Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspecting a Virus; RAM is 6GB (Only 1.99 usable)


  • This topic is locked This topic is locked
20 replies to this topic

#1 abdjod2004

abdjod2004

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 21 April 2016 - 08:13 PM

Computer gave me BSOD 3 times today. I am suspecting a virus cause i installed a pirated game with a crack recently. Whenever the computer reboots, it reboots twice and then starts windows normally. RAM is 6GB but it says only 1.99 is usable which is a new thing. I attached the scan logs and i really appreciate your kind help. Thanks in advance...

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 22 April 2016 - 09:04 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

2.

Download 51a46ae42d560-malwarebytes_anti_malware. MalwareBytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.


  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.


  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.


Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 abdjod2004

abdjod2004
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 22 April 2016 - 02:30 PM

Thank you brother fireman4it for your help.

 

Here is AdwCleaner

==============================================

 

# AdwCleaner v5.112 - Logfile created 22/04/2016 at 22:09:54
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : User - USER-PC
# Running from : C:\Users\Guest\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc
[-] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d30ke5tqu2tkyx.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d30ke5tqu2tkyx.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d3b3ehuo35wzeh.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d3b3ehuo35wzeh.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AndyAPK
[-] Key Deleted : HKLM\SOFTWARE\Classes\AndyApp
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
\AdwCleaner\AdwCleaner[C1].txt - [2958 bytes] - [22/04/2016 22:09:54]
\AdwCleaner\AdwCleaner[R0].txt - [9303 bytes] - [02/11/2014 23:41:28]
\AdwCleaner\AdwCleaner[R1].txt - [1931 bytes] - [03/11/2014 01:26:53]
\AdwCleaner\AdwCleaner[R2].txt - [3568 bytes] - [15/01/2016 21:35:00]
\AdwCleaner\AdwCleaner[R3].txt - [1561 bytes] - [15/01/2016 23:21:50]
\AdwCleaner\AdwCleaner[R4].txt - [14789 bytes] - [24/01/2016 22:03:19]
\AdwCleaner\AdwCleaner[R5].txt - [11856 bytes] - [15/04/2016 11:36:46]
\AdwCleaner\AdwCleaner[S0].txt - [2007 bytes] - [03/11/2014 01:31:03]
\AdwCleaner\AdwCleaner[S1].txt - [7297 bytes] - [15/01/2016 23:17:21]
\AdwCleaner\AdwCleaner[S2].txt - [1623 bytes] - [15/01/2016 23:25:38]
\AdwCleaner\AdwCleaner[S3].txt - [15134 bytes] - [24/01/2016 22:04:16]
\AdwCleaner\AdwCleaner[S4].txt - [12133 bytes] - [15/04/2016 11:45:37]
 
########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [3814 bytes] ##########


#4 abdjod2004

abdjod2004
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 22 April 2016 - 02:33 PM

I ran Malwarebytes software this morning before you replied to me. Here is the log:

==================================================================

 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15/07/37
Scan Time: 04:08 م
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.22.03
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 524455
Time Elapsed: 8 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Downloader, C:\Program Files (x86)\AntiDust.exe, Quarantined, [38a3a50cedacb6802766b0d8ba48659b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by abdjod2004, 22 April 2016 - 02:33 PM.


#5 abdjod2004

abdjod2004
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 22 April 2016 - 02:35 PM

Here is the log of the most recent check by Malwarebytes:

================================================

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15/07/37
Scan Time: 10:20 م
Logfile: 
Administrator: No
 
Version: 2.2.1.1043
Malware Database: v2016.04.22.06
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Guest
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 282919
Time Elapsed: 5 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Again, I really appreciate your help...



