Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

potential toolkits, plz help

This is a discussion on potential toolkits, plz help within the Resolved HJT Threads forums, part of the Tech Support Forum category. I upgraded from WinXP to Win7 a while ago and my computer was reasonnably fast at the time, even though


 
 
Thread Tools Search this Thread
Old 12-13-2015, 10:39 PM   #1
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



I upgraded from WinXP to Win7 a while ago and my computer was reasonnably fast at the time, even though it's a 7 year-old laptop (Corde2Duo with 4 gigs of RAM).

But in the past weeks/months, it bacame running significantly slower. It takes 20 seconds to open a new tab in google chrome, a large amount of time to open the smallest programs (eg Notepad), video playback lags both in chrome and in VLC player, etc. Even typing this very message in a dialog box shows an unacceptable lag.

I ran Spybot SD which found nothing and MalwareBytes antimalware which found 5 insignificant threats.

Another possible clue is that task manager shows about 30 processes but its state bar at the bottom says 70 processes are running...

I hope someone can help.


Finally, here is the required log + the other one attached :

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 11.40.2
Run by Mathieu at 0:05:31 on 2015-12-14
Microsoft Windows*7 Édition Intégrale 6.1.7601.1.1252.1.1036.18.4086.1691 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ochelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Mathieu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BC88AA10-87BF-4F33-96EC-C66684CEBF1C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BC88AA10-87BF-4F33-96EC-C66684CEBF1C}\05F627471696C6D23437373774 : DHCPNameServer = 10.60.96.16 10.60.128.16
TCP: Interfaces\{BC88AA10-87BF-4F33-96EC-C66684CEBF1C}\249626C696F674164796E6561657 : DHCPNameServer = 192.168.128.1 205.151.222.250
TCP: Interfaces\{BC88AA10-87BF-4F33-96EC-C66684CEBF1C}\3536F6275637F57457563747 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BC88AA10-87BF-4F33-96EC-C66684CEBF1C}\3656765607D23716E637D26696C6 : DHCPNameServer = 10.3.2.14 10.2.0.17 10.2.0.157 10.2.0.210 10.2.0.211
TCP: Interfaces\{BC88AA10-87BF-4F33-96EC-C66684CEBF1C}\D416279607F63716 : DHCPNameServer = 68.87.76.178 66.240.48.9
TCP: Interfaces\{BC88AA10-87BF-4F33-96EC-C66684CEBF1C}\D4F6361602C4F636160234C69656E64737 : DHCPNameServer = 24.201.245.77 24.200.0.1 24.53.0.2
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\msosb.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-6-27 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-6-27 274808]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-6-27 1059656]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2015-6-27 449992]
R1 pfmfs_95C;pfmfs_95C;C:\Windows\System32\drivers\pfmfs_95C.sys [2014-5-4 255752]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-6-27 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-6-27 90968]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-6-27 150160]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-7-21 146600]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 ClickToRunSvc;Service Démarrer en clic Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-8 2797752]
R2 lxdx_device;lxdx_device;C:\Windows\System32\lxdxcoms.exe -service --> C:\Windows\System32\lxdxcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-12-13 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-12-13 1135416]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-4-9 1153368]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2014-6-16 33888]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-12-13 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-12-13 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-12-13 63704]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2014-6-16 33888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-15 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-3-30 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-22 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-25 59392]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-7-12 441504]
.
=============== Created Last 30 ================
.
2015-12-13 21:38:18 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-12-13 21:37:33 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-12-13 21:37:33 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-12-13 21:37:33 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-12-13 21:37:33 -------- d-----w- C:\ProgramData\Malwarebytes
2015-12-13 21:37:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-13 21:37:06 -------- d-----w- C:\Users\Mathieu\AppData\Local\Programs
2015-12-13 07:36:44 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1154486-D10B-47E8-A4E4-E4E75EB61BB3}\offreg.dll
2015-12-03 21:43:47 -------- d-----w- C:\Program Files\Common Files\AV
2015-12-03 21:43:47 -------- d-----w- C:\Program Files (x86)\Common Files\AV
.
==================== Find3M ====================
.
2015-12-14 01:52:46 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2015-11-11 21:43:50 1059656 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
.
============= FINISH: 058,23 ===============
Attached Files
File Type: txt attach.txt (6.9 KB, 296 views)
mlachance1977 is offline  
Sponsored Links
Advertisement
 
Old 12-20-2015, 12:12 PM   #2
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



bump please...


