User Tag List

Do I have a virus?

This is a discussion on Do I have a virus? within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there, my computer is really slow. To open a Firefox window it takes 1-2 minutes and same with internal


 
 
Thread Tools Search this Thread
Old 05-12-2015, 05:36 AM   #1
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



Hi there,

my computer is really slow. To open a Firefox window it takes 1-2 minutes and same with internal computer documents and so on.
Very ofter comp. freezes and has a message "Firefox is not responding"

Very frustrated.

My operational system is

Acer AOD270
Processor - Intel Atom CPU N 2600
Memory - 1GB
32 bit op system
Win 7 Starter
Service Pack 1


I downloaded dds.txt...

Any help would be appreciated.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17728
Run by js at 15:17:49 on 2015-05-12
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [AdobeBridge] <no file>
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957}\A457C6965614E6464456E6963756 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957}\F45316 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\js\appdata\roaming\mozilla\firefox\profiles\81ax6hui.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DsiWMIService;Dritek WMI Service
R? GamesAppService;GamesAppService
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? MBAMSwissArmy;MBAMSwissArmy
R? SkypeUpdate;Skype Updater
R? SwitchBoard;SwitchBoard
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WDC_SAM;WD SCSI Pass Thru driver
R? wlcrasvc;Windows Live Mesh remote connections service
S? BazisVirtualCDBus;WinCDEmu Virtual Bus Driver
S? ePowerSvc;ePower Service
S? GREGService;GREGService
S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
S? IconMan_R;IconMan_R
S? igddim32;igddim32
S? igdkmd32;igdkmd32
S? IntcDAud;Intel(R) Display Audio
S? Live Updater Service;Live Updater Service
S? RS_Service;Raw Socket Service
S? RSPCIESTOR;Realtek PCIE CardReader Driver
S? RTL8167;Realtek 8167 NT Driver
.
=============== Created Last 30 ================
.
2015-05-12 12:08:59 93808 ----a-w- c:\program files\mozilla firefox\updated\nssdbm3.dll
2015-05-12 12:03:04 9201616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a855c2a8-8e81-4ec4-a76b-02b685edf081}\mpengine.dll
2015-04-21 18:11:36 9201616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8adc1390-b856-42bf-b9ff-2078fb60574c}\mpengine.dll
2015-04-20 12:21:31 -------- d-----w- C:\AdwCleaner
2015-04-18 05:32:48 -------- d-----r- c:\program files\Skype
2015-04-18 05:27:40 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-04-18 05:27:39 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-04-18 05:27:39 630784 ----a-w- c:\windows\system32\invagent.dll
2015-04-18 05:27:39 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-04-18 05:27:39 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-04-18 05:27:38 331264 ----a-w- c:\windows\system32\devinv.dll
2015-04-18 05:27:37 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-04-18 05:27:35 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-04-18 05:27:35 159744 ----a-w- c:\windows\system32\aepic.dll
2015-04-18 05:27:11 249784 ----a-w- c:\windows\system32\clfs.sys
2015-04-18 05:27:07 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-18 05:24:14 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-04-18 05:21:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-04-18 05:21:25 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-04-18 05:21:25 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-04-18 05:21:24 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-04-18 05:21:24 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-04-18 05:21:24 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-04-18 05:20:50 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-18 05:20:48 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-18 05:20:47 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
==================== Find3M ====================
.
2015-03-17 05:01:09 3976632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:01:08 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:01:08 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 04:59:26 1306112 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 04:57:25 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 04:57:21 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 04:57:20 43008 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 04:57:20 400896 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 04:57:20 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 04:57:20 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 04:57:17 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57:17 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 04:57:12 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 04:57:11 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 04:57:07 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 04:57:07 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 04:56:59 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 04:56:59 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 04:56:43 69632 ----a-w- c:\windows\system32\smss.exe
2015-03-17 04:56:38 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 04:56:28 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 04:56:15 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 04:53:35 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 04:53:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 04:50:47 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 04:50:43 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-13 03:42:18 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-03-13 03:42:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-03-13 03:28:48 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-03-13 03:28:37 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-03-13 03:27:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-03-13 03:27:35 340992 ----a-w- c:\windows\system32\html.iec
2015-03-13 03:26:19 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-03-13 03:16:26 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-03-13 03:16:24 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-03-13 03:15:40 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-03-13 03:09:27 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-13 03:01:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21 4305408 ----a-w- c:\windows\system32\jscript9.dll
2015-03-13 02:43:41 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-03-13 02:42:47 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-03-13 02:20:28 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-02-26 03:11:26 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 01:23:36 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:13:52 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13:49 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09:16 299008 ----a-w- c:\windows\system32\atmfd.dll
2014-05-20 17:12:20 6103040 ----a-w- c:\program files\GUTC6F.tmp
.
============= FINISH: 15:20:42.44 ===============
Attached Files
File Type: txt attach.txt (3.3 KB, 35 views)
yellowyellow18 is offline  
Sponsored Links
Advertisement
 