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 22 April 2016 - 02:41 PM

ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 abdjod2004

abdjod2004
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 22 April 2016 - 03:12 PM

Brother, here is the scan log:

=================

 

Emsisoft Emergency Kit - Version 11.0
Last update: 4/22/2016 11:02:42 PM
User account: User-PC\User
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 4/22/2016 11:03:16 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
 
Scanned 81687
Found 2
 
Scan end: 4/22/2016 11:08:25 PM
Scan time: 0:05:09
 
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
 
Quarantined 1


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 25 April 2016 - 04:07 PM

Please run FRST again like you did the first time you ran it and post the new FRST.txt.  How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 abdjod2004

abdjod2004
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 25 April 2016 - 04:22 PM

The PC got momentarily better but it now got worse again. Now it is back to the same old symptoms: 6 GB Ram (1.99 usable) and BSODs and occasional freezes

-------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by User (administrator) on USER-PC (26-04-2016 00:20:27)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13637848 2013-08-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [LiveZilla] => C:\Program Files (x86)\LiveZilla\LiveZilla.exe [8929832 2013-12-06] (LiveZilla GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23485208 2016-03-30] (Google)
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].txt [2127 2016-04-25] ()
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2015-12-07]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3404874387-29767065-3320230504-1000] => localhost:8081
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{E7E9BCAE-18CF-4A18-809A-E16EBDD2C2A9}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{EDC18346-481F-40DA-A027-E7F6A4E193B8}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3404874387-29767065-3320230504-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3404874387-29767065-3320230504-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-19] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugx8sgok.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.0.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3404874387-29767065-3320230504-1000: @citrixonline.com/appdetectorplugin -> C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-3404874387-29767065-3320230504-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugx8sgok.default\Extensions\abs@avira.com [2016-04-25]
FF Extension: Avira SafeSearch Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ugx8sgok.default\Extensions\safesearchplus@avira.com [2015-11-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\S-1-5-21-3404874387-29767065-3320230504-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\User\AppData\Local\XDM\xdmff => not found
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (عروض Google التقديمية) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-26]
CHR Extension: (محرّر مستندات Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-26]
CHR Extension: (Youtube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-26]
CHR Extension: (جداول بيانات Google ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-26]
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-26]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (Avira SafeSearch) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2016-04-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3404874387-29767065-3320230504-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.SV5YN5PDC64IYPH23IVYAMZOQI - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-09] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-25] (SurfRight B.V.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-09] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-03-09] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-10-05] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-03-09] (Avira Operations GmbH & Co. KG)
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-06] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2011-04-08] (Realtek Semiconductor Corporation                           )
S2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2015-06-24] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-25 23:26 - 2016-04-25 23:26 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-25 23:26 - 2016-04-25 23:26 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-25 23:23 - 2016-04-25 23:24 - 00000000 ____D C:\Users\Guest\AppData\Local\Deployment
2016-04-25 23:23 - 2016-04-25 23:23 - 00000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0
2016-04-25 23:17 - 2016-04-25 23:17 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2016-04-25 23:05 - 2016-04-25 23:05 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla
2016-04-25 23:05 - 2016-04-25 23:05 - 00000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2016-04-25 22:27 - 2016-04-25 22:27 - 00001853 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-25 22:27 - 2016-04-25 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-25 22:27 - 2016-04-25 22:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-25 22:25 - 2016-04-25 23:00 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-25 22:25 - 2016-04-25 22:26 - 11441744 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe
2016-04-25 21:37 - 2016-04-25 21:37 - 03580480 _____ C:\Users\User\Desktop\adwcleaner_5.113.exe
2016-04-24 19:25 - 2016-04-24 19:25 - 05312793 _____ C:\Users\Guest\Desktop\pairing_utility_1.00.009.zip
2016-04-24 19:25 - 2016-04-24 19:25 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WinRAR
2016-04-23 06:40 - 2016-04-23 06:40 - 00000000 ____D C:\Users\Guest\AppData\Roaming\TeamViewer
2016-04-23 06:17 - 2016-04-23 06:17 - 00000000 ____D C:\Users\Guest\AppData\Local\TeamViewer
2016-04-23 06:11 - 2016-04-23 06:12 - 00000000 ____D C:\Users\Guest\AppData\Local\Your Freedom
2016-04-22 23:10 - 2016-04-22 23:10 - 00001810 _____ C:\Users\User\Desktop\scan_160422-230316.txt
2016-04-22 23:09 - 2016-04-22 23:09 - 00000356 _____ C:\Users\User\Desktop\Scan_160422-230942.txt
2016-04-22 22:58 - 2016-04-25 22:20 - 00000000 ____D C:\EEK
2016-04-22 22:43 - 2016-04-22 22:57 - 228536880 _____ C:\Users\Guest\Desktop\EmsisoftEmergencyKit.exe
2016-04-22 22:27 - 2016-04-22 22:27 - 00000049 _____ C:\Users\Guest\Desktop\494.txt
2016-04-22 16:32 - 2016-04-22 16:32 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Avira
2016-04-22 16:28 - 2016-04-22 16:28 - 00000000 ____D C:\Users\Guest\AppData\Local\Steam
2016-04-22 16:28 - 2016-04-22 16:28 - 00000000 ____D C:\Users\Guest\AppData\Local\CEF
2016-04-22 16:27 - 2016-04-25 21:12 - 00000000 ____D C:\Users\Guest\AppData\Roaming\TS3Client
2016-04-22 16:27 - 2016-04-22 16:30 - 00000000 ____D C:\Users\Guest\Documents\LiveZilla
2016-04-22 16:27 - 2016-04-22 16:27 - 00108840 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-22 16:27 - 2016-04-22 16:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Andy
2016-04-22 16:27 - 2016-04-22 16:27 - 00000000 ____D C:\Users\Guest\Andy
2016-04-22 16:26 - 2016-04-25 23:24 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-04-22 16:26 - 2016-04-22 16:27 - 00000000 ____D C:\Users\Guest
2016-04-22 16:26 - 2016-04-22 16:26 - 00001439 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-22 16:26 - 2016-04-22 16:26 - 00001365 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-22 16:26 - 2016-04-22 16:26 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2016-04-22 16:26 - 2016-04-22 16:26 - 00000000 _SHDL C:\Users\Guest\My Documents
2016-04-22 16:26 - 2016-04-22 16:26 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2016-04-22 16:26 - 2016-04-22 16:26 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2016-04-22 16:26 - 2016-04-22 16:26 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2016-04-22 16:26 - 2016-04-22 16:26 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-04-22 16:26 - 2016-04-22 16:26 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-04-22 16:26 - 2013-09-29 09:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\TuneUp Software
2016-04-22 16:26 - 2010-11-21 10:16 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2016-04-22 16:04 - 2016-04-25 21:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-22 16:04 - 2016-04-22 16:04 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-22 16:04 - 2016-04-22 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-22 16:04 - 2016-04-22 16:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-22 16:04 - 2016-04-22 16:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-22 16:04 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-22 16:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-22 16:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-22 15:57 - 2016-04-22 15:58 - 22851472 _____ (Malwarebytes ) C:\Users\User\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-22 15:46 - 2016-04-22 15:46 - 00290864 _____ C:\Windows\Minidump\042216-21325-01.dmp
2016-04-22 03:58 - 2016-04-22 04:00 - 00042926 _____ C:\Users\User\Desktop\Addition.txt
2016-04-22 03:57 - 2016-04-26 00:20 - 00000000 ____D C:\FRST
2016-04-22 03:57 - 2016-04-26 00:20 - 00000000 _____ C:\Users\User\Desktop\FRST.txt
2016-04-22 03:56 - 2016-04-22 03:56 - 02375680 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2016-04-22 03:36 - 2016-04-22 03:36 - 00030515 _____ C:\Users\User\Desktop\ComboFix.txt
2016-04-22 03:31 - 2016-04-26 00:14 - 01296338 _____ C:\Windows\ntbtlog.txt
2016-04-22 01:12 - 2016-04-22 01:12 - 00262144 _____ C:\Windows\Minidump\042216-22760-01.dmp
2016-04-22 01:11 - 2016-04-26 00:05 - 541427886 _____ C:\Windows\MEMORY.DMP
2016-04-21 16:20 - 2016-04-21 16:20 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2016-04-21 07:39 - 2016-04-21 07:39 - 00000000 ____D C:\Users\User\Desktop\old utorrent fil
2016-04-21 07:39 - 2016-03-06 12:34 - 00335872 _____ (BitTorrent Inc.) C:\Users\User\Desktop\uTorrent.exe
2016-04-16 22:48 - 2016-04-16 22:48 - 00005476 _____ C:\Users\User\Desktop\275A9D25505778322563CBA40A7DD934E522EAE3.torrent
2016-04-15 11:11 - 2016-04-15 11:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-15 10:51 - 2016-04-15 10:51 - 00003004 _____ C:\Users\User\Desktop\Rkill.txt
2016-04-13 18:06 - 2016-04-15 11:30 - 00000646 _____ C:\Users\User\Desktop\6565.txt
2016-04-06 23:29 - 2016-04-13 18:04 - 00001028 _____ C:\Users\Public\Desktop\Your Freedom.lnk
2016-03-27 07:22 - 2016-03-27 07:22 - 00241736 _____ C:\Users\User\Desktop\DUCSetup_v4_1_1.exe
2016-03-27 07:22 - 2016-03-27 07:22 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2016-03-27 07:22 - 2016-03-27 07:22 - 00000000 ____D C:\Users\User\AppData\Local\Vitalwerks
2016-03-27 07:22 - 2016-03-27 07:22 - 00000000 ____D C:\ProgramData\Vitalwerks
2016-03-27 07:22 - 2016-03-27 07:22 - 00000000 ____D C:\Program Files (x86)\No-IP
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-26 00:14 - 2013-09-29 09:02 - 00000000 ____D C:\Users\User\AppData\Local\Google
2016-04-26 00:06 - 2015-12-07 05:47 - 00000000 ____D C:\ProgramData\VMware
2016-04-26 00:06 - 2013-09-30 20:41 - 00000838 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-26 00:05 - 2014-05-06 00:15 - 00000000 ____D C:\Windows\Minidump
2016-04-26 00:05 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-25 23:52 - 2013-12-19 23:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-25 23:45 - 2015-06-17 08:34 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3404874387-29767065-3320230504-1000UA.job
2016-04-25 23:36 - 2014-11-25 18:45 - 00000536 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3404874387-29767065-3320230504-1000.job
2016-04-25 23:26 - 2013-09-29 09:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-25 23:25 - 2013-09-30 20:41 - 00000842 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 23:17 - 2009-07-14 07:45 - 00027680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-25 23:17 - 2009-07-14 07:45 - 00027680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-25 21:53 - 2013-09-28 19:02 - 00001443 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-25 21:39 - 2014-11-02 23:41 - 00000000 ____D C:\AdwCleaner
2016-04-25 20:52 - 2015-06-05 01:18 - 00000632 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3404874387-29767065-3320230504-1000.job
2016-04-25 20:16 - 2013-09-30 20:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-25 17:45 - 2015-06-17 08:34 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3404874387-29767065-3320230504-1000Core.job
2016-04-22 16:54 - 2014-03-05 18:48 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2016-04-22 16:51 - 2014-03-05 18:48 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-22 16:25 - 2013-10-14 13:40 - 00000000 ___RD C:\Users\User\Dropbox
2016-04-22 16:22 - 2013-09-28 19:38 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2DB4729-7675-4C0D-9EE9-08A465D10D32}
2016-04-22 16:21 - 2016-01-15 21:40 - 00000000 ___RD C:\Users\User\Google Drive
2016-04-22 16:18 - 2013-09-29 08:21 - 00000000 ____D C:\Windows\PCHEALTH
2016-04-22 03:36 - 2015-11-08 08:21 - 00000000 ____D C:\Qoobox
2016-04-22 03:31 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2016-04-22 03:13 - 2013-12-21 04:50 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2010
2016-04-22 01:33 - 2016-01-29 04:52 - 00001028 _____ C:\Users\User\Desktop\Your Freedom.lnk
2016-04-22 01:22 - 2009-07-14 08:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-22 01:06 - 2013-09-29 08:16 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-04-21 12:30 - 2016-01-15 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-20 06:10 - 2013-09-28 19:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-19 18:20 - 2013-09-30 23:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-18 20:49 - 2013-10-01 00:50 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2016-04-18 18:36 - 2015-11-08 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-16 23:23 - 2013-10-01 00:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Media Player Classic
2016-04-16 22:43 - 2016-02-10 11:43 - 00000000 ___SD C:\Users\User\AppData\LocalLow\Temp
2016-04-15 14:13 - 2015-06-05 01:18 - 00003658 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3404874387-29767065-3320230504-1000
2016-04-15 14:13 - 2014-11-25 18:45 - 00003562 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3404874387-29767065-3320230504-1000
2016-04-15 13:55 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-04-15 11:11 - 2013-10-14 13:28 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2016-04-15 07:30 - 2013-11-07 22:50 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-04-14 20:59 - 2014-03-30 02:05 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-14 20:59 - 2014-01-04 09:49 - 00000000 ____D C:\Users\AutoM
2016-04-14 20:59 - 2013-12-22 19:00 - 00000000 ____D C:\Users\asareer
2016-04-14 20:59 - 2013-12-22 15:40 - 00000000 ____D C:\Users\Classic .NET AppPool
2016-04-14 20:50 - 2016-01-24 22:19 - 05660069 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2016-04-07 21:52 - 2013-12-19 23:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 21:52 - 2013-09-28 19:41 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 21:52 - 2013-09-28 19:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-05 18:37 - 2015-03-11 20:11 - 00000000 ____D C:\Users\User\AppData\Local\TeamSpeak 3 Client
2016-04-03 17:48 - 2014-06-28 16:37 - 00002000 ____H C:\Users\User\Documents\Default.rdp
 
==================== Files in the root of some directories =======
 
2014-02-26 18:22 - 2014-02-26 18:22 - 0000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2014-03-09 15:26 - 2014-03-09 15:26 - 0000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2013-09-28 19:07 - 2013-09-28 19:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-18 02:26
 
==================== End of FRST.txt ============================


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 26 April 2016 - 04:32 PM

There is no malware on your computer that I am seeing. Try this tool see if it helps.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 abdjod2004

abdjod2004
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 26 April 2016 - 11:38 PM

I am really sorry to trouble you but bro, How do explain this: i get "Not Available" in both RAM and CPU when i login in a guest account whereas i get normal specs if i login into an admin account. Also, yesterday when i had several BSODs, I then got the Ram again to show usable 1.99 GB and my computer will freeze. I rebooted and i went into safemode and ran AdwCleaner and Malewarebytes and after that i ran Combofix. Now the RAM is back to 6GB but i am afraid it will be corrupted again if we dont get the root cause of this: a rootkit or bootkit. I ran GMER tool and it gave me several results in the scan but i didnt know what to do with them. By the way, i deleted Chrome (my preferred browser) and made sure all user data folders are removed from the drive because i think it was packing several malicious extensions



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 27 April 2016 - 07:02 AM

So what you are telling me is that you went ahead and ran a bunch of tools with out me telling you to? Now I have no idea what they have done. None of the logs you have provided is showing a rootkit or bootkit. Now please don't run any more tools unless I direct you to. Did you run the windows repair tool?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 abdjod2004

abdjod2004
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 27 April 2016 - 11:10 PM

Yes i ran the repair tool. There are 16 files inside the folder. hould i zip the folder and post it here (via google drive)?



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 28 April 2016 - 04:39 PM

How is the machine running after running that tool? yes just zip and attach it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 abdjod2004

abdjod2004
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 30 April 2016 - 12:13 AM

Thank you brother for your concern. The system is more stable now. Although I am still afraid to login into an administrator account and still using guest account to limit chances of malware s coming back. Also, the CPU and RAM shows "Not Available" in computer properties. Anyhow, here are the logs of the windows repair tool: https://www.dropbox.com/s/gl5xt79xzvudqu3/Repair_MSI_Windows_Installer.rar?dl=0






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users