P.S. The problem may be located within Chrome. I find browsing to be, by far, the slowest activity on my computer. Also, I have two chrome tabs open but my task manager says there are 6 instances of chrome.exe running. Two of them are using 10-25 % of the processor time.
mlachance1977 is offline  
Old 12-20-2015, 12:53 PM   #3
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mlachance1977,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we? Please do the following steps.

STEP 1


Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2


Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Sponsored Links
Advertisement
 
Old 12-20-2015, 11:16 PM   #4
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Quote:
Originally Posted by tekir06 View Post
My name is Tolga and I will assist you with your malware related problems.
Thanks a lot for your kind help.


Quote:
Originally Posted by tekir06 View Post
My native language is not english.
Same for me. I speak French more fluently.

Quote:
Originally Posted by tekir06 View Post
STEP 1
Attached are the two required logs from step 2. Bellow is the log produced by Adwcleaner.

P.S. Did it delete the software located in the Applian tech folder ? That seemed like a legitimate software to me.


# AdwCleaner v5.025 - Rapport créé le 21/12/2015 à 01:44:55
# Mis à jour le 13/12/2015 par Xplode
# Base de données : 2015-12-13.2 [Serveur]
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (x64)
# Nom d'utilisateur : Mathieu - MATHIEU-LAPTOP
# Exécuté depuis : C:\Users\Mathieu\Downloads\AdwCleaner.exe
# Option : Nettoyer
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Dossiers ] *****

[-] Dossier Supprimé : C:\Program Files (x86)\Applian Technologies
[-] Dossier Supprimé : C:\Users\Mathieu\Documents\Updater

***** [ Fichiers ] *****

[-] Fichier Supprimé : C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] Fichier Supprimé : C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Raccourcis ] *****


***** [ Tâches planifiées ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****


*************************

:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1150 octets] ##########
Attached Files
File Type: txt FRST.txt (29.8 KB, 14 views)
File Type: txt Addition.txt (34.4 KB, 16 views)
mlachance1977 is offline  
Old 12-21-2015, 12:59 AM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mlachance1977,

Which software do you use belong to Applian Technologies?
__________________
tekir06 is offline  
Old 12-21-2015, 03:15 PM   #6
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Quote:
Originally Posted by tekir06 View Post
Hello mlachance1977,

Which software do you use belong to Applian Technologies?
"replay media catcher". It captures streaming videos into a .mp4 file. You think it could contain malware ?
mlachance1977 is offline  
Old 12-22-2015, 12:36 AM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mlachance1977,

Which made me think, Why was ADWcleaner delete this software. This could be a false alarm. I am not sure. I am going to research. Do you use you crack?

Let's go back to the beginning. Please do the following.

Run AdwCleaner again.
Click Quarantine manager.
A log file of what was removed will open in a new window.
Scroll through the list and find the entry you want to restore. (only Applian Technologies folder)
Place a check mark in the box next to the entry(s).
Click the Restore button.

========================================================

Please re-run FRST tool, attach fresh FRST.txt and Addition.txt



__________________
tekir06 is offline  
Old 12-22-2015, 11:57 AM   #8
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Quote:
Originally Posted by tekir06 View Post
Hello mlachance1977,
Which made me think, Why was ADWcleaner delete this software. This could be a false alarm. I am not sure. I am going to research. Do you use you crack?
Yes it was a cracked software. However, I installed it a long time ago and didn't use it much. It's likely not the cause of my recent infection since I didn't use it in the last 2 months.


Quote:
Originally Posted by tekir06 View Post
[LEFT]Let's go back to the beginning. Please do the following.

Run AdwCleaner again.
Click Quarantine manager.
A log file of what was removed will open in a new window.
Scroll through the list and find the entry you want to restore. (only Applian Technologies folder)
Place a check mark in the box next to the entry(s).
Click the Restore button.

========================================================
It says it restored it but the icons in the SM weren't restored. I'll have to double-check and see if the files were restored in C:\Program Files. But for now I'll proceed with the FRST scan.

Quote:
Originally Posted by tekir06 View Post
Please re-run FRST tool, attach fresh FRST.txt and Addition.txt
The files are attached.
Attached Files
File Type: txt FRST.txt (29.7 KB, 13 views)
File Type: txt Addition.txt (34.6 KB, 13 views)
mlachance1977 is offline  
Old 12-22-2015, 12:08 PM   #9
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Yes it did reinstall the Replay Media Catcher software. Only the icon was gone. I ran it and it works. Do you want me to run another instance of FRST to make certain that running Replay Media Catcher didn't install some malware ?
mlachance1977 is offline  
Old 12-23-2015, 05:02 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mlachance1977,

Everything is ok. But You wrote:
Quote:
Yes it was a cracked software.
Please read our Sticky Thread. If you have more, uninstall any such applications.

=========================================================

I see you have P2P software (BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.


========================================================

I see that you have Spybot Search & Destroy. I no longerrecommend this product because of thepoor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.

========================================================

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
2014-07-11 08:08 - 2014-07-11 08:08 - 0000000 _____ () C:\ProgramData\PKP_DLet.DAT
2014-07-11 08:08 - 2014-07-11 08:08 - 0000000 _____ () C:\ProgramData\PKP_DLev.DAT
FirewallRules: [{47FEC2FA-B201-49A4-A36B-CC812DE4CC67}] => (Allow) C:\Users\Mathieu\AppData\Local\Temp\uttB481.tmp.exe
FirewallRules: [{CABC117B-05B9-4036-B429-C6F347CC0A18}] => (Allow) C:\Users\Mathieu\AppData\Local\Temp\uttB481.tmp.exe
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 12-26-2015, 01:18 PM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mlachance1977,

Still with us? If you don't reply within 24 hours, this thread shall be closed.
__________________
tekir06 is offline  
Old 12-26-2015, 03:21 PM   #12
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Hello,

I'm sorry for the delay. The holidays are keeping me on the road quite a bit. Thanks again for your kind help.

I might not have access to internet again until December 30th. I'll make sure to post my next reply as soon as I have access.


Quote:
Originally Posted by tekir06 View Post
Hello mlachance1977,
Everything is ok. But [...]
What exactly do you mean by "everything" ?


Quote:
Originally Posted by tekir06 View Post
You wrote:
Please read our Sticky Thread. If you have more, uninstall any such applications.
I inspected my machine and I'm pretty certain that there are no other cracked softwares. At least I'm certain that I have legitimate versions of Windows, Office 2013, etc. I paid for those or obtained them through my job. There are a few small softwares that I'm not sure of (I think they are sharewares) but I didn't use them recently so I doubt that they could be the cause of my current problems.


Quote:
Originally Posted by tekir06 View Post
I see you have P2P software (BitTorrent) installed on your machine.
In fact I attempted to uninstall that software but it just won't leave my computer. Each time I use their "uninstall" option, it says that the uninstall was correctly performed but afterwards the software is still there. If I run it, it opens as if nothing changed, the only observable difference is that it asks me if I want to make it the default torrent application.

In case it's useful for your analysis : I never used BitTorrent to download ANY executable files. Only TV series, always in mp4 format (I never trusted a self-excutable zip either). Can mp4 files be a threat ?

Quote:
Originally Posted by tekir06 View Post
I see that you have Spybot Search & Destroy. I no longer recommend this product because of thepoor testing results. I recommend uninstalling this program.
ok I just removed it. The program seems to be gone, but the Resident protection icon is still there. Is that normal ? I manually closed the Resident protection before proceeding with the rest of your instructions.

EDIT : After the reboot it didn't reopen.


Quote:
Originally Posted by tekir06 View Post
first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D
oops. I didn't do that part. :-(


Quote:
Originally Posted by tekir06 View Post
[...]
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
I ran the tool and the fixlog.txt is available below. I also noticed that it deleted all "recent file" information from the start menu. Is that normal ?