Old 05-18-2015, 11:47 AM   #2
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



"BUMP, please"

Thnx
yellowyellow18 is offline  
Old 05-19-2015, 10:39 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

Let me know your intentions for an antivirus program, and/or if you need a suggestion.

------------------------------------------------------

I'm not seeing any sign of infection in your logs. We'll see what turns up.

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Your WMI(Windows Management Instrumentation) appears to not be working properly.

This will attempt to fix it, however a repair install/reinstall/factory restore is sometimes needed to fix it.

Go Start and type cmd then right-click cmd.exe and choose 'Run as administrator'.

Type the following at the command prompt and press 'Enter'(note the space):

winmgmt /standalonehost

When finished, type the following at the command prompt and press 'Enter'(note the space):

winmgmt /resetrepository

When finished, type exit and press 'Enter'.

Reboot your machine. Please run dds again and post/attach the logs as before.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 05-21-2015, 03:38 AM   #4
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



Hi there,

about the antivirus, I thought I have a free Avast version, because its behaving as it is scanning computer, protecting and so on. Always see windows popping out about the "action".
Perhaps I downloaded something just pretending to be Avast.


I did the cmd running in machine. Restarted again. Computer does not seems to change. It still shows firefox not responding even I move a cursor to move a page up/down.

I did AdwCleaner scan as well.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17728
Run by js at 12:34:15 on 2015-05-21
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k winmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [AdobeBridge] <no file>
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957}\A457C6965614E6464456E6963756 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957}\F45316 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\js\appdata\roaming\mozilla\firefox\profiles\81ax6hui.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DsiWMIService;Dritek WMI Service
R? GamesAppService;GamesAppService
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? MBAMSwissArmy;MBAMSwissArmy
R? SkypeUpdate;Skype Updater
R? SwitchBoard;SwitchBoard
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WDC_SAM;WD SCSI Pass Thru driver
R? wlcrasvc;Windows Live Mesh remote connections service
S? BazisVirtualCDBus;WinCDEmu Virtual Bus Driver
S? ePowerSvc;ePower Service
S? GREGService;GREGService
S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
S? IconMan_R;IconMan_R
S? igddim32;igddim32
S? igdkmd32;igdkmd32
S? IntcDAud;Intel(R) Display Audio
S? Live Updater Service;Live Updater Service
S? RS_Service;Raw Socket Service
S? RSPCIESTOR;Realtek PCIE CardReader Driver
S? RTL8167;Realtek 8167 NT Driver
.
=============== Created Last 30 ================
.
2015-05-12 16:10:17 -------- d-----w- c:\users\js\appdata\local\{9DED164B-7707-4E66-9F16-AA59D226BCB8}
2015-05-12 12:08:59 93808 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2015-05-12 12:03:04 9201616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a855c2a8-8e81-4ec4-a76b-02b685edf081}\mpengine.dll
.
==================== Find3M ====================
.
2015-03-25 03:00:57 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00:57 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00:57 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00:27 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00:18 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-23 0347 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 0332 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 0326 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 0322 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 0321 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 0321 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 0321 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59:03 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 05:01:09 3976632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:01:08 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:01:08 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 04:59:26 1306112 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 04:57:25 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 04:57:21 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 04:57:20 43008 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 04:57:20 400896 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 04:57:20 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 04:57:20 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 04:57:17 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57:17 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 04:57:12 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 04:57:11 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 04:57:07 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 04:57:07 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 04:56:59 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 04:56:59 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 04:56:43 69632 ----a-w- c:\windows\system32\smss.exe
2015-03-17 04:56:38 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 04:56:28 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 04:56:15 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 04:53:35 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 04:53:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 04:50:47 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 04:50:43 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-13 03:42:18 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-03-13 03:42:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-03-13 03:28:48 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-03-13 03:28:37 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-03-13 03:27:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-03-13 03:27:35 340992 ----a-w- c:\windows\system32\html.iec
2015-03-13 03:26:19 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-03-13 03:16:26 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-03-13 03:16:24 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-03-13 03:15:40 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-03-13 03:09:27 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-13 03:01:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21 4305408 ----a-w- c:\windows\system32\jscript9.dll
2015-03-13 02:43:41 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-03-13 02:42:47 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-03-13 02:20:28 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-03-10 03:08:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 0401 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 04:16:14 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:10:54 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-02-26 03:11:26 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-25 03:03:14 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-02-24 01:23:36 246920 ------w- c:\windows\system32\MpSigStub.exe
2014-05-20 17:12:20 6103040 ----a-w- c:\program files\GUTC6F.tmp
.
============= FINISH: 12:44:49.20 ===============

