SLOW notebook, possible virus [Solved/Closed]

bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen - Aug 20, 2013 at 05:55 PM - Latest reply: bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen
- Aug 29, 2013 at 04:27 PM
Hello,





My notebook is slow and have problems with vids... perhaps it has acquired VIRUS again :/
I have downloaded ZHP and here's the log :


~ Report of ZHPDiag v2013.8.20.29 - Nicolas Coolman (8/20/2013)
~ Launched by Usuario (8/20/2013 11:38:18 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16660
MFIE: Mozilla Firefox 20.0.1
GCIE: Google Chrome v28.0.1500.95 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v8.0.1489.0
Windows Defender W7

---\\ System optimization software
CCleaner v3.24 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Java 7 Update 25

---\\ Information on the system
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013.9 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 99 GB (74%) free of 133 GB

---\\ Connection to the system mode
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Invitado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C:\ Hard drive, Flash drive, Thumb drive (Free 99 Go of 133 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 4 Go)



---\\ State of the Windows Security Center
~ Security Center: 31 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorador de Windows.) (.2/25/2011 - 6:30:54 AM.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicación de inicio de Windows.) (.7/14/2009 - 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.DAA3903F06116AE9EE7AC1D1B93684A4] - (.Microsoft Corporation - Extensiones de Internet para Win32.) (.7/26/2013 - 4:13:24 AM.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicación de inicio de sesión de Windows.) (.11/20/2010 - 1:17:54 PM.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de licencias de software.) (.11/20/2010 - 1:21:24 PM.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.4/25/2011 - 3:18:03 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 2:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 12:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:10 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:29 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Controlador de puerto de i8042.) (.7/14/2009 - 12:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 12:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 3:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:44 AM.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Controlador del sistema de archivos NTFS.) (.4/12/2013 - 2:45:29 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Controlador de puerto paralelo.) (.7/14/2009 - 12:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 12:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 12:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:17 AM.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Controlador de instantánea de volumen.) (.11/20/2010 - 1:30:16 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 01mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/9
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 2/4147
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 16mn AMs



---\\ Running Processes at system startup
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.512]
[MD5.38D514C7CB292F274FBD34B8AE0C2140] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe [1130504] [PID.2772]
[MD5.E3F058D8721EA53BEAB9079A8FB53FD7] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672] [PID.2908]
[MD5.B68A9FFF95D5305F598B28A75F7FBA4F] - (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [707104] [PID.3220]
[MD5.EF533F9D1E4F51C783D4349A7C3F518F] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464] [PID.3520]
[MD5.EAEB34D06AC35097031B0F11595012D7] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480] [PID.3560]
[MD5.7D76D318991A81591BD8A0AE63A3907B] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320] [PID.3652]
[MD5.4C4D8DE31E840EC339A43FA3C24BE611] - (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe [393320] [PID.3684]
[MD5.B181B99000E2E00C391F93353C72ABA5] - (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\igfxext.exe [173080] [PID.3732]
[MD5.132881D0B6A4091BF77E570AEC0809F2] - (.Insyde Software Corp. - Acer Updater for Android(TM).) -- C:\Program Files\Acer\Updater\iUpdate.exe [487016] [PID.3764]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.3784]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.3836]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.3876]
[MD5.FDB2FB392B20797AF3F4ED9D7699938E] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.3916]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3928]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3980]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4004]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.4052]
[MD5.659474582C6E060DBD8FFFF97DC892C5] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1561968] [PID.2372]
[MD5.7E1C3FC7596B07986EA95602DFC68DBC] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [19875944] [PID.3208]
[MD5.9CACBFFA01B0CB2CB36111E274ADF4D1] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3740]
[MD5.131E6FE09470F057000B0CC01C14D8B7] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe [708608] [PID.3388]
[MD5.ECCA7F72A24C7CF43131946C076689D1] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [846288] [PID.5564]
[MD5.D00EA3CBEB3E81CD14BB7A9EA9396FD7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7851008] [PID.5464]
~ Processes Running: Scanned in 12mn AMs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.msn.com
G0 - GCSP: Preference [User Data\Default] http://www.msn.com
~ Google Browser: 14 Legitimates Filtered in 56mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9roayojh.default\prefs.js
~ Firefox Browser: 15 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
~ IE Browser: 10 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.offerbox.com =>PUP.OfferBox
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>Toolbar.Avast
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in 00mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iSyncData] . (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe
O4 - HKLM\..\Run: [AndroidManager] . (.No owner - Acer Configuration Manager for Android(TM) lau.) -- C:\Program Files\Acer\Android Manager\AML.exe
O4 - HKLM\..\Run: [iPatchData] . (.Insyde Software Corp. - Acer Updater for Android(TM).) -- C:\Program Files\Acer\Updater\iUpdate.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [KiesAirMessage] . (.Samsung Electronics - No Comment.) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [KiesAirMessage] . (.Samsung Electronics - No Comment.) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Welcome Center.lnk . (.Acer Incorporated - Welcome Center.) -- C:\Program Files\Acer\Welcome Center\OEMWelcomeCenter.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorador de Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Reproductor de Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Samsung Kies (Lite).lnk . (...) -- C:\Program Files\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (...) -- C:\Program Files\Samsung\Kies\KiesAgent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Editor de caracteres privados.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Badoo.Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - GS\Desktop: Eusing Free Registry Cleaner.lnk . (...) -- C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
~ Global Startup: Scanned in 02mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Proveedor de correcciones de compatibilidad (shim) de nomenclaturas de co.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Proveedor de espacio de nombres PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Proveedor de espacio de nombres PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Proveedor de servicios de Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
~ Winsock: 8 Legitimates Filtered in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: MyWinLocker Service (MWLService) . (.Egis Technology Inc. - MyWinLocker Service.) - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
O23 - Service: Updater Service (Updater Service) . (.Acer - Acer Update Service.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
~ Services: 9 Legitimates Filtered in 23mn AMs