Résultats de correction de Farbar Recovery Scan Tool (x64) Version:20-12-2015
Exécuté par Mathieu (2015-12-26 17:48:48) Run:1
Exécuté depuis C:\Users\Mathieu\Desktop
Profils chargés: Mathieu (Profils disponibles: Mathieu)
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
2014-07-11 08:08 - 2014-07-11 08:08 - 0000000 _____ () C:\ProgramData\PKP_DLet.DAT
2014-07-11 08:08 - 2014-07-11 08:08 - 0000000 _____ () C:\ProgramData\PKP_DLev.DAT
FirewallRules: [{47FEC2FA-B201-49A4-A36B-CC812DE4CC67}] => (Allow) C:\Users\Mathieu\AppData\Local\Temp\uttB481.tmp.exe
FirewallRules: [{CABC117B-05B9-4036-B429-C6F347CC0A18}] => (Allow) C:\Users\Mathieu\AppData\Local\Temp\uttB481.tmp.exe
EmptyTemp:
*****************

Le Point de restauration a été créé avec succès.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => valeur supprimé(es) avec succès
C:\ProgramData\PKP_DLet.DAT => déplacé(es) avec succès
C:\ProgramData\PKP_DLev.DAT => déplacé(es) avec succès
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47FEC2FA-B201-49A4-A36B-CC812DE4CC67} => valeur supprimé(es) avec succès
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CABC117B-05B9-4036-B429-C6F347CC0A18} => valeur supprimé(es) avec succès
EmptyTemp: => 3.3 GB données temporaires supprimées.


Le système a dû redémarrer.

==== Fin de Fixlog 17:52:50 ====
mlachance1977 is offline  
Old 12-26-2015, 03:44 PM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,
Quote:
I'm sorry for the delay. The holidays are keeping me on the road quite a bit. Thanks again for your kind help.
You're Welcome.
Quote:
What exactly do you mean by "everything" ?
You wrote:
Quote:
Do you want me to run another instance of FRST to make certain that running Replay Media Catcher didn't install some malware ?
I just wanted to say that You do not need it.
Quote:
I inspected my machine and I'm pretty certain that there are no other cracked softwares. At least I'm certain that I have legitimate versions of Windows, Office 2013, etc. I paid for those or obtained them through my job. There are a few small softwares that I'm not sure of (I think they are sharewares) but I didn't use them recently so I doubt that they could be the cause of my current problems.


Quote:
In case it's useful for your analysis : I never used BitTorrent to download ANY executable files. Only TV series, always in mp4 format (I never trusted a self-excutable zip either). Can mp4 files be a threat ?
No matter what you download. P2P software is always risky.
Quote:
I also noticed that it deleted all "recent file" information from the start menu. Is that normal ?
Anyone who says that has never been before.

Thanks for the fixlog. Please do the below steps.

STEP 1

Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

STEP 2

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 66 from the following link

Download Free Java Software

STEP 3

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology

Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 12-26-2015, 09:46 PM   #14
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Hello,

Thanks for the quick reply ! I'll have internet access for the rest of the day. I'm only leaving tomorrow morning.

Quote:
Originally Posted by tekir06 View Post
I just wanted to say that You do not need it.
ahhh I see now. Thanks.


Quote:
Originally Posted by tekir06 View Post
No matter what you download. P2P software is always risky.
Is the fact that I cannot remove BitTorrent potentially related to the problems that I'm experiencing ?


Quote:
Originally Posted by tekir06 View Post
Anyone who says that has never been before.
Never been what before ? A verb appears to be missing.


Quote:
Originally Posted by tekir06 View Post
Thanks for the fixlog. Please do the below steps.
[...]
Launch Malwarebytes Anti-Malware
I ran MBAM just before posting here so it didn't find anything new this time. You'll still find the requested log attached (log.txt).


Quote:
Originally Posted by tekir06 View Post
Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 66 from the following link
What above program ?

I uninstalled Java 8 update 40. I hope that's what you wanted.

Java 8 update 66 is now installed.

On the Java site, I received a warning saying : "We have detected you are using Google Chrome and might be unable to use the Java plugin from this browser. Starting with Version 42 (released April 2015), Chrome has disabled the standard way in which browsers support plugins."

What is that about ?


Quote:
Originally Posted by tekir06 View Post
Run Eset Online Scanner
It wouldn't run in Chrome so I had to start IE to run it. Chrome was still open, in case that's an important info.

I'll post the results in my next reply because I feel like closing Chrome will speed the process.

