SLOW notebook, possible virus Solved/Closed

Question

Hello, Configuration: Windows 7 / Chrome 28.0.1500.95 My notebook is slow and have problems with vids... perhaps it has acquired VIRUS again :/ I have downloaded ZHP and here's the log : ~ Report of ZHPDiag v2013.8.20.29 - Nicolas Coolman (8/20/2013) ~ Launched by Usuario (8/20/2013 11:38:18 PM) ~ Web site address : https://nicolascoolman.webs.com/ ~ Translated by ~ Version State : Updated version. ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Deactivate by program ---\ Internet browsers MSIE: Internet Explorer v10.0.9200.16660 MFIE: Mozilla Firefox 20.0.1 GCIE: Google Chrome v28.0.1500.95 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software avast! Free Antivirus v8.0.1489.0 Windows Defender W7 ---\ System optimization software CCleaner v3.24 =>Piriform Ltd ---\ Sharing software PeerToPeer ---\ Surveillance software Adobe Flash Player 11 Plugin Adobe Reader 9.1 MUI Java 7 Update 25 ---\ Information on the system ~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1013.9 MB (21% free) System Restore: Activé (Enable) System drive C: has 99 GB (74%) free of 133 GB ---\ Connection to the system mode ~ Computer Name: USUARIO-PC ~ User Name: Usuario ~ All Users Names: Usuario, Invitado, Administrador, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Usuario\AppData\Roaming\ ~ %Desktop% : C:\Users\Usuario\Desktop\ ~ %Favorites% : C:\Users\Usuario\Favorites\ ~ %LocalAppData% : C:\Users\Usuario\AppData\Local\ ~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C:\ Hard drive, Flash drive, Thumb drive (Free 99 Go of 133 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 4 Go) ---\ State of the Windows Security Center ~ Security Center: 31 Legitimates Filtered in 00mn AMs ---\ Search Generic System Files [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorador de Windows.) (.2/25/2011 - 6:30:54 AM.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicación de inicio de Windows.) (.7/14/2009 - 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.DAA3903F06116AE9EE7AC1D1B93684A4] - (.Microsoft Corporation - Extensiones de Internet para Win32.) (.7/26/2013 - 4:13:24 AM.) -- C:\Windows\System32\wininet.dll [1767936] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicación de inicio de sesión de Windows.) (.11/20/2010 - 1:17:54 PM.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de licencias de software.) (.11/20/2010 - 1:21:24 PM.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.4/25/2011 - 3:18:03 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 2:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 12:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:10 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:29 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Controlador de puerto de i8042.) (.7/14/2009 - 12:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 12:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 3:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:44 AM.) -- C:\Windows\system32\Drivers etBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Controlador del sistema de archivos NTFS.) (.4/12/2013 - 2:45:29 PM.) -- C:\Windows\system32\Drivers tfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Controlador de puerto paralelo.) (.7/14/2009 - 12:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 12:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 12:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:17 AM.) -- C:\Windows\system32\Drivers dx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Controlador de instantánea de volumen.) (.11/20/2010 - 1:30:16 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 01mn AMs ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/9 ~ Mes Favoris (My Favorites) : 1/34 ~ Mes Documents (My Documents) : 2/4147 ~ Mon Bureau (My Desktop) : 1/4 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 16mn AMs ---\ Running Processes at system startup [MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.512] [MD5.38D514C7CB292F274FBD34B8AE0C2140] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe [1130504] [PID.2772] [MD5.E3F058D8721EA53BEAB9079A8FB53FD7] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672] [PID.2908] [MD5.B68A9FFF95D5305F598B28A75F7FBA4F] - (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [707104] [PID.3220] [MD5.EF533F9D1E4F51C783D4349A7C3F518F] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464] [PID.3520] [MD5.EAEB34D06AC35097031B0F11595012D7] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480] [PID.3560] [MD5.7D76D318991A81591BD8A0AE63A3907B] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320] [PID.3652] [MD5.4C4D8DE31E840EC339A43FA3C24BE611] - (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe [393320] [PID.3684] [MD5.B181B99000E2E00C391F93353C72ABA5] - (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\igfxext.exe [173080] [PID.3732] [MD5.132881D0B6A4091BF77E570AEC0809F2] - (.Insyde Software Corp. - Acer Updater for Android(TM).) -- C:\Program Files\Acer\Updater\iUpdate.exe [487016] [PID.3764] [MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.3784] [MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.3836] [MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.3876] [MD5.FDB2FB392B20797AF3F4ED9D7699938E] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.3916] [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3928] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3980] [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4004] [MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.4052] [MD5.659474582C6E060DBD8FFFF97DC892C5] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1561968] [PID.2372] [MD5.7E1C3FC7596B07986EA95602DFC68DBC] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [19875944] [PID.3208] [MD5.9CACBFFA01B0CB2CB36111E274ADF4D1] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3740] [MD5.131E6FE09470F057000B0CC01C14D8B7] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe [708608] [PID.3388] [MD5.ECCA7F72A24C7CF43131946C076689D1] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [846288] [PID.5564] [MD5.D00EA3CBEB3E81CD14BB7A9EA9396FD7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7851008] [PID.5464] ~ Processes Running: Scanned in 12mn AMs ---\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] https://www.msn.com/fr-fr/ G0 - GCSP: Preference [User Data\Default] https://www.msn.com/fr-fr/ ~ Google Browser: 14 Legitimates Filtered in 56mn AMs ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9roayojh.default\prefs.js ~ Firefox Browser: 15 Legitimates Filtered in 00mn AMs ---\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) ~ IE Browser: 10 Legitimates Filtered in 00mn AMs ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.offerbox.com =>PUP.OfferBox R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn AMs ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn AMs ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn AMs ~ Nombre de lignes (Lines number): 21 ---\ Internet Explorer toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>Toolbar.Avast O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key ~ Toolbar: Scanned in 00mn AMs ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKLM\..\Run: [EgisTecLiveUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iSyncData] . (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe O4 - HKLM\..\Run: [AndroidManager] . (.No owner - Acer Configuration Manager for Android(TM) lau.) -- C:\Program Files\Acer\Android Manager\AML.exe O4 - HKLM\..\Run: [iPatchData] . (.Insyde Software Corp. - Acer Updater for Android(TM).) -- C:\Program Files\Acer\Updater\iUpdate.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe O4 - HKCU\..\Run: [KiesAirMessage] . (.Samsung Electronics - No Comment.) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [KiesAirMessage] . (.Samsung Electronics - No Comment.) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe ~ Application: Scanned in 00mn AMs ---\ Other User Links (O4) O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Welcome Center.lnk . (.Acer Incorporated - Welcome Center.) -- C:\Program Files\Acer\Welcome Center\OEMWelcomeCenter.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorador de Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Reproductor de Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Samsung Kies (Lite).lnk . (...) -- C:\Program Files\Samsung\Kies\KiesAgent.exe O4 - GS\QuickLaunch: Samsung Kies.lnk . (...) -- C:\Program Files\Samsung\Kies\KiesAgent.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Editor de caracteres privados.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: Badoo.Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe O4 - GS\Desktop: Eusing Free Registry Cleaner.lnk . (...) -- C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe ~ Global Startup: Scanned in 02mn AMs ---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn AMs ---\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Proveedor de correcciones de compatibilidad (shim) de nomenclaturas de co.) -- C:\Windows\system32 apinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Proveedor de espacio de nombres PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Proveedor de espacio de nombres PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Proveedor de servicios de Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll ~ Winsock: 8 Legitimates Filtered in 00mn AMs ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA O17 - HKLM\System\CS1\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA O17 - HKLM\System\CS2\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn AMs ---\ Extra protocols (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn AMs ---\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn AMs ---\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: MyWinLocker Service (MWLService) . (.Egis Technology Inc. - MyWinLocker Service.) - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe O23 - Service: Updater Service (Updater Service) . (.Acer - Acer Update Service.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ~ Services: 9 Legitimates Filtered in 23mn AMs ---\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [{2618FF3F-07DD-42F6-9992-64FB3825BBB9}] (...) -- C:\Users\Usuario\Downloads\unetbootin-windows-584.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{6B0ADC77-7E47-4C2A-A960-BA589A9BC5B3}] (...) -- C:\Users\Usuario\Downloads\Nokia_PC_Suite_ALL.exe (.not file.) [0] ~ Scheduled Task: 20 Legitimates Filtered in 10mn AMs ---\ Contents of the Common Files folders (O43) O43 - CFD: 7/13/2013 - 10:41:01 AM - [4.699] ----D C:\Program Files\GUM76FB.tmp O43 - CFD: 4/1/2013 - 4:25:08 PM - [0.015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 4/10/2013 - 1:47:46 PM - [6.006] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo O43 - CFD: 4/10/2013 - 1:47:44 PM - [0.002] ----D C:\ProgramData\Yahoo! =>Toolbar.Yahoo O43 - CFD: 4/6/2013 - 11:33:38 PM - [0.090] ----D C:\Users\Usuario\AppData\Roaming\Yahoo! =>Toolbar.Yahoo O43 - CFD: 3/16/2013 - 1:15:28 PM - [0] ----D C:\Users\Usuario\AppData\Local\Archivos temporales de Internet O43 - CFD: 4/13/2013 - 4:18:21 PM - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner ~ Program Folder: 151 Legitimates Filtered in 50mn AMs ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.D1299DD26E46F8A2C7DF5CEABBA0E82F] - 8/20/2013 - 7:57:18 