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [{2618FF3F-07DD-42F6-9992-64FB3825BBB9}] (...) -- C:\Users\Usuario\Downloads\unetbootin-windows-584.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6B0ADC77-7E47-4C2A-A960-BA589A9BC5B3}] (...) -- C:\Users\Usuario\Downloads\Nokia_PC_Suite_ALL.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 10mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 7/13/2013 - 10:41:01 AM - [4.699] ----D C:\Program Files\GUM76FB.tmp
O43 - CFD: 4/1/2013 - 4:25:08 PM - [0.015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 4/10/2013 - 1:47:46 PM - [6.006] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 4/10/2013 - 1:47:44 PM - [0.002] ----D C:\ProgramData\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 4/6/2013 - 11:33:38 PM - [0.090] ----D C:\Users\Usuario\AppData\Roaming\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 3/16/2013 - 1:15:28 PM - [0] ----D C:\Users\Usuario\AppData\Local\Archivos temporales de Internet
O43 - CFD: 4/13/2013 - 4:18:21 PM - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
~ Program Folder: 151 Legitimates Filtered in 50mn AMs



---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.D1299DD26E46F8A2C7DF5CEABBA0E82F] - 8/20/2013 - 7:57:18 AM ---A- - C:\Windows\Prefetch\AML.EXE-E90B2549.pf
O45 - LFCP:[MD5.080D94E61A5A3898929AEE0228912E3A] - 8/20/2013 - 7:57:25 AM ---A- - C:\Windows\Prefetch\ISYNC.EXE-99A72985.pf
O45 - LFCP:[MD5.4DC530058879091F9035E1B904D2BD96] - 8/20/2013 - 7:57:38 AM ---A- - C:\Windows\Prefetch\ACERVCM.EXE-B08FF7BD.pf
~ Prefetcher: 84 Legitimates Filtered in 02mn AMs



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{0cdd4124-ba79-11e2-b9c0-806e6f6e6963}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 7/14/2009 - 2:26:15 AM ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 10:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn AMs



---\\ Last modified or created user files (O61)
O61 - LFC: 8/17/2013 - 8:49:19 PM ---A- C:\Users\Usuario\Downloads\Attachments_2013817.zip [7192095]
O61 - LFC: 8/20/2013 - 10:43:08 PM ---A- C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Local State [40823]
O61 - LFC: 8/20/2013 - 8:09:53 PM ---A- C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260789]
~ 8 Fichiers temporaires (Temporary files)
~ Files: 159 Legitimates Filtered in 51mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {44F062C3-3C18-4812-BCE0-D3BEC5F88BD0} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.62B7C506B092D460898F3296DA94B728] [SPRF][7/18/2009] (.Oberon Media - FullRemove.) -- C:\ProgramData\FullRemove.exe [36136]
[MD5.8897DA73D4C9038CD2AE37B86959CEE8] [SPRF][8/11/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\Usuario\AppData\Local\Temp\SkypeSetup.exe [31945832]
[MD5.347644B235F2D5C0EF587B7910A7A6C7] [SPRF][7/10/2013] (...) -- C:\Users\Usuario\Desktop\advisorinstaller.exe [3215536]
~ Files: Scanned in 01mn AMs