BUT

I feel that it is relevant to point out that one of my symptoms just occured : the first 20 mins, the scan was very fast (it did around 25% in 20 mins) but then it didn't do more than 10% in *three hours*. This weak performance appeared suddenly. Now, all of the computer seems to be veeeeeery slow (for instance, I hit ctrl-alt-del to get the task manager and it took about 50 seconds to get a response).

The Performance tab in the task manager says that the CPU is operating at 99% but in the process list, the scan accounts for only 25% of CPU time, IE about 8%, and the total of all processes, well below 50%. Where's all the CPU time going ? It's driving me mad !

Anyway. So I'm posting this and closing Chrome, hoping that it will speed things up.
mlachance1977 is offline  
Old 12-27-2015, 08:49 AM   #15
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Quote:
Originally Posted by tekir06 View Post
[...]
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
The scan lasted 8 hours. It did find 7 infected files. After clicking "Finish" as instructed, all I got was a publicity which offered products.

There were no option to save anything to file. There may have been such an option BEFORE I clicked "Finish", but there didn't seem to be a way to go back to my scan results. How can I retreive them other than rescanning for 8 hours ?
mlachance1977 is offline  
Old 12-28-2015, 12:01 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mlachance1977,

Can you see the following file path for the log?

Quote:
C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt
__________________
tekir06 is offline  
Old 12-28-2015, 05:45 AM   #17
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Quote:
Originally Posted by tekir06 View Post
Hello mlachance1977,

Can you see the following file path for the log?
Yes ! Oh but wait... All that it contains is the following, with no info on the 7 infected files that were found :

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 27369




Do you want me to rescan ?
mlachance1977 is offline  
Old 12-28-2015, 11:43 PM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mlachance1977,

No need re-scan. Please do the following.

Please download ComboFix and Save it to your Desktop.

Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Please make sure you disable your security applications before running ComboFix. Get help here
Double-click ComboFix.exe and follow the prompts to run it.
If a message window opens to install the Microsoft Windows Recovery Console, click the yes button.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.
Please re-enable your antivirus before posting the ComboFix.txt log.
NOTE: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe
Next, go File > New Task(Run...) and type explorer then press 'Enter'. or just reboot the computer.
__________________
tekir06 is offline  
Old 12-30-2015, 08:49 PM   #19
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Here it is :

