Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that capturing all the space in drive C-how to get rid of it?


  • Please log in to reply
17 replies to this topic

#1 Raistlin88

Raistlin88

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 12 June 2015 - 04:17 AM

Hi,

I

have a virus in my OS wn 8.1, that taking all the space in C, i have only 380mb available it's out of the question.

 

How can i work this out?

 

I'm new here, plz give me assistance .

 

R


Edited by Raistlin88, 12 June 2015 - 04:18 AM.


BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:58 AM

Posted 12 June 2015 - 04:44 AM

Hello, 

 

we will try to help.

 

Please download MiniToolBox and run it.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

 

--------

 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

--------

 

AdwCleaner

  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished
    * Click on button [Clean].
    Program will close all active windows. Click Ok to confirm. 
    * After restart log will appear. Copy log into this topic.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Raistlin88

Raistlin88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 12 June 2015 - 05:29 AM

Thx A Lot !

 

 

as you ask:

 

1.MiniToolBox Report:

---------------------------

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Zlatin Family PC (administrator) on 12-06-2015 at 13:02:44
Running from "D:\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Model: P35-DS3L Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Zlatin_Family
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-1D-7D-D3-C9-12
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c595:b157:92ca:2c4a%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 12, 2015 11:01:42 AM
   Lease Expires . . . . . . . . . . : Friday, June 12, 2015 13:32:54 PM
   Default Gateway . . . . . . . . . : 10.0.0.138
   DHCP Server . . . . . . . . . . . : 10.0.0.138
   DHCPv6 IAID . . . . . . . . . . . : 50339197
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-FE-B7-0C-00-1D-7D-D3-C9-12
   DNS Servers . . . . . . . . . . . : 10.0.0.138
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{98239464-9977-417E-B013-D9C1DEE343E6}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:54:194c:a252:7830(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::54:194c:a252:7830%5(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-FE-B7-0C-00-1D-7D-D3-C9-12
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  10.0.0.138
 
Name:    google.com
Addresses:  2a00:1450:4017:803::200e
 194.90.196.102
 194.90.196.90
 194.90.196.110
 194.90.196.101
 194.90.196.106
 194.90.196.88
 194.90.196.84
 194.90.196.121
 194.90.196.80
 194.90.196.91
 194.90.196.95
 194.90.196.99
 194.90.196.113
 194.90.196.123
 194.90.196.117
 194.90.196.112
 
 
Pinging google.com [194.90.196.102] with 32 bytes of data:
Reply from 194.90.196.102: bytes=32 time=17ms TTL=60
Reply from 194.90.196.102: bytes=32 time=16ms TTL=60
 
Ping statistics for 194.90.196.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 17ms, Average = 16ms
Server:  UnKnown
Address:  10.0.0.138
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=212ms TTL=42
Reply from 98.138.253.109: bytes=32 time=211ms TTL=42
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 211ms, Maximum = 212ms, Average = 211ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...00 1d 7d d3 c9 12 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138         10.0.0.2     20
         10.0.0.0    255.255.255.0         On-link          10.0.0.2    276
         10.0.0.2  255.255.255.255         On-link          10.0.0.2    276
       10.0.0.255  255.255.255.255         On-link          10.0.0.2    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.2    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6abd:54:194c:a252:7830/128
                                    On-link
  3    276 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::54:194c:a252:7830/128
                                    On-link
  3    276 fe80::c595:b157:92ca:2c4a/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/12/2015 00:04:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (06/12/2015 00:03:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (06/12/2015 00:03:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (06/12/2015 00:03:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (06/12/2015 00:01:32 PM) (Source: MsiInstaller) (User: Zlatin_Family)
Description: Product: Microsoft Mouse and Keyboard Center -- Disk full: Out of disk space -- Volume: 'C:'; required space: 89,253 KB; available space: 29,304 KB.  Free some disk space and retry.
 
Error: (06/12/2015 00:01:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: ‏‏Cryptographic Services נכשל בעת עיבוד קריאת OnIdentity()‎ באובייקט System Writer.‏
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/12/2015 10:14:59 AM) (Source: System Restore) (User: )
Description: ‏‏יצירת נקודת שחזור נכשלה (תהליך = C:\Windows\system32\svchost.exe -k netsvcs; תיאור = Windows Update; שגיאה = 0x8004231f).
 
Error: (06/12/2015 10:14:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: ‏‏Cryptographic Services נכשל בעת עיבוד קריאת OnIdentity()‎ באובייקט System Writer.‏
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/12/2015 10:13:46 AM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-12T07:00:46Z. Error Code: 0x80070070.
 
Error: (06/12/2015 10:11:01 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: ‏‏מוצר: Microsoft Office Professional Plus 2013 - לא היתה אפשרות להתקין את העדכון 'Update for Microsoft OneDrive for Business (KB3054825) 64-Bit Edition'. קוד שגיאה 1603. ל- Windows Installer יש אפשרות ליצור יומני שגיאה כדי לסייע בפתרון בעיות בהתקנה של חבילות תוכנה. השתמש בקישור שלהלן לקבלת הוראות להפעלת תמיכה ברישום: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (06/12/2015 00:52:56 PM) (Source: DCOM) (User: Zlatin_Family)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (06/12/2015 00:52:26 PM) (Source: DCOM) (User: Zlatin_Family)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (06/12/2015 00:05:06 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/12/2015 10:16:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070663: Update for Microsoft Outlook 2013 (KB3054855) 64-Bit Edition.
 
Error: (06/12/2015 10:16:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070663: Update for Microsoft OneDrive for Business (KB3054825) 64-Bit Edition.
 
Error: (06/12/2015 10:16:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070663: Update for Microsoft Excel 2013 (KB3054794) 64-Bit Edition.
 
Error: (06/12/2015 10:15:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070663: Update for Skype for Business 2015 (KB3054791) 64-Bit Edition.
 
Error: (06/12/2015 10:15:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070663: Update for Microsoft OneNote 2013 (KB3039764) 64-Bit Edition.
 
Error: (06/12/2015 10:11:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070663: Update for Microsoft Outlook 2013 (KB3054855) 64-Bit Edition.
 
Error: (06/12/2015 10:11:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643: Update for Microsoft OneDrive for Business (KB3054825) 64-Bit Edition.
 
 
Microsoft Office Sessions:
=========================
Error: (06/12/2015 00:04:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestD:\Downloads\esetsmartinstaller_enu.exe
 
Error: (06/12/2015 00:03:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestD:\Downloads\esetsmartinstaller_enu.exe
 
Error: (06/12/2015 00:03:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestD:\Downloads\esetsmartinstaller_enu.exe
 
Error: (06/12/2015 00:03:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestD:\Downloads\esetsmartinstaller_enu.exe
 
Error: (06/12/2015 00:01:32 PM) (Source: MsiInstaller)(User: Zlatin_Family)
Description: Product: Microsoft Mouse and Keyboard Center -- Disk full: Out of disk space -- Volume: 'C:'; required space: 89,253 KB; available space: 29,304 KB.  Free some disk space and retry.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/12/2015 00:01:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (06/12/2015 10:14:59 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x8004231f
 
Error: (06/12/2015 10:14:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (06/12/2015 10:13:46 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800700702015-07-12T07:00:46Z
 
Error: (06/12/2015 10:11:01 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2013Update for Microsoft OneDrive for Business (KB3054825) 64-Bit Edition1603(NULL)(NULL)(NULL)
 
 
=========================== Installed Programs ============================
 
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{65EBED55-4B58-4583-88EC-8190D776BFBB}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Graphics Driver 307.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.68 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0015-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0016-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0018-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0019-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001A-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001B-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}_Office15.PROPLUS_{C5DEA626-E7D2-4200-9B49-43E37BF21A7C}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-040D-1000-0000000FF1CE}_Office15.PROPLUS_{CDA22ED8-4145-4BF2-9861-B29E2A6E8A65}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}_Office15.PROPLUS_{47AC81D2-F2C4-44DC-A92E-A40E2248B77F}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-002C-040D-1000-0000000FF1CE}_Office15.PROPLUS_{F4D163F1-130B-4D82-9A65-9590AE37D1E3}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0044-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-006E-040D-1000-0000000FF1CE}_Office15.PROPLUS_{CCC030AA-EAFB-4BB9-92DD-4F9A552568FC}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0090-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00A1-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00BA-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1931508C-C004-4983-81E3-70BE6252904B}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00C1-040D-1000-0000000FF1CE}_Office15.PROPLUS_{2FE1B3B0-648F-48A8-B382-E2648D75A1A9}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00E1-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00E2-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-012B-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version:  - Microsoft) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Splash PRO EX (HKLM-x32\...\Mirillis Splash PRO EX) (Version: 1.13.2 - Mirillis)
Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.45 - Stardock Software, Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-040D-1000-0000000FF1CE}_Office15.PROPLUS_{DAB6FE4E-FF73-45C6-9A45-0A310AC59E4D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-040D-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Средства проверки правописания Microsoft Office 2013 — русский (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2013 - עברית (HKLM\...\{90150000-001F-040D-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
 
========================= Devices: ================================
 
Name: Camera
Description: Camera
Class Guid: 
Manufacturer: 
Service: 
Device ID: USB\VID_046D&PID_0870\5&37704227&0&1
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 31%
Total physical RAM: 6142.49 MB
Available physical RAM: 4213.61 MB
Total Pagefile: 12286.49 MB
Available Pagefile: 9756.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.73 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:39.06 GB) (Free:0.26 GB) NTFS
3 Drive d: () (Fixed) (Total:35.46 GB) (Free:11.71 GB) NTFS
4 Drive e: () (Removable) (Total:14.9 GB) (Free:7.05 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\ZLATIN_FAMILY
 
Administrator            Guest                    UpdatusUser              
Zlatin Family PC         
 
========================= Restore Points ==================================
 
 
**** End of log ****
 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 
 
 
2.Junkware Removal Tool Report:
-------------------------------------------
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 8.1 Pro x64
Ran by Zlatin Family PC on Fri 06/12/2015 at 13:10:43.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\SPEEDFAN.EXE-78634845.pf
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Zlatin Family PC\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Zlatin Family PC\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Zlatin Family PC\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Zlatin Family PC\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/12/2015 at 13:12:54.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 
 
 
3.AdwCleaner Report:
------------------------------
 
# AdwCleaner v4.206 - Logfile created 12/06/2015 at 13:17:42
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Zlatin Family PC - ZLATIN_FAMILY
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.124
 
[C:\Users\Zlatin Family PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Zlatin Family PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1043 bytes] - [12/06/2015 13:15:45]
AdwCleaner[S0].txt - [974 bytes] - [12/06/2015 13:17:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1032  bytes] ##########
 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 
 
It's a very annoying virus.
 
 
 


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 12 June 2015 - 05:37 AM

Hi Raistlin88 :)

If I may, I don't think that you are actually infected by a malware. Your main partition is only 39GB of size, which is really small if you ask me. A standard 64-bit Windows 8.1 installation takes around 16GB of space, which leaves you around 23GB of space left for programs and personal files. You also seems to have the SP1 for Microsoft Office 2013 installed multiple times on your system, and a SP is usually quite big (1GB or so).
 

Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0015-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0016-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0018-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0019-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001A-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001B-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}_Office15.PROPLUS_{C5DEA626-E7D2-4200-9B49-43E37BF21A7C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-040D-1000-0000000FF1CE}_Office15.PROPLUS_{CDA22ED8-4145-4BF2-9861-B29E2A6E8A65}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}_Office15.PROPLUS_{47AC81D2-F2C4-44DC-A92E-A40E2248B77F}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-002C-040D-1000-0000000FF1CE}_Office15.PROPLUS_{F4D163F1-130B-4D82-9A65-9590AE37D1E3}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0044-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-006E-040D-1000-0000000FF1CE}_Office15.PROPLUS_{CCC030AA-EAFB-4BB9-92DD-4F9A552568FC}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0090-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00A1-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00BA-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1931508C-C004-4983-81E3-70BE6252904B}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00C1-040D-1000-0000000FF1CE}_Office15.PROPLUS_{2FE1B3B0-648F-48A8-B382-E2648D75A1A9}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00E1-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-00E2-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-012B-040D-1000-0000000FF1CE}_Office15.PROPLUS_{83D16C12-16BE-424F-BD7B-24C431C78ADE}) (Version: - Microsoft) Hidden


To complete, you are using KMSpico, which is a loader for Windows and Office, and illegal. If you want to continue receiving assistance here from severac as well as others, you'll have to uninstall KMSpico and any Microsoft products illegally installed with it. Once you do, I might have an idea on what's taking up so much space on your system.

Edited by Aura., 12 June 2015 - 05:37 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:58 AM

Posted 12 June 2015 - 05:39 AM

How do you know that is a virus? I see that your partitions are small, and for now, your logs doesn't show signs of infection. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 Raistlin88

Raistlin88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 12 June 2015 - 05:41 AM

Aura-Ok i've deleted KMSpico,Now what to do?

severac-for this moment i have 80mb open, and after a while it says i have 0 bytes 00 ..


Edited by Raistlin88, 12 June 2015 - 05:42 AM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 12 June 2015 - 05:45 AM

For now, run TFC.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator;
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;
You might need to run the in-built Windows Disk Cleanup tool first (cleanmgr.exe).

http://www.sevenforums.com/tutorials/818-disk-cleanup-open-use.html

Once done, right-click on the Windows logo and select System. From there, click on Advanced System Settings in the left pane and go to the System Protection tab. Make sure your C: drive is selected and click on the Configure button. How much space is allocated to the System Restore, and much space is currently in use?

I'm off to work, be back online in an hour to check back.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Raistlin88

Raistlin88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 12 June 2015 - 05:53 AM

Ok after doing the TFC scan as administrator privileges i have 1.05GB open in C.

 

How much space is allocated to the System Restore=0 Bytes

and much space is currently in use= 1% / 399.98MB

 

 

I have a lot of free space at D, maybe i should resize it and give the space to C?


Edited by Raistlin88, 12 June 2015 - 05:54 AM.


#9 Raistlin88

Raistlin88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 12 June 2015 - 06:05 AM

and another thing, i doesn't have voice in my PC, than tried to install the Realtek x64 and it saying at the end of the installation that there is an error, after closing that it's exiting and when i'm checking me C drive again it has 700MB free..odd so10zme1k.jpg odd..


Edited by Raistlin88, 12 June 2015 - 06:14 AM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 12 June 2015 - 06:47 AM

What I would do is that I would delete the D: partition (move the data on it somewhere else temporarily) and then allocate all the free space on it to the C: drive to have a partition of around 80GB which is already better. You can also use WinDirStat to see where most of your space is gone, and taken by what.

http://windirstat.info/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Raistlin88

Raistlin88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 14 June 2015 - 01:08 AM

what's hanging Guys..

Now i'm in my work pc and the same problem-0 bytes at C drive.. this virus force you to reinstall windows...

 

Ok.. i'm intending to install win 8 again.. please instruct me on what do you thing is best to avoid this thing?


Edited by Raistlin88, 14 June 2015 - 01:42 AM.


#12 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:58 AM

Posted 14 June 2015 - 02:36 AM

Hello,

 

please be specific and explain it again.

 

What happened to the first PC? Is it "ok"? Do you still have those 1 GB? Did you resized your partition?

 

Ok after doing the TFC scan as administrator privileges i have 1.05GB open in C.

 

 

-------

 

What about problem with Realtek? Did you solve that?

 

---------

 

And, you have the same problem with second PC?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#13 Raistlin88

Raistlin88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 14 June 2015 - 03:56 AM

Ok i'll explain.

 

What happened to the first PC? Is it "ok"? Do you still have those 1 GB? Did you resized your partition?

 

*The first PC isn't OK-it had after TFC scan 1.05GB free after a few minutes it had 500Mb.. and i tried to resize it with "EASEUS Partition Master" (and add space from D drive to C) and after restarting the PC it says "EASEUS Partition Master Boot Mode" and doing nothing and stays like that, even "Safe Mode" doesn't solve the problem that's why i want to Reinstall Windows 8.1

 
 

What about problem with Realtek? Did you solve that? ^ nope..

 

 

 

And, you have the same problem with second PC? 

*Yes, it's a Work PC and now i have in it 0 bytes-a very very very annoying virus, i wish that who made it will sufer in the darkest part of Hell.

 
 

Edited by Raistlin88, 14 June 2015 - 05:08 AM.


#14 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:58 AM

Posted 14 June 2015 - 07:39 AM

I still don't think that this is malware related. 

And I don't know how to help you. I don't know much about resizeing partitions. 

 

Maybe Aura. or somebody else can help you. 

 

I wish you best in solving this problems.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#15 Raistlin88

Raistlin88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 14 June 2015 - 08:17 AM

Thanks anyway for your help dear Severac  :cowboy:


Edited by Raistlin88, 14 June 2015 - 08:18 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users