# AdwCleaner v4.204 - Logfile created 21/05/2015 at 12:55:05
# Updated 12/05/2015 by Xplode
# Database : 2015-05-20.1 [Server]
# Operating system : Windows 7 Starter Service Pack 1 (x86)
# Username : js - JS-PC
# Running from : C:\Users\js\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


*************************

AdwCleaner[R0].txt - [19762 bytes] - [20/04/2015 15:21:36]
AdwCleaner[R1].txt - [861 bytes] - [21/05/2015 12:45:31]
AdwCleaner[S0].txt - [20445 bytes] - [20/04/2015 15:51:02]
AdwCleaner[S1].txt - [787 bytes] - [21/05/2015 12:55:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [845 bytes] ##########



.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer VCM
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Photoshop Lightroom 4.4
Adobe Reader X (10.1.0) MUI
Akhra: The Treasures
Alice's Magical Mahjong
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 3
Bonjour
Chuzzle Deluxe
D3DX10
Diego's Ultimate Rescue
Final Drive: Nitro
Fooz Kids Platform
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Earth Plug-in
Google Update Helper
Identity Card
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 37.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
My Farm Life
My Kingdom for the Princess 3
PDF Settings CS6
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Running Sheep
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Shared C Run-time for x86
Skip-Bo - Castaway Caper
Skype™ 7.0
Slingo Deluxe
Super Granny 6
Synaptics Pointing Device Driver
Update Installer for WildTangent Games App
VLC media player 2.0.5
Wedding Dash
Welcome Center
WildTangent Games App (Acer Games)
WinCDEmu
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================



yellowyellow18 is offline  
Old 05-21-2015, 04:32 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello yellowyellow18. Unfortunately, those last instructions didn't fix your WMI.

I don't see any sign of avast running on your machine, and it isn't listed as installed.

Can you post a pic of whatever is pretending to be avast?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2015, 06:00 AM   #6
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



Hi there,

sorry I realized it is only "avast free setup online" link on my desktop.
I should continue to instal it, shouldn't I?

yellowyellow18 is offline  
Old 05-21-2015, 06:15 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, yellowyellow18. Yes, please do.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2015, 09:49 AM   #8
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



Hello there chemist and thank you again.

I am attaching a combofix result and installing avast as well.