ComboFix 15-12-29.01 - Mathieu 2015-12-30 22:49:58.1.2 - x64
Microsoft Windows*7 Édition Intégrale 6.1.7601.1.1252.1.1036.18.4086.2452 [GMT -5:00]
Lancé depuis: c:\users\Mathieu\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
c:\users\Mathieu\AppData\Local\assembly\tmp
c:\users\Mathieu\AppData\Roaming\RasWin
c:\users\Mathieu\AppData\Roaming\RasWin\RasWin.flg
C:\WindowsGABRIOLA.tt2
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-11-28 au 2015-12-31 ))))))))))))))))))))))))))))))))))))
.
.
2015-12-31 04:40 . 2015-12-31 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-28 11:52 . 2015-12-28 11:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1154486-D10B-47E8-A4E4-E4E75EB61BB3}\offreg.dll
2015-12-27 01:50 . 2015-12-27 01:50 -------- d-----w- c:\program files (x86)\ESET
2015-12-27 01:45 . 2015-12-27 01:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-12-27 01:45 . 2015-12-27 01:45 -------- d-----w- c:\users\Mathieu\.oracle_jre_usage
2015-12-27 01:45 . 2015-12-27 01:44 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-12-27 01:44 . 2015-12-27 01:44 -------- d-----w- c:\program files (x86)\Java
2015-12-22 19:48 . 2015-12-22 19:48 -------- d-----w- c:\program files (x86)\Applian Technologies
2015-12-21 06:55 . 2015-12-26 22:58 -------- d-----w- C:\FRST
2015-12-21 06:42 . 2015-12-22 19:48 -------- d-----w- C:\AdwCleaner
2015-12-13 21:38 . 2015-12-28 02:21 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-13 21:37 . 2015-12-13 21:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-12-13 21:37 . 2015-12-13 21:37 -------- d-----w- c:\programdata\Malwarebytes
2015-12-13 21:37 . 2015-10-05 14:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-13 21:37 . 2015-10-05 14:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-13 21:37 . 2015-10-05 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-13 21:37 . 2015-12-13 21:37 -------- d-----w- c:\users\Mathieu\AppData\Local\Programs
2015-12-03 21:43 . 2015-12-03 21:43 -------- d-----w- c:\program files\Common Files\AV
2015-12-03 21:43 . 2015-12-03 21:43 -------- d-----w- c:\program files (x86)\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 21:43 . 2015-06-28 02:25 449992 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-11-11 21:43 . 2015-06-28 02:25 1059656 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-10-13 12:34 . 2014-04-09 04:52 912080 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-12-15 17:23 1731800 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-12-15 17:23 1731800 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-12-15 17:23 1731800 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2013-12-31 02:10 204672 ----a-w- c:\windows\SysWOW64\pfmshx_95C.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"QuickFinder Scheduler"="c:\program files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-05-11 3478600]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-11 6108752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 pfmfs_95C;pfmfs_95C;c:\windows\system32\Drivers\pfmfs_95C.sys;c:\windows\SYSNATIVE\Drivers\pfmfs_95C.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Service Démarrer en clic Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe;c:\windows\SYSNATIVE\lxdxcoms.exe [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - aswFsBlk
*Deregistered* - aswTdi
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-17 06:58 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08 18:54]
.
2015-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08 18:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-12-15 17:23 2339032 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-12-15 17:23 2339032 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-12-15 17:23 2339032 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-21 09:43 777544 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2013-12-31 02:10 234368 ----a-w- c:\windows\System32\pfmshx_95C.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans WordPerfect - c:\program files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 205.151.67.34 205.151.67.2 205.151.67.6
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-avast! - c:\program files\Alwil Software\Avast4\aswRunDll.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-12-30 23:45:10
ComboFix-quarantined-files.txt 2015-12-31 04:45
.
Avant-CF: 311*572*901*888 octets libres
Après-CF: 311*182*471*168 octets libres
.
- - End Of File - - 3E620986AF97E4B4667E067C80F4E956
A36C5E4F47E84449FF07ED3517B43A31
mlachance1977 is offline  
Old 12-30-2015, 08:52 PM   #20
Registered Member
 
Join Date: Dec 2015
Posts: 16
OS: windows 7 SP1



Maybe an additional info :

Interesting info : yesterday I browsed some news on facebook and opened the following site (see address below). Everything seemed normal but I left it opened a long time while I watched a movie on VLC. When I closed VLC, the computer was extremely slow, as if all the ram had been swaped to disk or something. But I checked the task manager and had 33% available ram. However, I had 100% CPU activity with 30% being the chrome tab where I had this *statict text* opened. How can 30% of my CPU be used for keeping a text page opened ? I'm assuming it's malware but could it be something else ?

Scientists Are Beginning to Figure Out Why Conservatives Are… Conservative | BillMoyers.com
mlachance1977 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
network gateway unavailable plz help
Not very tech savy..plz help Compaq presario with windows 7 64 bit. Kep disconnecting me. I run the trouble shoot it says gateway network unavailable resets and works fine for a couple mins than shuts off again. Worked fine for almost month on landlords network, and just stopped one day...
mrdavidc1974 Networking Support 2 10-11-2012 03:26 PM
why i cant connect to wireless network . plz help
Hello everyone this is my first post on this forum. I can see the wireless connection on the laptop but it won’t connect. this networks no needed user name and pass to connect. my laptop is vostro 1015 os: windows 7 ultimate. plz see this screenshots:...
masoudcpu Networking Support 1 05-05-2011 07:42 PM
Plz help me!!!!!1
PLZ help me I have same problem and Im not good with PC :( can you plz send me a Video how to solve this problem? PLZ :)
kostas159 Online/Network Gaming Support 4 04-12-2011 05:15 AM
Plz help!!!!
i am from india and my father's monthly income is 320$ and he has to manage whole 6 membered family in that salary! in this we can't have some precious things like gaming pc .....i never owned a ps2 or ps3 but i really want to play games! i can't do anything as i am still a student .......plz...
ShekharPachauri Other Hardware Support 12 01-26-2011 06:46 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:49 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts