Solved PC is not recognizing RAM

December 17, 2015 at 21:40:37
Specs: Windows 8 Pro 32-bit
Hi I have recently built a new pc but my pc is not using all of my ram. I have 8GB ddr4 ram but it says 920mb usable. My otherwise fast pc is now very slow because of this. I have tried using different slots as well as using 1 stick at a time but the problem remains. Any help would be great. My specs are below.


MSI X99S Krait Editon
Intel Core i7-5820k 3.3ghz
Corsair Vengeance LPX 8GB DDR4 3000mhz
MSI Geforce 980ti
1TB HDD
Ultra X3 1000W PSU
Windows 8 Pro 32bit


See More: PC is not recognizing RAM

Report •

✔ Best Answer
December 20, 2015 at 19:43:49
Since your OS is 32bit and you truly need a 64bit OS if you want to make use of your RAM, I would not bother cleaning it out but just back up any important files to an external drive, pop in the install disk, choose Custom install, Delete all partitions on the hard drive, create one new partition (reserve RAW space for any other partitions you may want), Format it, and do a clean install. Then take more care what and how you install (as above). If additional partitions are needed, use Disk Manager within Windows to do it.

You have to be a little bit crazy to keep you from going insane.



#1
December 18, 2015 at 04:14:26
The only variation I can spot, is OC > Supports Quad Channel DDR4-3333(OC) Memory
http://www.msi.com/product/motherbo...

Report •

#2
December 18, 2015 at 06:49:59
Your RAM isn't on the support list plus notice that all RAM that is listed runs at 1.2v. The RAM you bought is spec'd out at 1.35v. Try entering the BIOS & manually input the RAM settings as per the specs listed near the bottom of the 2nd page below.

http://us.msi.com/product/motherboa...

http://www.corsair.com/en-us/vengea...

EDIT: two more things: 1) why are you running a 32-bit OS with 8GB RAM? At best, only 3.5GB will be recognized. 2) Beware of that power supply.

message edited by riider


Report •

#3
December 18, 2015 at 21:42:55
You say the usable memory shows 920 meg. What does it show for installed memory? That in combination with your using a 32 bit OS may be the reason. If you're going to keep that OS you may want to drop your ram to no more than 4 gig.

Report •

Related Solutions

#4
December 18, 2015 at 21:52:29
For installed memory it shows 16gb. However I should still be getting at least 3 to 3.5. Do you think my computer has a virus? I am thinking about doing a clean install of 64bit windows.

Report •

#5
December 18, 2015 at 22:04:29
"Do you think my computer has a virus?"

Lets have a look.

Here are the first 2 steps, more steps will be needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Malwarebytes Acquires Junkware Removal Tool
https://blog.malwarebytes.org/news/...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#6
December 18, 2015 at 22:56:26
AdwCleaner Log

# AdwCleaner v5.025 - Logfile created 19/12/2015 at 22:31:58
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8 Pro (x86)
# Username : Rebel - ROBEL
# Running from : C:\Users\Rebel\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Application Updater
[-] Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files\AVG Security Toolbar
[-] Folder Deleted : C:\Program Files\IObit Apps Toolbar
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Conduit
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\Users\Rebel\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Rebel\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\Rebel\AppData\Local\Temp\Conduit
[-] Folder Deleted : C:\Users\Rebel\AppData\Local\Temp\NativeMessaging
[-] Folder Deleted : C:\Users\Rebel\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Rebel\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Rebel\AppData\Roaming\dvdvideosoftiehelpers
[-] Folder Deleted : C:\Users\Rebel\AppData\Roaming\BitLord
[-] Folder Deleted : C:\Users\Rebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
[-] Folder Deleted : C:\Users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\87i9dp3a.default\Extensions\ascsurfingprotection@iobit.com
[x] Folder Not Deleted : C:\Users\Rebel\Documents\BitLord
[-] Folder Deleted : C:\Windows\system32\ARFC
[-] Folder Deleted : C:\Windows\system32\jmdp
[-] Folder Deleted : C:\Windows\system32\WNLT

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\ProgramData\uninstaller.exe
[-] File Deleted : C:\Users\Rebel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gpiifgmgnfdiblgpaepbmfdkcheicgof_0.localstorage
[-] File Deleted : C:\Users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\87i9dp3a.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : LaunchApp
[-] Task Deleted : Optimum_Daily
[-] Task Deleted : Optimum_LogOn

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
[-] Key Deleted : HKCU\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\IObit Apps
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
[-] Key Deleted : HKCU\Software\AppDataLow\Software\IObit Apps
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKLM\SOFTWARE\IObit Apps
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B01F3F08771A494439EC8990D0180939
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B01F3F08771A494439EC8990D0180939
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B01F3F08771A494439EC8990D0180939
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

***** [ Web browsers ] *****

[-] [C:\Users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\87i9dp3a.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Rebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Rebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Rebel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\Rebel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\Rebel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nikpibnbobmbdbheedjfogjlikpgpnhp
[-] [C:\Users\Rebel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfndaklgolladniicklehhancnlgocpp

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15461 bytes] ##########


Report •

#7
December 18, 2015 at 22:56:53
JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8 Pro x86
Ran by Rebel (Administrator) on Sat 12/19/2015 at 22:49:53.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 20

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\we-care reminder (Folder)
Successfully deleted: C:\Users\Rebel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gpdgdlcjhlbaphcjmagicjhhgfnkiihp_0.localstorage (File)
Successfully deleted: C:\Users\Rebel\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\87i9dp3a.default\extensions\iobitascsurfingprotection@iobit.com (Folder)
Successfully deleted: C:\Users\Rebel\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Rebel\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster SkipUAC (Rebel) (Task)
Successfully deleted: C:\Windows\System32\Tasks\SmartDefrag3_Startup (Task)
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_Rebel (Task)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job (Task)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_Rebel.job (Task)
Successfully deleted: C:\Program Files\iobit\driver booster (Folder)
Successfully deleted: C:\Windows\prefetch\DRIVERBOOSTER.EXE-85146E71.pf (File)
Successfully deleted: C:\Windows\prefetch\DRIVERBOOSTER.TMP-F9BA8D52.pf (File)

Registry: 6

Successfully deleted: HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{c4cfc0de-134f-4466-b2a2-ff7c59a8bfad} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{77BEECE6-3997-403A-92FA-0055BFCF88E5} (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77beece6-3997-403a-92fa-0055bfcf88e5} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/19/2015 at 22:52:58.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#8
December 18, 2015 at 23:05:29
Yep, all that stuff would have been affecting performance.

Update & Run Malwarebytes Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Under Non-Malware Protection sub tab, make sure PUP and PUM entries to Treat detections as Malware are checked.
http://i.imgur.com/MKxr2K1.gif
Click on the Scan tab, then click on Scan Now >>. If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.


Report •

#9
December 19, 2015 at 00:32:37
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/19/2015
Scan Time: 11:54 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.19.02
Rootkit Database: v2015.12.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x86
File System: NTFS
User: Rebel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348183
Time Elapsed: 29 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.SnapDo, HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?p=mKO_AwFzX... Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklm31XHoHPezyxuXcoLyh8uf9z36AtrHb4-NUwcB-250bU1L-P-241sa9P5diMY0bGvslMYCys64vO-zDAfA2aylreU62MM1FuENbUlBULsNzOF9f8rSF6r_fU75VCu-FmDWpgsk9hiTMPuoMtsQqy6A_isZrHZ0oZuiHXmBiYVDmRP0Bkbcs2zg,,),Replaced,[7f6fefb70c7f2c0a8a0029603ec6d62a]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#10
December 19, 2015 at 00:41:14
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#11
December 19, 2015 at 06:09:04
You're wasting all that RAM on a 32-bit OS. As DAVEINCAPS suggested, you should remove all but 4GB RAM. Either that or upgrade to a 64-bit OS.

I also suggest you stop installing snake-oil software (Driver Booster, Optimum PC Boost) & toolbars. The other malware on your system (Conduit, Tarma Installer, WeCareReminder, etc) probably came bundled with some other software you installed & you clicked NEXT during the installation with out paying attention to what you were agreeing to. My guess is BitLord has a lot to do with it.

And consider a different anti-virus program. AVG obviously isn't doing the job.


Report •

#12
Report •

#13
December 19, 2015 at 15:42:13
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
entrusted11 Toolbar (HKLM\...\entrusted11 Toolbar) (Version: 6.12.0.11 - entrusted11) <==== ATTENTION
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\zlib.dll: DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll: SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {279db683-0d67-11e4-b02e-00508d93f9e5} - "D:\autorun.exe"
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {279db691-0d67-11e4-b02e-00508d93f9e5} - "E:\OriginInstaller.exe"
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {59640f51-b27b-11e2-afb3-806e6f6e6963} - "G:\sources\SetupError.exe" x64
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {918ff360-e458-11e2-afcb-00508d93f9e5} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {b384d1bb-6d44-11e4-b046-00508d93f9e5} - "H:\Install.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklm31XHoHPezyxuXcoLyh8uf9z36AtrHb4-NUwcB-250bU1L-P-241sa9P5diMY0bGvslMYCys64vO-zDAfA2aylreU62MM1FuENbUlBULsNzOF9f8rSF6r_fU75VCu-FmDWpgsk9hiTMPuoMtsQqy6A_isZrHZ0oZuiHXmBiYVDmRP0Bkbcs2zg,,
URLSearchHook: HKLM - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Users\Rebel\AppData\LocalLow\entrusted11\prxtbent0.dll (ClientConnect Ltd.)
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-06-19] <==== ATTENTION
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#14
December 19, 2015 at 17:22:37
Fix result of Farbar Recovery Scan Tool (x86) Version:19-12-2015
Ran by Rebel (2015-12-20 17:00:41) Run:1
Running from C:\Users\Rebel\Desktop
Loaded Profiles: Rebel (Available Profiles: Rebel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
entrusted11 Toolbar (HKLM\...\entrusted11 Toolbar) (Version: 6.12.0.11 - entrusted11) <==== ATTENTION
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\zlib.dll: DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll: SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {279db683-0d67-11e4-b02e-00508d93f9e5} - "D:\autorun.exe"
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {279db691-0d67-11e4-b02e-00508d93f9e5} - "E:\OriginInstaller.exe"
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {59640f51-b27b-11e2-afb3-806e6f6e6963} - "G:\sources\SetupError.exe" x64
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {918ff360-e458-11e2-afcb-00508d93f9e5} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\...\MountPoints2: {b384d1bb-6d44-11e4-b046-00508d93f9e5} - "H:\Install.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklm31XHoHPezyxuXcoLyh8uf9z36AtrHb4-NUwcB-250bU1L-P-241sa9P5diMY0bGvslMYCys64vO-zDAfA2aylreU62MM1FuENbUlBULsNzOF9f8rSF6r_fU75VCu-FmDWpgsk9hiTMPuoMtsQqy6A_isZrHZ0oZuiHXmBiYVDmRP0Bkbcs2zg,,
URLSearchHook: HKLM - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Users\Rebel\AppData\LocalLow\entrusted11\prxtbent0.dll (ClientConnect Ltd.)
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-06-19] <==== ATTENTION
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
*****************

Restore point was successfully created.
Processes closed successfully.
entrusted11 Toolbar (HKLM\...\entrusted11 Toolbar) (Version: 6.12.0.11 - entrusted11) <==== ATTENTION => Error: No automatic fix found for this entry.
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION => Error: No automatic fix found for this entry.
"C:\Windows\system32\zlib.dll" => ": DocumentSummaryInformation" ADS not found.
"C:\Windows\system32\zlib.dll" => ": SummaryInformation" ADS not found.
C:\Windows\system32\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
"HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{279db683-0d67-11e4-b02e-00508d93f9e5}" => key removed successfully.
HKCR\CLSID\{279db683-0d67-11e4-b02e-00508d93f9e5} => key not found.
"HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{279db691-0d67-11e4-b02e-00508d93f9e5}" => key removed successfully.
HKCR\CLSID\{279db691-0d67-11e4-b02e-00508d93f9e5} => key not found.
"HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59640f51-b27b-11e2-afb3-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{59640f51-b27b-11e2-afb3-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{918ff360-e458-11e2-afcb-00508d93f9e5}" => key removed successfully.
HKCR\CLSID\{918ff360-e458-11e2-afcb-00508d93f9e5} => key not found.
"HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b384d1bb-6d44-11e4-b046-00508d93f9e5}" => key removed successfully.
HKCR\CLSID\{b384d1bb-6d44-11e4-b046-00508d93f9e5} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully.
HKU\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{77beece6-3997-403a-92fa-0055bfcf88e5} => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully.
"HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => key removed successfully.
Firefox DefaultSearchUrl removed successfully.
Firefox "homepage" removed successfully.
C:\Program Files\mozilla firefox\firefox.cfg => moved successfully
Chrome StartupUrls => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSuggestURL => removed successfully.
EmptyTemp: => 878.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:04:53 ====


Report •

#15
December 19, 2015 at 17:37:40
Run Junkware Removal Tool again & post the log please.

Report •

#16
December 19, 2015 at 17:47:44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8 Pro x86
Ran by Rebel (Administrator) on Sun 12/20/2015 at 17:39:31.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 2

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Rebel\AppData\Roaming\productdata (Folder)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/20/2015 at 17:43:24.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#17
December 19, 2015 at 17:51:53
Next, run AdwCleaner again.

Report •

#18
December 19, 2015 at 18:13:50
# AdwCleaner v5.025 - Logfile created 20/12/2015 at 18:04:02
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8 Pro (x86)
# Username : Rebel - ROBEL
# Running from : C:\Users\Rebel\Downloads\AdwCleaner (2).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[x] Folder Not Deleted : C:\Users\Rebel\Documents\BitLord

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [794 bytes] ##########


Report •

#19
December 19, 2015 at 18:29:57
Nearly finished the cleaning process.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The log can be large, upload it using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#20
December 19, 2015 at 21:59:17
http://www76.zippyshare.com/v/ZUOwa...

Report •

#21
December 20, 2015 at 01:26:49
Please download SystemLook from one of the links below and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
SystemLook (32-bit)
http://downloads.malwareremoval.com...
http://images.malwareremoval.com/jp...
SS ( Screenshot )
http://i.imgur.com/CaJ7H0p.gif
Double-click SystemLook.exe to run it.
Or, Right click on SystemLook.exe, click > Run As Administrator.
Copy the content of the following into the main textfield:

:filefind
*SweetPacks*
:folderfind
*SweetPacks*
:regfind
SweetPacks
:filefind
*SweetIM*
:regfind
SweetIM
:folderfind
*SweetIM*

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please Copy & Paste the contents of the log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

message edited by Johnw


Report •

#22
December 20, 2015 at 15:57:46
SystemLook 04.09.10 by jpshortstuff
Log created at 15:32 on 21/12/2015 by Rebel
Administrator - Elevation successful

========== filefind ==========

Searching for "*SweetPacks*"
No files found.

========== folderfind ==========

Searching for "*SweetPacks*"
No folders found.

========== regfind ==========

Searching for "SweetPacks"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={26EFF3E5-A143-11E2-AFAD-00508D93F9E5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Avast Software\WRC\RatingStorage\<|prefix|>res://ieframe.dll/dnserror.htm#http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={26EFF3E5-A143-11E2-AFAD-00508D93F9E5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Avast Software\WRC\RatingStorage\start.sweetpacks.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Updater By SweetPacks]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Updater By SweetPacks\script_storage]
"product_name"="Updater By SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80F3F10B-A177-4494-93CE-98090D819093}]
"DisplayName"="Internet Explorer Toolbar 4.7 by SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Updater By SweetPacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Updater By SweetPacks]
"product_name"="Updater By SweetPacks"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks]
[HKEY_USERS\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={26EFF3E5-A143-11E2-AFAD-00508D93F9E5}]
[HKEY_USERS\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Avast Software\WRC\RatingStorage\<|prefix|>res://ieframe.dll/dnserror.htm#http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={26EFF3E5-A143-11E2-AFAD-00508D93F9E5}]
[HKEY_USERS\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Avast Software\WRC\RatingStorage\start.sweetpacks.com]
[HKEY_USERS\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Updater By SweetPacks]
[HKEY_USERS\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Updater By SweetPacks\script_storage]
"product_name"="Updater By SweetPacks"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks]

========== filefind ==========

Searching for "*SweetIM*"
No files found.

========== regfind ==========

Searching for "SweetIM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\SweetIM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80F3F10B-A177-4494-93CE-98090D819093}]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80F3F10B-A177-4494-93CE-98090D819093}]
"HelpLink"="http://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80F3F10B-A177-4494-93CE-98090D819093}]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80F3F10B-A177-4494-93CE-98090D819093}]
"URLInfoAbout"="http://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80F3F10B-A177-4494-93CE-98090D819093}]
"URLUpdateInfo"="http://www.sweetim.com"
[HKEY_USERS\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1848885102-2816399840-3375884658-1001\Software\SweetIM]

========== folderfind ==========

Searching for "*SweetIM*"
No folders found.

-= EOF =-


Report •

#23
December 20, 2015 at 18:40:31
Run a scan with Avast & post the log please.

Here is extra info, try these ways as well.
How to Get Rid of Sweetpacks Toolbar & Start.sweetpacks.com Virus
http://www.wikihow.com/Get-Rid-of-S...

After the above, run SystemLook again.

:regfind
SweetPacks
:regfind
SweetIM


message edited by Johnw


Report •

#24
December 20, 2015 at 19:43:49
✔ Best Answer
Since your OS is 32bit and you truly need a 64bit OS if you want to make use of your RAM, I would not bother cleaning it out but just back up any important files to an external drive, pop in the install disk, choose Custom install, Delete all partitions on the hard drive, create one new partition (reserve RAW space for any other partitions you may want), Format it, and do a clean install. Then take more care what and how you install (as above). If additional partitions are needed, use Disk Manager within Windows to do it.

You have to be a little bit crazy to keep you from going insane.


Report •

#25
December 23, 2015 at 21:24:58
Hey I really appreciate all the help you guys have given me. I backed up the data I needed and installed a new windows. My computer is now using all of my memory. Thanks everyone.

message edited by robel14


Report •

Ask Question