ComboFix 15-05-19.01 - js 21/05/2015 18:14:33.1.4 - x86
Running from: c:\users\js\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-04-21 to 2015-05-21 )))))))))))))))))))))))))))))))
.
.
2015-05-21 16:30 . 2015-05-21 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-21 10:05 . 2015-05-03 03:42 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04D1E3AC-BF11-4C48-B591-54064B87161B}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 03:00 . 2015-04-18 05:21 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-18 05:21 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-18 05:21 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-18 05:21 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-18 05:21 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-18 05:21 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-18 05:21 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-18 05:21 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-18 05:21 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-18 05:21 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-18 05:21 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-18 05:27 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-18 05:27 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-18 05:27 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-18 05:27 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-18 05:27 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-18 05:27 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06 . 2015-04-18 05:27 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59 . 2015-04-18 05:27 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 05:01 . 2015-04-18 05:26 3920824 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:01 . 2015-04-18 05:26 3976632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-17 05:01 . 2015-04-18 05:26 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 05:01 . 2015-04-18 05:26 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 04:59 . 2015-04-18 05:26 1306112 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 04:57 . 2015-04-18 05:26 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 04:57 . 2015-04-18 05:26 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 04:57 . 2015-04-18 05:26 400896 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 04:57 . 2015-04-18 05:26 43008 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 04:57 . 2015-04-18 05:26 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 04:57 . 2015-04-18 05:26 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 04:57 . 2015-04-18 05:26 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57 . 2015-04-18 05:26 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 04:57 . 2015-04-18 05:26 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 04:57 . 2015-04-18 05:26 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 04:57 . 2015-04-18 05:26 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 04:57 . 2015-04-18 05:26 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 04:56 . 2015-04-18 05:26 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 04:56 . 2015-04-18 05:26 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 04:56 . 2015-04-18 05:26 69632 ----a-w- c:\windows\system32\smss.exe
2015-03-17 04:56 . 2015-04-18 05:26 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 04:56 . 2015-04-18 05:26 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 04:56 . 2015-04-18 05:26 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 04:53 . 2015-04-18 05:26 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 04:53 . 2015-04-18 05:26 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 04:50 . 2015-04-18 05:26 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 04:50 . 2015-04-18 05:26 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-13 03:42 . 2015-04-18 05:23 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-03-13 03:42 . 2015-04-18 05:23 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-03-13 03:28 . 2015-04-18 05:23 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-03-13 03:28 . 2015-04-18 05:23 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-03-13 03:27 . 2015-04-18 05:24 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-03-13 03:27 . 2015-04-18 05:23 340992 ----a-w- c:\windows\system32\html.iec
2015-03-13 03:26 . 2015-04-18 05:23 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-03-13 03:16 . 2015-04-18 05:24 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-03-13 03:16 . 2015-04-18 05:24 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-03-13 03:15 . 2015-04-18 05:24 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-03-13 03:09 . 2015-04-18 05:24 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-13 03:01 . 2015-04-18 05:24 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 02:49 . 2015-04-18 05:23 4305408 ----a-w- c:\windows\system32\jscript9.dll
2015-03-13 02:43 . 2015-04-18 05:23 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-03-13 02:42 . 2015-04-18 05:23 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-03-13 02:20 . 2015-04-18 05:23 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-03-10 03:08 . 2015-04-18 05:20 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-18 05:20 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06 . 2015-04-18 05:24 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 04:16 . 2015-04-18 05:27 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:10 . 2015-04-18 05:27 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-02-26 03:11 . 2015-03-29 17:49 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-25 03:03 . 2015-04-18 05:20 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-02-24 01:23 . 2012-12-24 12:12 246920 ------w- c:\windows\system32\MpSigStub.exe
2014-05-20 17:12 . 2014-05-20 17:12 6103040 ----a-w- c:\program files\GUTC6F.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-02-11 . 9AEA093B8F9C37CF45538382CABA2475 . 317440 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe
[7] 2012-02-11 . CAE10A25F936C053E41CBE0FA06FF15D . 317952 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe
[7] 2010-11-20 . 866A43013535DC8587C258E43579C764 . 317440 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-30 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-30 168960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-30 161280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^js^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\js\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 14:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-10 00:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-06 08:52 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfxServiceInstall]
2011-12-30 09:50 131 ----a-w- c:\windows\System32\GfxCUIServiceInstall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-06 16:27 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2011-07-01 02:51 1103440 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
2011-08-02 20:00 715368 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-18 00:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-05-18 10:21 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 08:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-10-08 10:31 1934632 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 739944]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-12-30 1338368]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-12-30 418816]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-09 278528]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
winmgmt REG_MULTI_SZ winmgmt
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 22:21]
.
2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 22:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\js\AppData\Roaming\Mozilla\Firefox\Profiles\81ax6hui.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-BitTorrent - c:\users\js\AppData\Local\Temp\utt34E6.tmp.exe
MSConfigStartUp-Norton Online Backup - c:\program files\Symantec\Norton Online Backup\NOBuClient.exe
MSConfigStartUp-SuiteTray - c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-21 18:37:16
ComboFix-quarantined-files.txt 2015-05-21 16:37
.
Pre-Run: 49,148,231,680 bytes free
Post-Run: 50,747,478,016 bytes free
.
- - End Of File - - 0E905A4C70D69801A2557513BB4FCF90
A36C5E4F47E84449FF07ED3517B43A31
yellowyellow18 is offline  
Old 05-21-2015, 10:50 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, yellowyellow18. You're very welcome.

Go StartSearch and type cmd into the StartSearch box.

Right-click cmd.exe and choose 'Run as administrator'.

Copy the following single-line command:

net start > 0 & notepad 0

Right-click the cursor in the command window > Paste and press 'Enter'.

Type exit and press 'Enter'.

A log should open. Please post the contents of the log in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-22-2015, 11:47 AM   #10
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



Hello chemist and thanks again.
I am attaching a log from cmd.
The computer is still slow. Do you think adding a more memory would help?



These Windows services are started:

Apple Mobile Device
Application Experience
Avast Antivirus
Background Intelligent Transfer Service
Base Filtering Engine
CNG Key Isolation
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Distributed Link Tracking Client
DNS Client
ePower Service
Extensible Authentication Protocol
Function Discovery Resource Publication
GREGService
Group Policy Client
Human Interface Device Access
IconMan_R
IKE and AuthIP IPsec Keying Modules
IPsec Policy Agent
Live Updater Service
Microsoft .NET Framework NGEN v4.0.30319_X86
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Plug and Play
Power
Program Compatibility Assistant Service
Raw Socket Service
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Server
Shell Hardware Detection
Software Protection
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Themes
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Defender
Windows Error Reporting Service
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Media Player Network Sharing Service
Windows Modules Installer
Windows Search
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation

The command completed successfully.
yellowyellow18 is offline  
Old 05-23-2015, 03:58 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, yellowyellow18. You're very welcome.

I know you are anxious to address the speed of the machine, but there are a few things we need to do first.

------------------------------------------------------

Press the Windows "logo" key and "R" key copy/paste the following entries one at a time into the Run box and press Enter:

cmd /c sc config winmgmt start= auto

cmd /c sc start winmgmt

Reboot your machine.

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-24-2015, 11:31 PM   #12
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



Hello there chemist and thanks again.

Yes, I might be bit anxious. Yesterday took me almost 50 minutes just to do steps cmd /c sc config winmgmt start= auto and cmd /c sc start winmgmt and Farbar Recovery Scan Tool scanning. Computer was frozen constantly even on simple step like copy and paste.
Sometimes I have a message "unresponsive script" along with "Mozilla not responding".