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{A9F6DF8F-F01B-4156-8B5C-FB527CBCA8AC}" | In - Public - P6 - FALSE | .(.NHN Japan - LINE.) -- C:\Program Files\Naver\LINE\Line.exe
O87 - FAEL: "{367BED5A-FCCC-419B-9CBE-B19537FF55F3}" | In - Public - P17 - FALSE | .(.NHN Japan - LINE.) -- C:\Program Files\Naver\LINE\Line.exe
~ Firewall: 167 Legitimates Filtered in 03mn AMs



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "5E182325DD195F94D9585914847F95A6" . (.AndroidInstaller.) -- C:\Windows\Installer\{523281E5-91DD-49F5-9D85-954148F7596A}\ARPPRODUCTICON.exe
~ Update Products: 87 Legitimates Filtered in 00mn AMs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.D24949E5C6EC59F7F8664A657066994D] [WIS][8/14/2009] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\1dd6c4.msi [28160] =>Toolbar.Google
[MD5.C555B7BE179B1E472AE5E946BA5B3066] [WIS][8/14/2009] (.esobi Inc. - eSobi.) -- C:\Windows\Installer\1dd6de.msi [12495872]
[MD5.30AA0099343BD8D9ECFAFBEE9C666EC3] [WIS][5/18/2013] (.Badoo - Badoo Desktop Installer.) -- C:\Windows\Installer\2eefc6c.msi [2301952]
[MD5.7A66FD7DD6B32F60223485CFAD4A19B8] [WIS][7/12/2013] (.Google - Google Earth.) -- C:\Windows\Installer\509576f.msi [921600]
[MD5.DF35689F44BE07AF19293BAEC2365822] [WIS][10/1/2009] (.Insyde - MSI Database.) -- C:\Windows\Installer\6786b.msi [618800]
[MD5.CA85C5801D122DBC5B3EB6BA160EF921] [WIS][8/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\7eaf7.msi [21807104]
~ WIS: 90 Legitimates Filtered in 57mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 6/12/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 5/9/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 8/6/2009 727584 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 6/4/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Registration\GregHSRW.exe
SS - | Auto 3/19/2013 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 3/19/2013 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 3/19/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 6/5/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 4/10/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 8/6/2009 311592 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
SR - | Auto 7/10/2009 253952 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer VCM\RS_Service.exe
SS - | Auto 6/21/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 7/4/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 06mn AMs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Usuario at 8/20/2013 11:47:34 PM

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 04mn AMs



---\\ Scan Additionnel (O88)
Database Version : v2.12862 - (8/20/2013)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 3

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} =>Toolbar.Avast^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\Yahoo! =>Toolbar.Yahoo^
C:\ProgramData\Yahoo! =>Toolbar.Yahoo^
C:\Users\Usuario\AppData\Roaming\Yahoo! =>Toolbar.Yahoo^
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>Toolbar.Avast^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
:\Windows\Installer\1dd6c4.msi =>Toolbar.Google^
~ Additionnel Scan: 315771 Items scanned in 57mn AMs



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ MSI: 4 link(s) detected in 57mn AMs



~ 1184 Legitimates filtered by white list
End of the scan (483 lines in 14mn AMs)(0)




please HELP :(
See more 

12 replies

bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen - Aug 21, 2013 at 04:41 PM
0
Thank you
HELPPPPP PLEASEEEEE !!!!
Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Aug 22, 2013 at 06:31 AM
0
Thank you
Ola !

Sorry for the late response. Do you still need help ?
bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen - Aug 27, 2013 at 04:12 PM
yes ambucias.... you're always my savior and you know that...helpppppppp
i really have prob with the vids, even in skype... it freezes the screen and a very annoying buzz follows ;/
Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Aug 27, 2013 at 04:25 PM
Hold on for analysis
bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen - Aug 27, 2013 at 04:31 PM
thanks ambu :)
Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Aug 27, 2013 at 04:43 PM
0
Thank you
No wonder it's slow but this time we will have this clean in a jiffy.

1. You have a programme called "My PC Backup" please remove it. Every time you do something it takes your ressources to saveguard.

2. You have another application called OfferBox, it has a proxy override feature.

Launch ZHP fix and copy the following files:

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.offerbox.com =>PUP.OfferBox
O43 - CFD: 4/1/2013 - 4:25:08 PM - [0.015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^

Click on the clipboard button the on the GO button.

Close ZHP Fix

Restart your system and then everything should work normally
bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen - Aug 27, 2013 at 05:04 PM
hi, should i restart my computer? anything that i should do next?
bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen - Aug 27, 2013 at 05:32 PM
ambu..... still it lags and gives me the annoying buzz for videos :/
Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Aug 28, 2013 at 06:30 AM
0
Thank you
Launch ZHP Fix again, copy the following lines, paste with clipboard button and click on go. (They are useless toolbars)

O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>Toolbar.Avast
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key => Toolbar.Google
O43 - CFD: 4/10/2013 - 1:47:46 PM - [6.006] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 4/10/2013 - 1:47:44 PM - [0.002] ----D C:\ProgramData\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 4/6/2013 - 11:33:38 PM - [0.090] ----D C:\Users\Usuario\AppData\Roaming\Yahoo! =>Toolbar.Yahoo
[MD5.D24949E5C6EC59F7F8664A657066994D] [WIS][8/14/2009] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\1dd6c4.msi [28160] =>Toolbar.Google
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} =>Toolbar.Avast^
C:\Program Files\Yahoo! =>Toolbar.Yahoo^
C:\ProgramData\Yahoo! =>Toolbar.Yahoo^
C:\Users\Usuario\AppData\Roaming\Yahoo! =>Toolbar.Yahoo^
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>Toolbar.Avast^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
:\Windows\Installer\1dd6c4.msi =>Toolbar.Google^

Next, there is a possible usb virus

Here is a tool to remove the virus and vaccinate your USB against further viruses.


Download UsbFix (created by El Desaparecido) on your desktop.

http://ccm.net/download/download-24089-usbfix

If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.

Click on deletion
.
Let the tool work.

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).
bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen - Aug 29, 2013 at 02:39 PM
0
Thank you
hi ambu,

below is the log.... i dont have any usb...


############################## | UsbFix V 7.133 | [Supresión]

Usuario: Usuario (Administrador) # USUARIO-PC
Actualizado el 27/08/2013 por El Desaparecido
Comenzó a 20:22:24 | 29/08/2013

Sitio web: http://sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contacto: eldesaparecido@sosvirus.net

PC: Acer (Aspire one ) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (1600)
RAM -> [Total : 1014 | Free : 240]
BIOS: InsydeH2O Version V1.22
BOOT: Normal boot

OS: Microsoft Windows 7 Starter (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disco fijo # 133 Gb (97 Mb libre(s) - 73%) [Acer] # NTFS
D:\ -> Disco fijo # 4 Gb (3 Mb libre(s) - 68%) [] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files\Launch Manager\LManager.exe
HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
HKLM\SOFTWARE | Run : [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
HKLM\SOFTWARE | Run : [EgisTecLiveUpdate] - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
HKLM\SOFTWARE | Run : [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [iSyncData] - C:\Program Files\Acer\Android Manager\iSync.exe
HKLM\SOFTWARE | Run : [AndroidManager] - C:\Program Files\Acer\Android Manager\AML.exe
HKLM\SOFTWARE | Run : [iPatchData] - C:\Program Files\Acer\Updater\iUpdate.exe
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Procesos Parados |

Parado! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1428)
Parado! C:\Windows\Explorer.EXE (1508)
Parado! C:\Windows\System32\spoolsv.exe (1672)
Parado! C:\Windows\system32\taskhost.exe (1692)
Parado! C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (1728)
Parado! C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (448)
Parado! C:\Program Files\Acer\Registration\GregHSRW.exe (484)
Parado! C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (872)
Parado! C:\Program Files\Acer\Acer VCM\RS_Service.exe (1328)
Parado! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (1112)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1992)
Parado! C:\Program Files\Google\Chrome\Application\chrome.exe (1100)
Parado! C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (1136)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2192)
Parado! C:\Windows\system32\SearchIndexer.exe (2352)
Parado! C:\Program Files\Google\Chrome\Application\chrome.exe (2716)
Parado! C:\Program Files\Launch Manager\LManager.exe (2976)
Parado! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (2988)
Parado! C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (3008)
Parado! C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (3028)
Parado! C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (3040)
Parado! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3056)
Parado! C:\Program Files\Acer\Android Manager\iSync.exe (3064)
Parado! C:\Program Files\Acer\Updater\iUpdate.exe (3084)
Parado! C:\Windows\System32\igfxtray.exe (3124)
Parado! C:\Windows\System32\hkcmd.exe (3224)
Parado! C:\Windows\System32\igfxpers.exe (3248)
Parado! C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (3284)
Parado! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3312)
Parado! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3328)
Parado! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3344)
Parado! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3372)
Parado! C:\Program Files\Samsung\Kies\Kies.exe (3408)
Parado! C:\Program Files\Skype\Phone\Skype.exe (3456)
Parado! C:\Program Files\Acer\Acer VCM\AcerVCM.exe (3480)
Parado! C:\Windows\system32\igfxsrvc.exe (3656)
Parado! C:\Windows\system32\igfxext.exe (3692)
Parado! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (4044)
Parado! C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (4876)
Parado! C:\Windows\system32\taskeng.exe (3048)
Parado! C:\Windows\system32\taskeng.exe (3188)

################## | Archivos # Carpetas infectadas |

Suprimido ! C:\ProgramData\FullRemove.exe
Suprimido ! C:\Program Files\GUM76FB.tmp
Suprimido ! C:\Program Files\GUT774A.tmp
Suprimido ! C:\Windows\system32\update.exe

(!) Archivos temporales suprimido.

################## | Registro |


################## | Mountpoints2 |

Suprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0cdd4124-ba79-11e2-b9c0-806e6f6e6963}

################## | Listing |

[16/03/2013 - 13:18:23 | SHD ] C:\$Recycle.Bin
[11/04/2013 - 23:53:10 | N | 6155] C:\AdwCleaner[S1].txt
[12/08/2013 - 22:54:23 | N | 2574] C:\AdwCleaner[S2].txt
[16/03/2013 - 13:15:11 | D ] C:\Archivos de programa
[10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
[16/03/2013 - 13:19:38 | D ] C:\book
[14/08/2009 - 11:25:33 | N | 8192] C:\BOOTSECT.BAK
[15/08/2013 - 03:53:04 | D ] C:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[29/08/2013 - 20:05:18 | ASH | 797396992] C:\hiberfil.sys
[14/08/2009 - 10:34:55 | D ] C:\Intel
[14/08/2009 - 10:54:35 | RHD ] C:\MSOCache
[17/04/2013 - 11:36:20 | D ] C:\OEM
[29/08/2013 - 20:05:17 | ASH | 1073741824] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[20/08/2013 - 23:47:35 | N | 512] C:\PhysicalDisk0_MBR.bin
[29/08/2013 - 20:26:47 | D ] C:\Program Files
[29/08/2013 - 20:26:41 | HD ] C:\ProgramData
[16/03/2013 - 13:15:11 | SHD ] C:\Recovery
[14/08/2009 - 10:44:36 | N | 1937] C:\RHDSetup.log
[24/08/2013 - 13:54:50 | SHD ] C:\System Volume Information
[29/08/2013 - 20:26:49 | D ] C:\UsbFix
[29/08/2013 - 20:27:45 | A | 8223] C:\UsbFix [Clean 1] USUARIO-PC.txt
[16/03/2013 - 13:15:27 | D ] C:\Users
[24/08/2013 - 23:43:41 | D ] C:\Windows
[28/08/2013 - 23:33:12 | D ] C:\ZHP
[15/04/2013 - 23:10:50 | N | 201327275] D:\var.img
[15/04/2013 - 23:11:02 | N | 138412983] D:\q2l.img
[15/04/2013 - 23:10:50 | N | 1048576000] D:\firefox.img
[15/04/2013 - 23:10:50 | D ] D:\Downloads
[15/04/2013 - 23:12:04 | D ] D:\picture
[15/04/2013 - 23:11:02 | D ] D:\android
[16/03/2013 - 13:18:08 | SHD ] D:\$RECYCLE.BIN

################## | Vaccin |

C:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
D:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.net |
Ambucias 53314 Posts Monday February 1, 2010Registration dateModeratorStatus July 22, 2018 Last seen - Aug 29, 2013 at 04:15 PM
0
Thank you
Hi,

The problem should now be solved as USB Fix deleted the following virused files:

C:\ProgramData\FullRemove.exe
C:\Program Files\GUM76FB.tmp
C:\Program Files\GUT774A.tmp
C:\Windows\system32\update.exe

Suprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0cdd4124-ba79-11e2-b9c0-806e6f6e6963}
bcn101 113 Posts Friday November 9, 2012Registration date July 28, 2014 Last seen - Aug 29, 2013 at 04:27 PM
0
Thank you
ok then.. thank you very much ambu :)