows: 1.87 gigs

Total Hard Drive space not counting XP OS: 34.57 gigs

Program Files: 9.34 gigs
My Documents: 4.31 gigs
Windows: 1.87 gigs

Total Hard Drive space not counting XP OS: 34.57 gigs
Looks normal. All I can tell is go ahead and scan your computer with the tools you have been given, like from Xiahou. Look for discrepancies and try to see if you can find anything odd. Check your fragmentation too. If you find something or still feel that there is something there that probably should not be, go ahead and use the XP disk.

It's really hard to diagnose this stuff unless the machine is right in front of you... :juggle2:

yeh that what the guy on the phone said but luckily im still in warantey so if i mess up......

well i just did a system restore and to my utter dissapoint ment kept all my files even though i wanted them all gone

so i deleted those but there is a hidden file somewhere on my computer and its taking up 20 of my 34 gigs and i want it gone

I'd go to Disk Cleanup>More Options> System Restore (clean up).

It sucks up a lot of space. You can't go back, of course, when you clear the system restore point.

After that, just defragment.