Here are the attached logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
Ran by js (administrator) on JS-PC on 24-05-2015 22:52:42
Running from C:\Users\js\Downloads
Loaded Profiles: js (Available Profiles: js)
Platform: Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-21] (Avast Software s.r.o.)
HKU\S-1-5-21-3473282817-218093241-1992745050-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-21] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3473282817-218093241-1992745050-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = msn
HKU\S-1-5-21-3473282817-218093241-1992745050-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = https://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3473282817-218093241-1992745050-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121216080524.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\js\AppData\Roaming\Mozilla\Firefox\Profiles\81ax6hui.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll [2012-12-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-31] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-14] (Apple Inc.)
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\js\AppData\Roaming\Mozilla\Firefox\Profiles\81ax6hui.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-02-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\js\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-11-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-21]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\js\AppData\Local\Wajam\Chrome\wajam.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit14.crx [Not Found]
CHR HKU\S-1-5-21-3473282817-218093241-1992745050-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\js\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-11-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-21] (Avast Software s.r.o.)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-08-02] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.) []
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-21] ()
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\js\AppData\Local\Temp\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 22:52 - 2015-05-24 23:01 - 00011057 _____ () C:\Users\js\Downloads\FRST.txt
2015-05-24 22:51 - 2015-05-24 22:53 - 00000000 ____D () C:\FRST
2015-05-24 22:46 - 2015-05-24 22:47 - 01146880 _____ (Farbar) C:\Users\js\Downloads\FRST.exe
2015-05-22 20:40 - 2015-05-22 20:40 - 00001790 _____ () C:\Users\js\0
2015-05-21 20:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 20:27 - 2015-05-21 20:43 - 00000000 ____D () C:\6dd25af39f24f1edf7ae5304d6d2
2015-05-21 18:52 - 2015-05-21 18:52 - 00000000 ____D () C:\Users\js\AppData\Roaming\AVAST Software
2015-05-21 18:50 - 2015-05-21 18:50 - 00002079 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-21 18:50 - 2015-05-21 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-21 18:49 - 2015-05-21 18:49 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-21 18:49 - 2015-05-21 18:49 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-21 18:49 - 2015-05-21 18:49 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-21 18:49 - 2015-05-21 18:49 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-21 18:49 - 2015-05-21 18:49 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-21 18:49 - 2015-05-21 18:49 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-21 18:49 - 2015-05-21 18:49 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-21 18:49 - 2015-05-21 18:49 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-21 18:49 - 2015-05-21 18:49 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-21 18:49 - 2015-05-21 18:49 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-21 18:41 - 2015-05-21 18:41 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-21 18:37 - 2015-05-21 18:37 - 00015700 _____ () C:\ComboFix.txt
2015-05-21 18:10 - 2015-05-21 18:37 - 00000000 ____D () C:\Qoobox
2015-05-21 18:10 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-21 18:10 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-21 18:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-21 18:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-21 18:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-21 18:10 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-21 18:10 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-21 18:10 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-21 18:09 - 2015-05-21 18:33 - 00000000 ____D () C:\Windows\erdnt
2015-05-21 18:08 - 2015-05-21 18:08 - 05627500 ____R (Swearware) C:\Users\js\Downloads\ComboFix.exe
2015-05-21 12:34 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-21 12:34 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-21 12:34 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-21 12:34 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-21 12:34 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-21 12:34 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-21 12:34 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-21 12:34 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-21 12:34 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-21 12:34 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-21 12:34 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-21 12:34 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-21 12:34 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-21 12:34 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-21 12:34 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-21 12:34 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-21 12:34 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-21 12:34 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-21 12:34 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-21 12:34 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-21 12:34 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-21 12:34 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-21 12:34 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-21 12:34 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-21 12:34 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-21 12:34 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-21 12:34 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-21 12:34 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-21 12:34 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-21 12:34 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-21 12:34 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-21 12:34 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-21 12:32 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-21 12:32 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-21 12:32 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-21 12:32 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-21 12:31 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-21 12:31 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-21 12:31 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-21 12:31 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-21 12:31 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-21 12:31 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-21 12:31 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-21 12:31 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-21 12:31 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-21 12:31 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-21 12:31 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-21 12:31 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-21 12:29 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-21 12:29 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-21 12:29 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-21 12:29 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-21 12:28 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-21 12:27 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-21 12:22 - 2015-05-21 12:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-21 11:42 - 2015-05-21 11:42 - 02209792 _____ () C:\Users\js\Downloads\AdwCleaner.exe
2015-05-21 11:29 - 2015-05-21 11:31 - 00688992 ____R (Swearware) C:\Users\js\Downloads\dds(2).scr
2015-05-12 18:10 - 2015-05-12 18:10 - 00000000 ____D () C:\Users\js\AppData\Local\{9DED164B-7707-4E66-9F16-AA59D226BCB8}
2015-05-12 17:27 - 2015-05-12 18:00 - 00002091 _____ () C:\Users\js\Documents\Article Jelena Sabova.txt
2015-05-12 15:14 - 2015-05-12 15:14 - 00000000 ____D () C:\Users\js\Documents\tispp1953
2015-05-12 14:20 - 2015-05-21 11:45 - 00003428 _____ () C:\Users\js\Desktop\attach.txt
2015-05-12 14:20 - 2015-05-21 11:44 - 00010613 _____ () C:\Users\js\Desktop\dds.txt
2015-05-12 14:17 - 2015-05-12 14:17 - 00688992 ____R (Swearware) C:\Users\js\Downloads\dds(1).scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 22:54 - 2012-02-13 13:32 - 01778797 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 22:48 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 22:48 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 22:39 - 2012-12-29 00:21 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 22:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 22:39 - 2009-07-14 06:39 - 00052339 _____ () C:\Windows\setupact.log
2015-05-24 22:14 - 2012-12-29 00:21 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 09:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-22 20:40 - 2012-12-12 06:12 - 00000000 ____D () C:\Users\js
2015-05-22 20:31 - 2009-07-14 06:33 - 03660912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-22 20:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-22 20:27 - 2010-11-20 23:48 - 00080656 _____ () C:\Windows\PFRO.log
2015-05-21 20:43 - 2013-07-16 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-21 20:28 - 2012-12-16 18:43 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-21 20:22 - 2015-04-05 07:05 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-21 20:18 - 2010-11-20 23:01 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 18:38 - 2012-12-12 07:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-21 18:37 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-21 18:37 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-21 18:30 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-21 18:04 - 2013-01-27 06:59 - 00000000 ____D () C:\Users\js\AppData\Roaming\vlc
2015-05-21 11:55 - 2015-04-20 14:21 - 00000000 ____D () C:\AdwCleaner
2015-05-13 12:20 - 2012-12-27 05:39 - 00000000 ____D () C:\Users\js\AppData\Local\Adobe
2015-05-12 19:18 - 2012-12-16 22:46 - 00000000 ____D () C:\Users\js\AppData\Roaming\Skype
2015-05-12 18:10 - 2014-04-09 07:41 - 00000000 ____D () C:\Users\js\AppData\Local\Windows Live
2015-05-12 13:53 - 2014-03-20 04:33 - 00000000 ____D () C:\Users\js\AppData\Roaming\Flir

==================== Files in the root of some directories =======

2014-05-20 19:12 - 2014-05-20 19:12 - 6103040 _____ () C:\Program Files\GUTC6F.tmp
2014-03-02 17:51 - 2014-03-02 17:51 - 0000045 _____ () C:\Users\js\AppData\Roaming\WB.CFG

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-12 15:41

==================== End of log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by js at 2015-05-24 23:04:13
Running from C:\Users\js\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3473282817-218093241-1992745050-500 - Administrator - Disabled)
Guest (S-1-5-21-3473282817-218093241-1992745050-501 - Limited - Disabled)
js (S-1-5-21-3473282817-218093241-1992745050-1000 - Administrator - Enabled) => C:\Users\js

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.5.2108.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 20.12.0110.1025 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 (HKLM\...\{FA6F726E-AA8D-492A-B18A-A5945C337FCE}) (Version: 4.4.1 - Adobe)
Adobe Reader X (10.1.0) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Akhra: The Treasures (Version: 2.2.0.98 - WildTangent) Hidden
Alice's Magical Mahjong (Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 3 (Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diego's Ultimate Rescue (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive: Nitro (Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids Platform (HKLM\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1065 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.7 - Acer Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D03632B5-1DA9-4536-976D-604719500C45}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
My Farm Life (Version: 2.2.0.97 - WildTangent) Hidden
My Kingdom for the Princess 3 (Version: 2.2.0.98 - WildTangent) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6374 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Running Sheep (Version: 2.2.0.98 - WildTangent) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skip-Bo - Castaway Caper (Version: 2.2.0.95 - WildTangent) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Super Granny 6 (Version: 2.2.0.97 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wedding Dash (Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (Version: 4.0.5.32 - WildTangent) Hidden
WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13756167-B9D6-4D89-8384-8FAE1D9F6DD0} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {22E5701F-389A-4027-A772-97CEBFD2CBEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {6893EF89-222C-4F40-A748-1E8F037E7005} - System32\Tasks\AdobeAAMUpdater-1.0-js-PC-js => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {8C5EA2D1-29E8-4CB3-8F11-09C200CDB6EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {A095C774-F8C0-49CB-B242-47F1E1E56699} - System32\Tasks\{E350ED70-0D62-4075-9D8E-64B3123B8E2C} => pcalua.exe -a "C:\Users\js\Downloads\kaspersky antivirus 2010 + key 2010\kav9.0.0.736en.exe" -d "C:\Users\js\Downloads\kaspersky antivirus 2010 + key 2010"
Task: {D3202538-AE8F-4E63-9CFE-57CDB92979AF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {E149D4D6-3485-4AE7-B3B9-E25D490C5BF8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-21] (Avast Software s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-21 18:49 - 2015-05-21 18:49 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-21 18:49 - 2015-05-21 18:49 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-24 22:19 - 2015-05-24 22:19 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052401\algo.dll
2014-02-06 10:52 - 2014-02-06 10:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 10:52 - 2014-02-06 10:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-21 18:49 - 2015-05-21 18:49 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3473282817-218093241-1992745050-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.100.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^js^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GfxServiceInstall => C:\Windows\system32\GfxCUIServiceInstall.vbs
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{32316A1E-E0F1-48D3-A7BF-176165ED871D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{196AD412-EA05-4A5D-9B0B-190DCB8AC7BC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{BFA5A030-2B4B-48E7-B881-598D132E046D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FFF9A17D-E9B8-4FEB-BABD-04B387523F93}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ED131962-FF92-4ED6-BC9F-51AE1381C7BB}] => (Allow) LPort=2869
FirewallRules: [{C6549988-8F93-4CED-8238-D26CA0416AD9}] => (Allow) LPort=1900
FirewallRules: [{4760E619-93F4-40E4-8A82-ED58ED3B9891}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{1A4B9F3D-DBD7-4F4E-999D-1D9E5EA16078}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{3F42F3A3-FF02-469B-9308-B5BA44FDE8F6}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{340AE137-215F-434B-811D-EA86A9F02DE4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{BA15C16C-81D4-400F-99AB-12AAF76C9EC8}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{09E58811-C919-4D2A-8B26-4D142FE4161F}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [{8143119B-1CBC-4B33-BE2E-F431676E5CF3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0AAAE00A-EE00-4D5E-839E-0B4917E2BF88}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CA062884-D294-48BF-B29D-7DE17EAF96FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 08:37:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020

