Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Airtostrong.exe? Solution? Am I inected ?


  • Please log in to reply
8 replies to this topic

#1 Mid0

Mid0

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 14 February 2016 - 12:40 PM

I follow all the instruction that buddy215 did in another topic and there is all my reults : 

 

Malwarebytes logs :

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 14/02/2016
Scan Time: 14:10
Logfile: Malwarebytes logs.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.14.03
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: mouad
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302613
Time Elapsed: 22 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.exe, 1704, Delete-on-Reboot, [405bd28e6237a78fec1175786f939769]
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.exe, 4724, Delete-on-Reboot, [405bd28e6237a78fec1175786f939769]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.Linkury, HKLM\SOFTWARE\mtAirtostrong, Quarantined, [405b2a361c7d1620663e1642f80c1be5], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, Quarantined, [bae193cdc0d963d3574adfe77f8407f9], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\TRACING\Airtostrong_RASAPI32, Quarantined, [8e0d3d232871a98d8b18b1a7b3515ca4], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\TRACING\Airtostrong_RASMANCS, Quarantined, [2e6d57099405181e4f54065252b21fe1], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, Quarantined, [3b603a26d2c767cfaee147cc6d97758b], 
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AIRTOSTRONG, Quarantined, [0e8da0c02f6ae1557e27b0a8aa5ad927], 
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-18303643-2388282814-1994630523-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, Quarantined, [9a0179e75a3fd4623d35629637cb10f0], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, Quarantined, [405bd28e6237a78fec1175786f939769], 
 
Registry Values: 8
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, Quarantined, [bae193cdc0d963d3574adfe77f8407f9]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}, Quarantined, [702ba9b7edac5fd72d75ad1910f37f81]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}, Quarantined, [cdce322e85146acc832062641de6e31d]
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AIRTOSTRONG|ImagePath, C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a, Quarantined, [0e8da0c02f6ae1557e27b0a8aa5ad927]
PUP.Optional.Linkury, HKU\S-1-5-18\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=MA&userid=823ee2e2-19df-9af7-f721-fb43840a4207&searchtype=sc&installDate=13-02-2016&barcodeid=50045888&channelid=888&av=windows, Quarantined, [4754520e0b8e5dd94ceae60406fd54ac]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-18303643-2388282814-1994630523-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, Quarantined, [9a0179e75a3fd4623d35629637cb10f0]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-18303643-2388282814-1994630523-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}, Quarantined, [d3c87be51980a393148bd2f4e61dac54]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-18303643-2388282814-1994630523-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}, Quarantined, [2b7071ef63368caa544c86402dd6f010]
 
Registry Data: 5
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[9cffe27e287194a2b620954c7c88c937]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-18303643-2388282814-1994630523-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}),Replaced,[8714c39d42572a0c25ab7c65b153d729]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-18303643-2388282814-1994630523-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}),Replaced,[2c6f40209801cf676d639d44ad57d42c]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-18303643-2388282814-1994630523-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}),Replaced,[7328510f8316fa3cece4657c4aba3dc3]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-18303643-2388282814-1994630523-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C02NlQZPj0IkLBxAl4WjwZmdLtQS1F-mko6kzNXVrC7wymiHuvCVBMVbISvx3h7A3MVYn4QKFz27xxIYW2fAhjJpZNDtnZ5tSOTng-76U6H3XDaINyemt1RloxllgBtXFVJh3_aIt-cYYzHzW4MrZEkJIYTD1T-A,&q={searchTerms}),Replaced,[316a64fc45549a9c735f39a86b9943bd]
 
Folders: 3
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs, Quarantined, [762593cd3465d95d7183e00c49b97090], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong, Delete-on-Reboot, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\ondemand, Quarantined, [405bd28e6237a78fec1175786f939769], 
 
Files: 28
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Hayflex.exe, Quarantined, [9efd67f9633677bff655993fb24f46ba], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Mathtam.dll, Quarantined, [e3b81b452f6adc5a4ebb9841ce33f60a], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\TransZap.exe, Quarantined, [a5f60f519bfe96a0024710c814ed639d], 
PUP.Optional.OpenCandy, C:\Users\mouad\Downloads\uTorrent.exe, Quarantined, [fba0aeb23c5d45f17bfba26347b904fc], 
PUP.Optional.Linkury.Gen, C:\Windows\System32\findit.xml, Quarantined, [b0eb84dcd4c59b9ba1c7797131d2cc34], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.dat, Delete-on-Reboot, [0e8da0c02f6ae1557e27b0a8aa5ad927], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.HP, Quarantined, [762593cd3465d95d7183e00c49b97090], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.NT, Quarantined, [762593cd3465d95d7183e00c49b97090], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\snp.sc, Quarantined, [762593cd3465d95d7183e00c49b97090], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.d.dat, Delete-on-Reboot, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.exe, Delete-on-Reboot, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\conf.config, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Config.xml, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\confpro.config, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Fixstring.bin, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Fundubfax.bin, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Hayflex.exe.config, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Holdlam.bin, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Itcanhome.dat, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\md.xml, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Namtough.bin, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\PrxCfg.xml, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Sonlux.dat, Delete-on-Reboot, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\TransZap.exe.config, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Tresstring.bin, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\UnaQuaddax.bin, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\uninstall.dat, Quarantined, [405bd28e6237a78fec1175786f939769], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Whitewarm.bin, Quarantined, [405bd28e6237a78fec1175786f939769], 
 
Physical Sectors: 0
(No malicious items detected)
 
AdwCleaner logs :
# AdwCleaner v5.033 - Rapport créé le 14/02/2016 à 15:00:14
# Mis à jour le 07/02/2016 par Xplode
# Base de données : 2016-02-07.2 [Serveur]
# Système d'exploitation : Windows 7 Starter Service Pack 1 (x86)
# Nom d'utilisateur : mouad - MOUAD-PC
# Exécuté depuis : C:\Users\mouad\Desktop\adwcleaner_5.033.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Dossiers ] *****
 
[-] Dossier Supprimé : C:\ProgramData\apn
[-] Dossier Supprimé : C:\Users\mouad\AppData\Roaming\RHEng
 
***** [ Fichiers ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Tâches planifiées ] *****
 
 
***** [ Registre ] *****
 
[-] Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Clé Supprimée : HKLM\SOFTWARE\Hola
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
 
***** [ Navigateurs ] *****
 
[-] [C:\Users\mouad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Supprimé : fcgnigmofekcllgbiejhmigggmgehkip
 
*************************
 
:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1499 octets] ##########
 
Junkware Removal Tool logs :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Starter x86 
Ran by mouad (Administrator) on 14/02/2016 at 15:08:29,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 30 
 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder) 
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_mouad (Task)
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7R0U8URP (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ASVCIKM (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2APLMP7 (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5QEMGOV (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGWOR842 (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ERI92I7A (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ4R1UW6 (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUXB7A72 (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H48G96JM (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ92Q16J (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKTG8ZEF (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZCABE0H (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M12KU8UI (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAH1OX0B (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFE8XY37 (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3RTEXZO (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZ14X82Z (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6H4714R (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7NAXH9Z (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPFV2Y9Q (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZWXGWS0 (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQ9U3ELX (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLNWCESS (Folder) 
Successfully deleted: C:\Users\mouad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDTUXJU6 (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/02/2016 at 15:11:22,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET Online Scanner logs :
C:\$RECYCLEBIN\Adobe.rar VBS/Agent.NHZ worm
C:\$RECYCLEBIN\Skype.rar VBS/Agent.NHZ worm
C:\$RECYCLEBIN\Vlc.rar VBS/Runner.NDF trojan
C:\Program Files\BitTorrent\bin\11a676ba-f8a8-4ac3-b0cf-33bc8ffa0ccf\Jackson.exe a variant of Win32/Toolbar.Linkury.AR potentially unwanted application
C:\Program Files\BitTorrent\bin\11a676ba-f8a8-4ac3-b0cf-33bc8ffa0ccf\xtc.exe a variant of MSIL/Toolbar.Linkury.AF potentially unwanted application
C:\Program Files\Common Files\2xcrtzr0.exe Win32/Toolbar.Linkury.AS potentially unwanted application
C:\Program Files\Common Files\jvwsubhq.exe Win32/Toolbar.Linkury.AS potentially unwanted application
C:\Program Files\Common Files\witgj23q.exe Win32/Toolbar.Linkury.AS potentially unwanted application
C:\Program Files\Common Files\3larb5s4\e6b1cyonhebfv.exe a variant of MSIL/Toolbar.Linkury.AG potentially unwanted application
C:\Program Files\Common Files\khdi5uic\7002at4vjwvfr.exe a variant of MSIL/Toolbar.Linkury.AG potentially unwanted application
D:\$RECYCLEBIN\01 VBS/Agent.NHZ worm
D:\$RECYCLEBIN\03 VBS/Runner.NDF trojan
D:\$RECYCLEBIN\05 VBS/Agent.NHZ worm
D:\$RECYCLEBIN\Adobe.rar VBS/Agent.NHZ worm
D:\$RECYCLEBIN\Skype.rar VBS/Agent.NHZ worm
D:\$RECYCLEBIN\Vlc.rar VBS/Runner.NDF trojan
D:\MOUAD-PC\Backup Set 2015-06-07 190007\Backup Files 2015-06-07 190007\Backup files 2.zip a variant of Win32/InstallCore.ACZ potentially unwanted application
 

Edited by Mid0, 14 February 2016 - 01:21 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:43 AM

Posted 14 February 2016 - 02:06 PM

Eset found and removed some trojans and worms. Do another scan using the program below. There is evidence in the logs

that using a torrent is the source of the adware and malware. We see that often in this forum. Best not to download free stuff

such as movies, music and cracked software using p2p programs...may be illegal, too.

EDIT: Adios, Hola! - Why you should immediately uninstall Hola

 

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the malware scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 14 February 2016 - 02:18 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Mid0

Mid0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 14 February 2016 - 09:14 PM

Thank you for your reply there is my results :

 

Emsisoft Emergency Kit logs :

 

Emsisoft Emergency Kit - Version 11.0

Dernière mise à jour : 15/02/2016 00:27:50
Compte utilisateur : mouad-PC\mouad
 
Paramètres d'analyse :
 
Type d'analyse : Analyse anti-malware
Éléments : Rootkits, Mémoire, Traces, Fichiers
 
Détecter des PUP : Activé
Archives d'analyse : Désactivé
Analyse ADS : Activé
Flitre d'extensions de fichier : Désactivé
Cache avancé : Activé
Accès direct au disque : Désactivé
 
Début d'analyse : 15/02/2016 01:54:56
C:\Windows\TEMP\Smartbar Détectés : Application.Win32.WebToolbar (A)
C:\Program Files\Common Files\khdi5uic\7002at4vjwvfr.exe Détectés : Gen:Variant.Zusy.181655 (B)
C:\Program Files\Common Files\3larb5s4\e6b1cyonhebfv.exe Détectés : Gen:Variant.Zusy.181655 (B)
 
Analysés 69996
Trouvés 3
 
Fin de l'analyse : 15/02/2016 02:03:32
Durée de l'analyse : 0:08:36
 
 
Windows Startups :
 
Yes HKCU:Run Advanced SystemCare 8 IObit "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKLM:Run Acer ePower Management Acer Incorporated C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
Yes HKLM:Run ETDWare ELAN Microelectronic Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run IAStorIcon Intel Corporation C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run RazerCortex Razer Inc. C:\Program Files\Razer\Razer Cortex\RazerCortex.exe -autorun
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes Startup User C-cleaner.lnk Microsoft Corporation C:\Windows\system32\wscript.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\mouad\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User VideoLAN.lnk Microsoft Corporation C:\Windows\system32\wscript.exe
 
 
Scheduled Tasks :
 
Yes Task ASC8_PerformanceMonitor IObit C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe /Task
Yes Task ASC8_SkipUac_mouad IObit "C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac
Yes Task baiwyjpo C:\Program Files\Common Files\3larb5s4\e6b1cyonhebfv.exe
Yes Task bfbswwhm C:\Program Files\Common Files\khdi5uic\7002at4vjwvfr.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
No Task DropboxUpdateTaskUserS-1-5-21-18303643-2388282814-1994630523-1000Core Dropbox, Inc. C:\Users\mouad\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
No Task DropboxUpdateTaskUserS-1-5-21-18303643-2388282814-1994630523-1000UA Dropbox, Inc. C:\Users\mouad\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {4BA6237D-4EE4-4842-B3ED-F0BA18BDB1EE} Riot Games, Inc. C:\Riot Games\League of Legends\lol.launcher.exe
 
list of programs installed :
 
7-Zip 9.20 01/01/2015
Acrobat.com Adobe Systems Incorporated 30/09/2010 1,60 MB 1.6.65
Adobe AIR Adobe Systems Incorporated 21/08/2015 18.0.0.199
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 11/02/2016 17,6 MB 20.0.0.306
Adobe Photoshop Elements 8.0 Adobe Systems Incorporated 22/11/2014 1,54 GB 8.0
Adobe Reader 9.1 MUI Adobe Systems Incorporated 30/09/2010 650 MB 9.1.0
Advanced SystemCare 8 IObit 29/08/2015 123 MB 8.4.0
Assistant de connexion Windows Live Microsoft Corporation 22/11/2014 1,93 MB 5.000.818.5
Broadcom Gigabit NetLink Controller Broadcom Corporation 30/09/2010 393 KB 14.0.2.3
CCleaner Piriform 14/02/2016 5.14
CyberLink PowerDVD 9 CyberLink Corp. 22/11/2014 114 MB 9.0.3216.50
Dropbox Dropbox, Inc. 11/12/2015 3.12.5
ESET Online Scanner v3 14/02/2016
ETDWare PS/2-x86 7.0.6.5_WHQL ELAN Microelectronics Corp. 22/11/2014 7.0.6.5
Google Chrome Google Inc. 01/12/2014 48.0.2564.109
Identity Card Packard Bell 22/11/2014 1.00.3003
Installation Windows Live Microsoft Corporation 22/11/2014 14.0.8117.0416
Intel® Control Center Intel Corporation 22/11/2014 1.2.1.1007
Intel® Graphics Media Accelerator Driver Intel Corporation 23/11/2014 8.15.10.2182
Intel® Management Engine Components Intel Corporation 23/11/2014 6.0.0.1179
Intel® Rapid Storage Technology Intel Corporation 23/11/2014 9.6.2.1001
Internet Mobile Huawei Technologies Co.,Ltd 24/11/2014 11.302.09.05.162
IObit Uninstaller IObit 29/08/2015 4.3.0.5
Java 8 Update 66 Oracle Corporation 21/11/2015 88,9 MB 8.0.660.18
Launch Manager Packard Bell 22/11/2014 4.0.14
League of Legends Riot Games 07/02/2016 3.0.1
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 11/02/2016 65,9 MB 2.2.0.1024
Microsoft .NET Framework 4.5.2 Microsoft Corporation 17/01/2015 38,8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (Français) Microsoft Corporation 21/10/2015 2,93 MB 4.5.51209
Microsoft Office Standard 2007 Microsoft Corporation 13/12/2014 12.0.4518.1014
Microsoft Silverlight Microsoft Corporation 25/02/2015 42,5 MB 5.1.20913.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22/11/2014 1,72 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22/11/2014 2,69 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 17/03/2015 1,41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30/09/2010 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30/09/2010 596 KB 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 Microsoft Corporation 03/07/2015 734 KB 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 03/07/2015 17,1 MB 12.0.30501.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25/11/2014 35,0 KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25/11/2014 1,33 MB 4.20.9876.0
Nero 9 Essentials Nero AG 30/09/2010
Outil de téléchargement Windows Live Microsoft Corporation 22/11/2014 224 KB 14.0.8014.1029
Packard Bell Games WildTangent 22/11/2014 1.0.1.3
Packard Bell InfoCentre Packard Bell 22/11/2014 3.02.3000
Packard Bell MyBackup NewTech Infosystems 30/09/2010 33,3 MB 2.0.0.68
Packard Bell Power Management Packard Bell 22/11/2014 5.00.3005
Packard Bell Recovery Management Packard Bell 30/09/2010 4.05.3013
Packard Bell Registration Packard Bell 22/11/2014 1.03.3003
Packard Bell ScreenSaver Packard Bell 22/11/2014 1.1.0806.2010
Packard Bell Social Networks CyberLink Corp. 30/09/2010 25,8 MB 1.0.1901
Pokemon Showdown "Pokemon Showdown" 02/01/2016 46,8 MB
Razer Cortex Razer Inc. 11/02/2016 142 MB 6.4.6.10930
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22/11/2014 6.0.1.6141
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 30/09/2010 6.1.7600.30122
Skype Click to Call Microsoft Corporation 15/01/2016 7,92 MB 8.0.0.9103
Skype™ 7.17 Skype Technologies S.A. 10/01/2016 79,2 MB 7.17.106
VI Package Manager 2014 JKI 25/02/2015 68,7 MB 14.0.1941
Video Web Camera Chicony Electronics Co.,Ltd. 22/11/2014 1.7.137.706
VLC media player VideoLAN 22/01/2015 2.1.5
Welcome Center Packard Bell 22/11/2014 1.02.3004
Windows Live FolderShare Microsoft Corporation 22/11/2014 2,79 MB 14.0.8117.416
WinRAR 5.20 beta 1 (32-bit) win.rar GmbH 24/12/2014 5.20.1
Xilinx ISE 9.2i 01/12/2014
 


#4 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:43 AM

Posted 14 February 2016 - 10:29 PM

The Eset online scan log does not show that what it found was removed/ quarantined. Please run the

scan again and be sure to check Remove found threats.

  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:43 AM

Posted 14 February 2016 - 10:50 PM

Delete this Windows Startup: Use CCleaner by clicking on it and then choosing Delete on the right.

Yes HKCU:Run Advanced SystemCare 8 IObit "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto

 

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes Startup User C-cleaner.lnk Microsoft Corporation C:\Windows\system32\wscript.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\mouad\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User VideoLAN.lnk Microsoft Corporation C:\Windows\system32\wscript.exe
 
Delete these Scheduled Tasks:
Yes Task ASC8_PerformanceMonitor IObit C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe /Task
Yes Task ASC8_SkipUac_mouad IObit "C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac
Yes Task baiwyjpo C:\Program Files\Common Files\3larb5s4\e6b1cyonhebfv.exe
Yes Task bfbswwhm C:\Program Files\Common Files\khdi5uic\7002at4vjwvfr.exe
 
Disable these Scheduled Tasks:
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {4BA6237D-4EE4-4842-B3ED-F0BA18BDB1EE} Riot Games, Inc. C:\Riot Games\League of Legends\lol.launcher.exe
 
Uninstall these programs:  (old Adobe programs are malware magnets)
Acrobat.com Adobe Systems Incorporated 30/09/2010 1,60 MB 1.6.65
Adobe AIR Adobe Systems Incorporated 21/08/2015 18.0.0.199
Adobe Reader 9.1 MUI Adobe Systems Incorporated 30/09/2010 650 MB 9.1.0
Advanced SystemCare 8 IObit 29/08/2015 123 MB 8.4.0
IObit Uninstaller IObit 29/08/2015 4.3.0.5
Microsoft Silverlight Microsoft Corporation 25/02/2015 42,5 MB 5.1.20913.0 (Or Update it)
Packard Bell Games WildTangent 22/11/2014 1.0.1.3

Skype Click to Call Microsoft Corporation 15/01/2016 7,92 MB 8.0.0.9103

 

Use Download Revo Uninstaller Freeware in Advanced Mode to uninstall programs that give you a problem while uninstalling using CCleaner.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Mid0

Mid0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 15 February 2016 - 12:42 PM

there is my ESETScan :

 

C:\$RECYCLEBIN\Adobe.rar VBS/Agent.NHZ worm cleaned by deleting

C:\$RECYCLEBIN\Skype.rar VBS/Agent.NHZ worm cleaned by deleting
C:\$RECYCLEBIN\Vlc.rar VBS/Runner.NDF trojan cleaned by deleting
D:\$RECYCLEBIN\01 VBS/Agent.NHZ worm cleaned by deleting
D:\$RECYCLEBIN\03 VBS/Runner.NDF trojan cleaned by deleting
D:\$RECYCLEBIN\05 VBS/Agent.NHZ worm cleaned by deleting
D:\$RECYCLEBIN\Adobe.rar VBS/Agent.NHZ worm cleaned by deleting
D:\$RECYCLEBIN\Skype.rar VBS/Agent.NHZ worm cleaned by deleting
D:\$RECYCLEBIN\Vlc.rar VBS/Runner.NDF trojan cleaned by deleting
 
 
and what do you advice me for replacing Adobe and a good free anti-virus if you know one ?

Edited by Mid0, 15 February 2016 - 12:43 PM.


#7 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:43 AM

Posted 15 February 2016 - 01:36 PM

If you only need Adobe Reader for viewing pdf files then Free PDF Reader - Sumatra PDF would be a good choice.

 

Avast is a popular free antivirus.  Avast | Download Free Antivirus for PC, Mac & Android

I would not recommend AVG....too much adware.

 

A good place to get a lot of popular software that is not bundled with

adware is Ninite - Install or Update Multiple Apps at Once .

 

How is the computer performing....up to par?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Mid0

Mid0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 15 February 2016 - 01:51 PM

Thanks man for taking from your time to help me, my computer is performing well and look better now. you are the man  :clapping:



#9 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:43 AM

Posted 15 February 2016 - 01:59 PM

Good....you're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users