AM ---A- - C:\Windows\Prefetch\AML.EXE-E90B2549.pf O45 - LFCP:[MD5.080D94E61A5A3898929AEE0228912E3A] - 8/20/2013 - 7:57:25 AM ---A- - C:\Windows\Prefetch\ISYNC.EXE-99A72985.pf O45 - LFCP:[MD5.4DC530058879091F9035E1B904D2BD96] - 8/20/2013 - 7:57:38 AM ---A- - C:\Windows\Prefetch\ACERVCM.EXE-B08FF7BD.pf ~ Prefetcher: 84 Legitimates Filtered in 02mn AMs ---\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{0cdd4124-ba79-11e2-b9c0-806e6f6e6963}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn AMs ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn AMs ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 7/14/2009 - 2:26:15 AM ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 10:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn AMs ---\ Last modified or created user files (O61) O61 - LFC: 8/17/2013 - 8:49:19 PM ---A- C:\Users\Usuario\Downloads\Attachments_2013817.zip [7192095] O61 - LFC: 8/20/2013 - 10:43:08 PM ---A- C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Local State [40823] O61 - LFC: 8/20/2013 - 8:09:53 PM ---A- C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260789] ~ 8 Fichiers temporaires (Temporary files) ~ Files: 159 Legitimates Filtered in 51mn AMs ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn AMs ---\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn AMs ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn AMs ---\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=A285299509A549C698CB8C1DF7646608 O69 - SBI: SearchScopes [HKCU] {44F062C3-3C18-4812-BCE0-D3BEC5F88BD0} - (Google) - https://www.google.com/?gws_rd=ssl O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=A285299509A549C698CB8C1DF7646608 ~ Keys: Scanned in 00mn AMs ---\ Search Particular Root Folder (SPRF) (O84) [MD5.62B7C506B092D460898F3296DA94B728] [SPRF][7/18/2009] (.Oberon Media - FullRemove.) -- C:\ProgramData\FullRemove.exe [36136] [MD5.8897DA73D4C9038CD2AE37B86959CEE8] [SPRF][8/11/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\Usuario\AppData\Local\Temp\SkypeSetup.exe [31945832] [MD5.347644B235F2D5C0EF587B7910A7A6C7] [SPRF][7/10/2013] (...) -- C:\Users\Usuario\Desktop\advisorinstaller.exe [3215536] ~ Files: Scanned in 01mn AMs ---\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{A9F6DF8F-F01B-4156-8B5C-FB527CBCA8AC}" | In - Public - P6 - FALSE | .(.NHN Japan - LINE.) -- C:\Program Files\Naver\LINE\Line.exe O87 - FAEL: "{367BED5A-FCCC-419B-9CBE-B19537FF55F3}" | In - Public - P17 - FALSE | .(.NHN Japan - LINE.) -- C:\Program Files\Naver\LINE\Line.exe ~ Firewall: 167 Legitimates Filtered in 03mn AMs ---\ Product Upgrade Codes (PUC) (O90) O90 - PUC: "5E182325DD195F94D9585914847F95A6" . (.AndroidInstaller.) -- C:\Windows\Installer\{523281E5-91DD-49F5-9D85-954148F7596A}\ARPPRODUCTICON.exe ~ Update Products: 87 Legitimates Filtered in 00mn AMs ---\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.D24949E5C6EC59F7F8664A657066994D] [WIS][8/14/2009] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\1dd6c4.msi [28160] =>Toolbar.Google [MD5.C555B7BE179B1E472AE5E946BA5B3066] [WIS][8/14/2009] (.esobi Inc. - eSobi.) -- C:\Windows\Installer\1dd6de.msi [12495872] [MD5.30AA0099343BD8D9ECFAFBEE9C666EC3] [WIS][5/18/2013] (.Badoo - Badoo Desktop Installer.) -- C:\Windows\Installer\2eefc6c.msi [2301952] [MD5.7A66FD7DD6B32F60223485CFAD4A19B8] [WIS][7/12/2013] (.Google - Google Earth.) -- C:\Windows\Installer\509576f.msi [921600] [MD5.DF35689F44BE07AF19293BAEC2365822] [WIS][10/1/2009] (.Insyde - MSI Database.) -- C:\Windows\Installer\6786b.msi [618800] [MD5.CA85C5801D122DBC5B3EB6BA160EF921] [WIS][8/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\7eaf7.msi [21807104] ~ WIS: 90 Legitimates Filtered in 57mn AMs ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 6/12/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 5/9/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 8/6/2009 727584 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe SR - | Auto 6/4/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Registration\GregHSRW.exe SS - | Auto 3/19/2013 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 3/19/2013 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 3/19/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 6/5/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe SS - | Demand 4/10/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 8/6/2009 311592 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe SR - | Auto 7/10/2009 253952 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer VCM\RS_Service.exe SS - | Auto 6/21/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 7/4/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 06mn AMs ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Usuario at 8/20/2013 11:47:34 PM ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 04mn AMs ---\ Scan Additionnel (O88) Database Version : v2.12862 - (8/20/2013) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 3 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} =>Toolbar.Avast^ C:\Program Files\MyPC Backup =>PUP.MyPCBackup^ C:\Program Files\Yahoo! =>Toolbar.Yahoo^ C:\ProgramData\Yahoo! =>Toolbar.Yahoo^ C:\Users\Usuario\AppData\Roaming\Yahoo! =>Toolbar.Yahoo^ C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>Toolbar.Avast^ C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^ :\Windows\Installer\1dd6c4.msi =>Toolbar.Google^ ~ Additionnel Scan: 315771 Items scanned in 57mn AMs ---\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox ~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup ~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo ~ MSI: 4 link(s) detected in 57mn AMs ~ 1184 Legitimates filtered by white list End of the scan (483 lines in 14mn AMs)(0) please HELP :(

bcn101 · Answer

HELPPPPP PLEASEEEEE !!!!

Ambucias · Answer

Ola !

Sorry for the late response.  Do you still need help ?

Ambucias · Answer

No wonder it's slow but this time we will have this clean in a jiffy.

1. You have a programme called "My PC Backup" please remove it.  Every time you do something it takes your ressources to saveguard.

2. You have another application called OfferBox, it has a proxy override feature.

Launch ZHP fix and copy the following files:

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.offerbox.com =>PUP.OfferBox
O43 - CFD: 4/1/2013 - 4:25:08 PM - [0.015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^

Click on the clipboard button the on the GO button.

Close ZHP Fix

Restart your system and then everything should work normally

Ambucias · Answer

Launch ZHP Fix again, copy the following lines, paste with clipboard button and click on go.  (They are useless toolbars)

O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>Toolbar.Avast
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key    => Toolbar.Google
O43 - CFD: 4/10/2013 - 1:47:46 PM - [6.006] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 4/10/2013 - 1:47:44 PM - [0.002] ----D C:\ProgramData\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 4/6/2013 - 11:33:38 PM - [0.090] ----D C:\Users\Usuario\AppData\Roaming\Yahoo! =>Toolbar.Yahoo
[MD5.D24949E5C6EC59F7F8664A657066994D] [WIS][8/14/2009] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\1dd6c4.msi [28160] =>Toolbar.Google
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} =>Toolbar.Avast^
C:\Program Files\Yahoo! =>Toolbar.Yahoo^
C:\ProgramData\Yahoo! =>Toolbar.Yahoo^
C:\Users\Usuario\AppData\Roaming\Yahoo! =>Toolbar.Yahoo^
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>Toolbar.Avast^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
:\Windows\Installer\1dd6c4.msi =>Toolbar.Google^

Next, there is a possible usb virus

Here is a tool to remove the virus and vaccinate your USB against further viruses.


Download UsbFix (created by El Desaparecido) on your desktop. 

http://ccm.net/download/download-24089-usbfix

 If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus. 
 Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them. 
 Double click sur UsbFix.exe. 

 Click on deletion
. 
 Let the tool work. 

 At the end of the scan a report will show which you can copy and paste here.. 

 The report is save at the root ( C:\UsbFix.txt ).

bcn101 · Answer

hi ambu,

below is the log.... i dont have any usb...


############################## | UsbFix V 7.133 | [Supresión]

Usuario: Usuario (Administrador) # USUARIO-PC
Actualizado el 27/08/2013 por El Desaparecido
Comenzó a 20:22:24 | 29/08/2013

Sitio web: https://www.sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contacto: eldesaparecido@sosvirus.net

PC: Acer       (Aspire one      ) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N270   @ 1.60GHz (1600)
RAM -> [Total : 1014 | Free : 240]
BIOS: InsydeH2O Version V1.22
BOOT: Normal boot

OS: Microsoft Windows 7 Starter  (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disco fijo # 133 Gb (97 Mb libre(s) - 73%) [Acer] # NTFS
D:\ -> Disco fijo # 4 Gb (3 Mb libre(s) - 68%) [] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files\Launch Manager\LManager.exe
HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
HKLM\SOFTWARE | Run : [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
HKLM\SOFTWARE | Run : [EgisTecLiveUpdate] - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
HKLM\SOFTWARE | Run : [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [iSyncData] - C:\Program Files\Acer\Android Manager\iSync.exe
HKLM\SOFTWARE | Run : [AndroidManager] - C:\Program Files\Acer\Android Manager\AML.exe
HKLM\SOFTWARE | Run : [iPatchData] - C:\Program Files\Acer\Updater\iUpdate.exe
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3095367477-2772566876-4048981669-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://support.microsoft.com/en-us/windows/install-windows-7-service-pack-1-sp1-b3da2c0f-cdb6-0572-8596-bab972897f61" /build:7601

################## | Procesos Parados |

Parado! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1428)
Parado! C:\Windows\Explorer.EXE (1508)
Parado! C:\Windows\System32\spoolsv.exe (1672)
Parado! C:\Windows\system32	askhost.exe (1692)
Parado! C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (1728)
Parado! C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (448)
Parado! C:\Program Files\Acer\Registration\GregHSRW.exe (484)
Parado! C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (872)
Parado! C:\Program Files\Acer\Acer VCM\RS_Service.exe (1328)
Parado! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (1112)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1992)
Parado! C:\Program Files\Google\Chrome\Application\chrome.exe (1100)
Parado! C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (1136)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2192)
Parado! C:\Windows\system32\SearchIndexer.exe (2352)
Parado! C:\Program Files\Google\Chrome\Application\chrome.exe (2716)
Parado! C:\Program Files\Launch Manager\LManager.exe (2976)
Parado! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (2988)
Parado! C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (3008)
Parado! C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (3028)
Parado! C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (3040)
Parado! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3056)
Parado! C:\Program Files\Acer\Android Manager\iSync.exe (3064)
Parado! C:\Program Files\Acer\Updater\iUpdate.exe (3084)
Parado! C:\Windows\System32\igfxtray.exe (3124)
Parado! C:\Windows\System32\hkcmd.exe (3224)
Parado! C:\Windows\System32\igfxpers.exe (3248)
Parado! C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (3284)
Parado! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3312)
Parado! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3328)
Parado! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3344)
Parado! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3372)
Parado! C:\Program Files\Samsung\Kies\Kies.exe (3408)
Parado! C:\Program Files\Skype\Phone\Skype.exe (3456)
Parado! C:\Program Files\Acer\Acer VCM\AcerVCM.exe (3480)
Parado! C:\Windows\system32\igfxsrvc.exe (3656)
Parado! C:\Windows\system32\igfxext.exe (3692)
Parado! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (4044)
Parado! C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (4876)
Parado! C:\Windows\system32	askeng.exe (3048)
Parado! C:\Windows\system32	askeng.exe (3188)

################## | Archivos # Carpetas infectadas |

Suprimido ! C:\ProgramData\FullRemove.exe
Suprimido ! C:\Program Files\GUM76FB.tmp
Suprimido ! C:\Program Files\GUT774A.tmp
Suprimido ! C:\Windows\system32\update.exe

(!) Archivos temporales suprimido.

################## | Registro |


################## | Mountpoints2 |

Suprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0cdd4124-ba79-11e2-b9c0-806e6f6e6963}

################## | Listing |

[16/03/2013 - 13:18:23 | SHD ] 	C:\$Recycle.Bin
[11/04/2013 - 23:53:10 | N | 6155] 	C:\AdwCleaner[S1].txt
[12/08/2013 - 22:54:23 | N | 2574] 	C:\AdwCleaner[S2].txt
[16/03/2013 - 13:15:11 | D ] 	C:\Archivos de programa
[10/06/2009 - 23:42:20 | N | 24] 	C:\autoexec.bat
[16/03/2013 - 13:19:38 | D ] 	C:\book
[14/08/2009 - 11:25:33 | N | 8192] 	C:\BOOTSECT.BAK
[15/08/2013 - 03:53:04 | D ] 	C:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] 	C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] 	C:\Documents and Settings
[29/08/2013 - 20:05:18 | ASH | 797396992] 	C:\hiberfil.sys
[14/08/2009 - 10:34:55 | D ] 	C:\Intel
[14/08/2009 - 10:54:35 | RHD ] 	C:\MSOCache
[17/04/2013 - 11:36:20 | D ] 	C:\OEM
[29/08/2013 - 20:05:17 | ASH | 1073741824] 	C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] 	C:\PerfLogs
[20/08/2013 - 23:47:35 | N | 512] 	C:\PhysicalDisk0_MBR.bin
[29/08/2013 - 20:26:47 | D ] 	C:\Program Files
[29/08/2013 - 20:26:41 | HD ] 	C:\ProgramData
[16/03/2013 - 13:15:11 | SHD ] 	C:\Recovery
[14/08/2009 - 10:44:36 | N | 1937] 	C:\RHDSetup.log
[24/08/2013 - 13:54:50 | SHD ] 	C:\System Volume Information
[29/08/2013 - 20:26:49 | D ] 	C:\UsbFix
[29/08/2013 - 20:27:45 | A | 8223] 	C:\UsbFix [Clean 1] USUARIO-PC.txt
[16/03/2013 - 13:15:27 | D ] 	C:\Users
[24/08/2013 - 23:43:41 | D ] 	C:\Windows
[28/08/2013 - 23:33:12 | D ] 	C:\ZHP
[15/04/2013 - 23:10:50 | N | 201327275] 	D:\var.img
[15/04/2013 - 23:11:02 | N | 138412983] 	D:\q2l.img
[15/04/2013 - 23:10:50 | N | 1048576000] 	D:\firefox.img
[15/04/2013 - 23:10:50 | D ] 	D:\Downloads
[15/04/2013 - 23:12:04 | D ] 	D:\picture
[15/04/2013 - 23:11:02 | D ] 	D:\android
[16/03/2013 - 13:18:08 | SHD ] 	D:\$RECYCLE.BIN

################## | Vaccin |

C:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
D:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ |

Ambucias · Answer

Hi,

The problem should now be solved as USB Fix deleted the following virused files:

C:\ProgramData\FullRemove.exe
C:\Program Files\GUM76FB.tmp
C:\Program Files\GUT774A.tmp
C:\Windows\system32\update.exe

Suprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0cdd4124-ba79-11e2-b9c0-806e6f6e6963}

bcn101 · Answer

ok then.. thank you very much ambu :)

SLOW notebook, possible virus

7 responses

Similar discussions

Subscribe To Our Newsletter!