Error: (05/21/2015 0627 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: mydocs.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7b8fb
Exception code: 0xc0000005
Fault offset: 0x6976eb75
Faulting process id: 0xae8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (05/21/2015 11:59:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 11:25:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 11:20:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:00:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 00:19:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59364527

Error: (05/13/2015 00:19:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59364527

Error: (05/13/2015 00:19:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/12/2015 07:27:55 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422


System errors:
=============
Error: (05/24/2015 10:47:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083

Error: (05/24/2015 10:47:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083


Microsoft Office:
=========================
Error: (05/22/2015 08:37:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (05/21/2015 0627 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7mydocs.dll_unloaded0.0.0.04ce7b8fbc00000056976eb75ae801d093acebeed6bfC:\Windows\Explorer.EXEmydocs.dll55864f41-ffd3-11e4-84f6-047d7b51ac9f

Error: (05/21/2015 11:59:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 11:25:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 11:20:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:00:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 00:19:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59364527

Error: (05/13/2015 00:19:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59364527

Error: (05/13/2015 00:19:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/12/2015 07:27:55 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422


CodeIntegrity Errors:
===================================
Date: 2013-02-21 20:00:18.287
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.256
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.162
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.162
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 20:00:18.131
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N2600 @ 1.60GHz
Percentage of memory in use: 75%
Total physical RAM: 1012.3 MB
Available physical RAM: 251.33 MB
Total Pagefile: 2036.3 MB
Available Pagefile: 983.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.7 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:46.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3FB76DB6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End of log ============================



Farbar Service Scanner Version: 17-01-2015
Ran by js (administrator) on 25-05-2015 at 0832
Running from "C:\Users\js\Downloads"
Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
yellowyellow18 is offline  
Old 05-25-2015, 11:24 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, yellowyellow18. You're very welcome.

Open TaskManager and under the Processes tab, tell us what process(es) is using most or all of your CPU.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-25-2015, 12:25 PM   #14
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



Hi there chemist,

these are the processes with most memory usage:

firefox.exe 193 063.... it is changing, but the number is aprox

flash player plug in_5_502_135 aprx 15 000 memory

explorer. exe aprx 12-15 000 mem

csrss.exe aprx 3 000 mem

avast.exe 3000 mem


it shows cpu 25% physical memory 97%
yellowyellow18 is offline  
Old 05-25-2015, 12:36 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Tell me the CPU usage, not memory. What's using 25% CPU?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-25-2015, 12:43 PM   #16
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



CPU - System Idle P... 98% and it is changing 70-and up
yellowyellow18 is offline  
Old 05-25-2015, 12:52 PM   #17
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



and I might not know

csrss.exe 2%
firefox.exe 18%
system 2%
plug in container 2%
flash player 2%

could it be?
yellowyellow18 is offline  
Old 05-25-2015, 01:15 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, yellowyellow18. Those are fairly normal. You may have to seek help in one of our other forums when we are done.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    Task: {A095C774-F8C0-49CB-B242-47F1E1E56699} - System32\Tasks\{E350ED70-0D62-4075-9D8E-64B3123B8E2C} => pcalua.exe -a "C:\Users\js\Downloads\kaspersky antivirus 2010 + key 2010\kav9.0.0.736en.exe" -d "C:\Users\js\Downloads\kaspersky antivirus 2010 + key 2010"
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3473282817-218093241-1992745050-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3473282817-218093241-1992745050-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121216080524.dll No File
    C:\Program Files\Common Files\McAfee
    C:\Program Files\McAfee
    CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\js\AppData\Local\Wajam\Chrome\wajam.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit14.crx [Not Found]
    C:\Users\js\AppData\Local\Wajam
    C:\Program Files\Gophoto.it
    CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\js\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-11-19]
    CHR HKU\S-1-5-21-3473282817-218093241-1992745050-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\js\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-11-19]
    Replace: c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe c:\windows\System32\spoolsv.exe
    U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    cmd: net start Spooler
    cmd: net start winmgmt
    cmd: net start wscsvc
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-25-2015, 01:50 PM   #19
Registered Member
 
Join Date: May 2015
Posts: 32
OS: win 7



Hi there chemist,

I do not understand the part :

"Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work."


To save the created fixlist.txt at the same download location as FRST.exe?
In it?
yellowyellow18 is offline  
Old 05-25-2015, 02:41 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Save fixlist.txt to C:\Users\js\Downloads, the same folder that FRST is located. Then run FRST and click the Fix button.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:15 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts