Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disk space disappeared - virus?


  • Please log in to reply
12 replies to this topic

#1 SSIN

SSIN

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 12 November 2015 - 09:52 AM

Hello,

 

In two days I lost 400GB of disk space. I downloaded a couple of things that day, but not close to 400GB. I installed TreeSize to see what takes up all the space, and it looks like there is something in the Appdata folder.

AppData/local/Packages/windows_ie_ac_001/AC/AVG Web TuneUp/cache

Apparently the last folder (cache) is taking up around 539 GB of space. I also installed CCleaner to clean up the computer, but this only resulted in a few GB. I have run antivirus scans (both avira and panda), but they didnt solve anything. Avira didnt manage to complete the scan though after 24 hours. The computer has also been extremely slow since this happened.

(I have windows 8.1)

Is it a virus taking up all the disk space?

What can i do to fix this?

 

Thanks! :)


Edited by SSIN, 12 November 2015 - 09:59 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 12 November 2015 - 10:03 AM

Hi SSIN :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 SSIN

SSIN
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 12 November 2015 - 10:12 AM

I'm not that great with computers, or english!

What do you mean by executable file?? The cache folder??



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 12 November 2015 - 10:14 AM

The executable file is MiniToolBox.exe, the file I ask you to download :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 SSIN

SSIN
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 12 November 2015 - 10:22 AM

I'm italian and i noticed somethings are written in italian! Hope you can help me anyway!!

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Altro (administrator) on 12-11-2015 at 16:20:31
Running from "C:\Users\ShaulaS.I\Desktop"
Microsoft Windows 8.1  (X64)
Model: Aspire E5-571G Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configurazione IP di Windows

Cache del resolver DNS svuotata.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Qualcomm Atheros AR956x Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Dispositivo Bluetooth (Personal Area Network) = Connessione di rete Bluetooth (Media disconnected)


# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Connessione alla rete locale (LAN)* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione alla rete locale (LAN)* 6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione alla rete locale (LAN)* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione di rete Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# Fine configurazione IPv4



Configurazione IP di Windows

   Nome host . . . . . . . . . . . . . . : SSIN
   Suffisso DNS primario . . . . . . . . :
   Tipo nodo . . . . . . . . . . . . . . : Ibrido
   Routing IP abilitato. . . . . . . . . : No
   Proxy WINS abilitato . . . . . . . .  : No

Scheda Ethernet Connessione di rete Bluetooth:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Dispositivo Bluetooth (Personal Area Network)
   Indirizzo fisico. . . . . . . . . . . : B8-EE-65-8C-1D-6B
   DHCP abilitato. . . . . . . . . . . . : S�
   Configurazione automatica abilitata   : S�

Scheda LAN wireless Connessione alla rete locale (LAN)* 5:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Indirizzo fisico. . . . . . . . . . . : 5A-EE-65-8B-AD-DB
   DHCP abilitato. . . . . . . . . . . . : S�
   Configurazione automatica abilitata   : S�

Scheda LAN wireless Connessione alla rete locale (LAN)* 6:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Indirizzo fisico. . . . . . . . . . . : 1A-EE-65-8B-AD-DB
   DHCP abilitato. . . . . . . . . . . . : S�
   Configurazione automatica abilitata   : S�

Scheda LAN wireless Wi-Fi:

   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
   Indirizzo fisico. . . . . . . . . . . : B8-EE-65-8B-AD-DB
   DHCP abilitato. . . . . . . . . . . . : S�
   Configurazione automatica abilitata   : S�
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::f8d5:4b37:6239:b492%4(Preferenziale)
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.106(Preferenziale)
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Lease ottenuto. . . . . . . . . . . . : gioved� 12 novembre 2015 15:03:38
   Scadenza lease . . . . . . . . . . .  : domenica 15 novembre 2015 15:03:37
   Gateway predefinito . . . . . . . . . : 192.168.1.1
   Server DHCP . . . . . . . . . . . . . : 192.168.1.1
   IAID DHCPv6 . . . . . . . . . . . : 112782949
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1B-0C-B9-40-F8-A9-63-71-EE-E1
   Server DNS . . . . . . . . . . . . .  : 192.168.1.1
   NetBIOS su TCP/IP . . . . . . . . . . : Attivato

Scheda Ethernet Ethernet:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: WDS01.COM
   Descrizione . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Indirizzo fisico. . . . . . . . . . . : F8-A9-63-71-EE-E1
   DHCP abilitato. . . . . . . . . . . . : S�
   Configurazione automatica abilitata   : S�

Scheda Tunnel Teredo Tunneling Pseudo-Interface:

   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S�
   Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:9d38:90d7:cb7:359a:3f57:fe95(Preferenziale)
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::cb7:359a:3f57:fe95%7(Preferenziale)
   Gateway predefinito . . . . . . . . . : ::
   IAID DHCPv6 . . . . . . . . . . . : 452984832
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1B-0C-B9-40-F8-A9-63-71-EE-E1
   NetBIOS su TCP/IP . . . . . . . . . . : Disattivato

Scheda Tunnel isatap.{26880FA3-0CBE-46D9-8D9E-D7D0F2EB2B6A}:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S�
Server:  UnKnown
Address:  192.168.1.1

Nome:    google.com
Addresses:  2a00:1450:4001:807::1005
      173.194.112.168
      173.194.112.166
      173.194.112.167
      173.194.112.160
      173.194.112.174
      173.194.112.169
      173.194.112.165
      173.194.112.161
      173.194.112.162
      173.194.112.164
      173.194.112.163


Esecuzione di Ping google.com [173.194.112.168] con 32 byte di dati:
Risposta da 173.194.112.168: byte=32 durata=26ms TTL=53
Risposta da 173.194.112.168: byte=32 durata=28ms TTL=53

Statistiche Ping per 173.194.112.168:
    Pacchetti: Trasmessi = 2, Ricevuti = 2,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 26ms, Massimo =  28ms, Medio =  27ms
Server:  UnKnown
Address:  192.168.1.1

Nome:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.139.183.24
      98.138.253.109
      206.190.36.45


Esecuzione di Ping yahoo.com [98.139.183.24] con 32 byte di dati:
Risposta da 98.139.183.24: byte=32 durata=127ms TTL=50
Risposta da 98.139.183.24: byte=32 durata=126ms TTL=49

Statistiche Ping per 98.139.183.24:
    Pacchetti: Trasmessi = 2, Ricevuti = 2,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 126ms, Massimo =  127ms, Medio =  126ms

Esecuzione di Ping 127.0.0.1 con 32 byte di dati:
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Statistiche Ping per 127.0.0.1:
    Pacchetti: Trasmessi = 2, Ricevuti = 2,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 0ms, Massimo =  0ms, Medio =  0ms
===========================================================================
Elenco interfacce
 11...b8 ee 65 8c 1d 6b ......Dispositivo Bluetooth (Personal Area Network)
  6...5a ee 65 8b ad db ......Microsoft Hosted Network Virtual Adapter
  5...1a ee 65 8b ad db ......Microsoft Wi-Fi Direct Virtual Adapter
  4...b8 ee 65 8b ad db ......Qualcomm Atheros AR956x Wireless Network Adapter
  3...f8 a9 63 71 ee e1 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.106     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.106    281
    192.168.1.106  255.255.255.255         On-link     192.168.1.106    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.106    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.106    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.106    281
===========================================================================
Route permanenti:
  Nessuna

IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:90d7:cb7:359a:3f57:fe95/128
                                    On-link
  4    281 fe80::/64                On-link
  7    306 fe80::/64                On-link
  7    306 fe80::cb7:359a:3f57:fe95/128
                                    On-link
  4    281 fe80::f8d5:4b37:6239:b492/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/12/2015 03:06:32 PM) (Source: TabletServicePen) (User: )
Description: TabletService Error:
Could not init tablet driver

Error: (11/12/2015 03:05:07 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (11/12/2015 02:29:10 PM) (Source: Application Hang) (User: )
Description: Il programma wwahost.exe versione 6.3.9600.17415 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 148c

Ora di avvio: 01d11d4d62dac7b8

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\syswow64\wwahost.exe

ID segnalazione: 580830d0-8941-11e5-82a8-b8ee658c1d6b

Nome completo pacchetto che ha generato l'errore: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID applicazione relativo al pacchetto che ha generato l'errore: App

Error: (11/12/2015 02:15:49 PM) (Source: Application Hang) (User: )
Description: Il programma wwahost.exe versione 6.3.9600.17415 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 123c

Ora di avvio: 01d11d4b81db9ac2

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\syswow64\wwahost.exe

ID segnalazione: 768367d4-893f-11e5-82a8-b8ee658c1d6b

Nome completo pacchetto che ha generato l'errore: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID applicazione relativo al pacchetto che ha generato l'errore: App

Error: (11/12/2015 02:00:40 PM) (Source: Application Hang) (User: )
Description: Il programma wwahost.exe versione 6.3.9600.17415 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 2234

Ora di avvio: 01d11d49696a89d0

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\syswow64\wwahost.exe

ID segnalazione: 5d3f771b-893d-11e5-82a8-b8ee658c1d6b

Nome completo pacchetto che ha generato l'errore: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID applicazione relativo al pacchetto che ha generato l'errore: App

Error: (11/12/2015 01:46:01 PM) (Source: Application Hang) (User: )
Description: Il programma wwahost.exe versione 6.3.9600.17415 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: a2c

Ora di avvio: 01d11d475101dec9

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\syswow64\wwahost.exe

ID segnalazione: 45ad7d1e-893b-11e5-82a8-b8ee658c1d6b

Nome completo pacchetto che ha generato l'errore: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID applicazione relativo al pacchetto che ha generato l'errore: App

Error: (11/12/2015 12:46:22 PM) (Source: Application Hang) (User: )
Description: Il programma wwahost.exe versione 6.3.9600.17415 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 9b8

Ora di avvio: 01d11d3eef302af1

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\syswow64\wwahost.exe

ID segnalazione: e3779dfb-8932-11e5-82a8-b8ee658c1d6b

Nome completo pacchetto che ha generato l'errore: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID applicazione relativo al pacchetto che ha generato l'errore: App

Error: (11/12/2015 12:26:05 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: PSANHost.exe, versione: 4.0.0.785, timestamp: 0x55b882dc
Nome del modulo che ha generato l'errore: psenlc.DLL, versione: 4.0.0.979, timestamp: 0x55b87fc8
Codice eccezione: 0xc0000005
Offset errore 0x000177dc
ID processo che ha generato l'errore: 0x7ac
Ora di avvio dell'applicazione che ha generato l'errore: 0xPSANHost.exe0
Percorso dell'applicazione che ha generato l'errore: PSANHost.exe1
Percorso del modulo che ha generato l'errore: PSANHost.exe2
ID segnalazione: PSANHost.exe3
Nome completo pacchetto che ha generato l'errore: PSANHost.exe4
ID applicazione relativo al pacchetto che ha generato l'errore: PSANHost.exe5

Error: (11/12/2015 12:16:07 PM) (Source: Application Hang) (User: )
Description: Il programma wwahost.exe versione 6.3.9600.17415 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1f8c

Ora di avvio: 01d11d3abe4dbac9

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\syswow64\wwahost.exe

ID segnalazione: b5d4eae0-892e-11e5-82a8-b8ee658c1d6b

Nome completo pacchetto che ha generato l'errore: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID applicazione relativo al pacchetto che ha generato l'errore: App

Error: (11/12/2015 11:15:38 AM) (Source: Application Hang) (User: )
Description: Il programma wwahost.exe versione 6.3.9600.17415 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1560

Ora di avvio: 01d11d325f3db764

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\syswow64\wwahost.exe

ID segnalazione: 50a94af9-8926-11e5-82a8-b8ee658c1d6b

Nome completo pacchetto che ha generato l'errore: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID applicazione relativo al pacchetto che ha generato l'errore: App


System errors:
=============
Error: (11/12/2015 03:07:14 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:07:07 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:07:00 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:06:53 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:06:47 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:06:40 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:06:33 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:06:26 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:06:20 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.

Error: (11/12/2015 03:06:13 PM) (Source: cdrom) (User: )
Description: Rilevato blocco danneggiato sul dispositivo \Device\CdRom0.


Microsoft Office Sessions:
=========================
Error: (11/12/2015 03:06:32 PM) (Source: TabletServicePen)(User: )
Description: Could not init tablet driver

Error: (11/12/2015 03:05:07 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (11/12/2015 02:29:10 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17415148c01d11d4d62dac7b84294967295C:\Windows\syswow64\wwahost.exe580830d0-8941-11e5-82a8-b8ee658c1d6bMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (11/12/2015 02:15:49 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17415123c01d11d4b81db9ac24294967295C:\Windows\syswow64\wwahost.exe768367d4-893f-11e5-82a8-b8ee658c1d6bMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (11/12/2015 02:00:40 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17415223401d11d49696a89d04294967295C:\Windows\syswow64\wwahost.exe5d3f771b-893d-11e5-82a8-b8ee658c1d6bMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (11/12/2015 01:46:01 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17415a2c01d11d475101dec94294967295C:\Windows\syswow64\wwahost.exe45ad7d1e-893b-11e5-82a8-b8ee658c1d6bMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (11/12/2015 12:46:22 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.174159b801d11d3eef302af14294967295C:\Windows\syswow64\wwahost.exee3779dfb-8932-11e5-82a8-b8ee658c1d6bMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (11/12/2015 12:26:05 PM) (Source: Application Error)(User: )
Description: PSANHost.exe4.0.0.78555b882dcpsenlc.DLL4.0.0.97955b87fc8c0000005000177dc7ac01d11befb5b123d8C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exeC:\Program Files (x86)\Panda Security\Panda Security Protection\psenlc.DLL2925749f-8930-11e5-82a8-b8ee658c1d6b

Error: (11/12/2015 12:16:07 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.174151f8c01d11d3abe4dbac94294967295C:\Windows\syswow64\wwahost.exeb5d4eae0-892e-11e5-82a8-b8ee658c1d6bMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (11/12/2015 11:15:38 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17415156001d11d325f3db7644294967295C:\Windows\syswow64\wwahost.exe50a94af9-8926-11e5-82a8-b8ee658c1d6bMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp


CodeIntegrity Errors:
===================================
  Date: 2015-03-22 18:18:47.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-21 23:02:30.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-21 22:32:10.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-14 14:42:53.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.5.1525 - Open Media LLC)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8103 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8103 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3010 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Aloha TriPeaks (HKLM-x32\...\WTA-3e164873-656b-4594-97cb-c99da121fbde) (Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{18BD67B4-2BB3-4D1B-A33A-1B57A3BB7A1C}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Bamboo (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canali di giochi (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Canali di giochi (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 9.2.0.11 - WildTangent, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-aa77ccf7-aa63-464c-8964-4a65424108f4) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-293d2cb5-3c76-4f57-be3f-9bf3e84fbd3b) (Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKCU\...\Pokki) (Version: 0.269.7.783 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{fb74531f-28c3-4dca-9849-e6b8faa85afe}) (Version: 1.5.0.1021 - Intel Corporation)
Intel® Technology Access Software Asset Manager (HKLM-x32\...\{22EC308C-6294-4924-9546-56B0B9164593}) (Version: 1.0.1562 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-b2e102ce-3cb3-4b8e-ae9f-c9ef36581aa1) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-9c002f20-b54a-4b36-84eb-b77d0a613e6e) (Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 it)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{2A845A64-3F80-41D7-9F33-6146E56997E6}) (Version: 3.3.9567 - OpenOffice.org)
Panda Devices Agent (HKLM-x32\...\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}) (Version: 1.06.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.05 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\{A5226610-3F78-4561-B799-432B37D20505}) (Version: 8.03.00.0000 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.00.01.0000 - Panda Security)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (HKLM-x32\...\WTA-092cc7f2-8ce5-4446-bd2b-a21942dd58bc) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-f5f562fd-05e2-4411-90e7-eeff523b9580) (Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKCU\...\Pokki_Start_Menu) (Version: 0.269.7.783 - Pokki)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-f37cd62a-ec6f-4d4d-8001-e76a8de30434) (Version: 3.0.2.32 - WildTangent) Hidden
TreeSize Free V3.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.2 - JAM Software)
Trinklit Supreme (HKLM-x32\...\WTA-ceeaba88-e03b-471b-899e-a0c2b0a7d6bf) (Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.103.31248 - Vodafone)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.5 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.4 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.14 - WildTangent) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8083.27 MB
Available physical RAM: 5856.38 MB
Total Virtual: 9363.27 MB
Available Virtual: 6501.3 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:912.71 GB) (Free:50.43 GB) NTFS
2 Drive d: (Death note pt2) (CDROM) (Total:4.26 GB) (Free:0 GB) CDFS

========================= Users: ========================================

Account utente per \\SSIN

Administrator            Altro                    guess                    
Guest                    UpdatusUser              
Esecuzione comando riuscita.


**** End of log ****
 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 12 November 2015 - 10:27 AM

All good :) Please uninstall the following program since it's outdated and vulnerable, Java™ 6 Update 22.

I noticed that you are using two Antivirus, Avira and Panda. You should never have more than one Antivirus installed at the time on a system. Having more than one can result in system instability and conflict between the two programs, which can lead to random issues. I suggest you to uninstall one of them, and keep the other. If you pay for one Antivirus (be it Avira or Panda), keep that one and uninstall the free one. For more information about the risks of running two Antivirus at the same time, read the IMPORTANT NOTE at the bottom of quietman7's article below.

Choosing an Anti-Virus Program

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 SSIN

SSIN
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 13 November 2015 - 09:32 AM

Hi Aura,

 

So I did everything you told me, but i still haven't recovered space on the disk!

What is the problem?? What should i do now? :/

 

Right now i'm doing a scan with Panda.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 13 November 2015 - 09:38 AM

I suggest you to delete the following folder.

C:\Users\$USERNAME\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp\cache
You might need to enable hidden and system files to see it.

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/#win7

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 SSIN

SSIN
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 13 November 2015 - 03:29 PM

While i was deleting the file it asked me this! What should i do?

 

the file 404b466b6bfefd5de0c0a19f33336d46_8f1064ca-63e6-4fcb-aa75-473df90

è un file di sistema. La rimozione del file potrebbe compromettere il funzionamento di Windows o di un altro programma.

 

Delete??



#10 BIGBEARJEDI

BIGBEARJEDI

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tattooine
  • Local time:03:56 PM

Posted 13 November 2015 - 05:50 PM

@Aura: 

 

this error message translated (per Bing) is:

is a system file. Removing the file could compromise a Windows or another program
 
Thought that might help. 
 
Also, looking in his FRST log, I noticed this:
 
========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:912.71 GB) (Free:50.43 GB) NTFS
2 Drive d: (Death note pt2) (CDROM) (Total:4.26 GB) (Free:0 GB) CDFS

 
**********************************************************************************************************
 
His C: drive is now at 94.47% used; 5.5% free space; he's completed clogged up that bootdrive!
I'm sure you noticed that he has a TON of games on this computer/drive; perhaps if you have him uninstall some of those (like most of them), you'd have enough room to run diagnostics and repair tools at that point. 
 
Just an observation!
Best, <<<BBJ>>>

Edited by BIGBEARJEDI, 13 November 2015 - 05:50 PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 13 November 2015 - 07:55 PM

Yes, please delete it. This is just because the file is "marked" as a system file, it isn't a "real" system file.

Thanks BBJ, I noticed all that already :P And it's a MiniToolBox log, not FRST. And 50GB of space is more than enough to run diagnostics and other tools :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 SSIN

SSIN
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 18 November 2015 - 04:41 AM

Thank you very much!! I recovered all my free space :)



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 18 November 2015 - 06:23 AM

No problem SSIN, you're welcome :) Was there anything else?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users