Netbook is relatively slow

Solved/Closed
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014 - Dec 4, 2013 at 03:15 PM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Feb 2, 2014 at 08:58 AM
Hello,






My netbook is very slow, perhaps it acquired some virus again. Also when I play a video it always lag followed by a squeeky noise. Please somebody help me. :(

34 responses

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 17, 2014 at 02:54 AM
Hello,

Can you try in safe mode with networking please ? https://ccm.net/faq/223-how-to-start-windows-computer-in-safe-mode

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 17, 2014 at 03:48 PM
Hi Gab,

I'm in safe mode with networking now, I tried playing vids but seems that the audio has been muted (the computer). I tried turning it on but it says, sysmtem has not been configured and I don't know why.

Also, the vid in youtube is still a bit slow though it becomes normal a bit later.

:(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 18, 2014 at 06:18 PM
Hi,

OK.

See if your drivers are up to date with this software : https://ccm.net/download/download-23676-driver-turbo

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 19, 2014 at 05:13 AM
Hi i have run Driver turbo. When I tried to download the out dated drivers it asked me to register, is this for pay?

Thanks Gab :)
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 19, 2014 at 07:21 AM
Hi,

And what it asks when you have to register ?

But maybe we can find the drivers without the software, if you have the names.

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 19, 2014 at 09:34 AM
Hi Gab,

i have written down the results:


It says out of date drivers are the following:

atheros ar5b95 wireless network adapter
atheros ar8132 pci- e fast ethernet controller (ndis 6.20)
realtek high definition audio

system devices: In spanish

Controladora de interfaz lpc intel 82801 1gbm
puerto raiz pci express de intel 82801G (familia ich7) 4 mssgs like this appeared
controladora smbus de intel 82801G (familia ich7)

universal serial bus controllers:

controlador de host universal usb intel 81801G (4 mssgs like this appeared)

controlador de host mejorado usb2 intel 81801G


and others are not really significant because those are unplugged devices and my phone.





Thanks :)
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 19, 2014 at 09:48 AM
Hi,

OK.
For the first, here are drivers : http://www.atheros.cz/atheros-wireless-download.php?chipset=30&system=6
For the second : http://www.atheros.cz/atheros-wireless-download.php?chipset=49&system=6
And for the last : http://www.realtek.com.tw/downloads/downloadsCheck.aspx?Langid=1&PNid=14&PFid=24&Level=4&Conn=3&DownTypeID=3&GetDown=false

Create a restore point before install the drivers : http://ccm.net/faq/10640-windows-7-create-a-system-restore-point

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 19, 2014 at 11:20 AM
Hi Gab,

i don't know if I have done it correctly but i have downloaded the first two except the last one. When I tried to download realtek it onlyu gives me a white page saying : object moved HERE, I clicked the word HERE (for it is clickable) and it returned me to the previous page which is the download page of realtek .

http://www.realtek.com.tw/downloads/downloadsCheck.aspx?Langid=1&PNid=14&PFid=24&Level=4&Conn=3&DownTypeID=3&GetDown=false


and for the first two, I have extracted it but nothing happen, it didn't give me a box saying RUN or something. :(
0

Didn't find the answer you are looking for?

Ask a question
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 19, 2014 at 12:02 PM
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 19, 2014 at 12:56 PM
Hi, I have figured it out and was able to download it with the first link that you sent me. The problem was, when I run it, it says that no configuration or system could support such file :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 19, 2014 at 12:58 PM
Hi,

Never mind.
Videos are always slow ?

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 19, 2014 at 01:26 PM
always... sometimes the picture appears (well most of the time) with no sounds and after a few seconds the sounds will follow. Also in some other sites videos are like in slow motion, it really irritates me and it stopped, lags and the squeeking noise will follow.

Am I hopeless? :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 19, 2014 at 01:52 PM
Try to create a new session to test, then tell me if it's the same.

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 19, 2014 at 06:00 PM
What do you mean?
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 20, 2014 at 12:59 AM
Hi,

Sometimes, when you create a new session (new user) on your computer, some bugs disapears.
So, i want you try that to see if it's the same or not with a new session.

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 22, 2014 at 07:21 PM
Hi Gab,

Unfortunately it didn't change anything. 8it's just weird cause I've installed a new flash player (12) like three times already and yesterday and today a dialogue box appeared saying that I need to install the latest version of flash player, I've checked it and my flash player is updated. Am I really hopeless here?
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 24, 2014 at 03:05 AM
Hi,

Okay, it's strange...

Make a new report ZHPDiag to see for Flash Player.

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 24, 2014 at 07:23 PM
Hi Gab,

Here's the log :

~ Report of ZHPDiag v2014.1.24.22 - Nicolas Coolman (1/24/2014)
~ Launched by Usuario (1/24/2014 11:45:37 PM)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v32.0.1700.76 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v8.0.1504.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ System optimization software
CCleaner v4.08 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader 9.1 MUI
Java 7 Update 45

---\\ Information on the system
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013.9 MB (30% free)
System Restore: Activé (Enable)
System drive C: has 89 GB (67%) free of 133 GB

---\\ Connection to the system mode
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Invitado, Administrador,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 89 Go of 133 Go)
D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 4 Go)



---\\ State of the Windows Security Center
~ Security Center: 47 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorador de Windows.) (.2/25/2011 - 6:30:54 AM.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicación de inicio de Windows.) (.7/14/2009 - 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensiones de Internet para Win32.) (.11/26/2013 - 7:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicación de inicio de sesión de Windows.) (.11/20/2010 - 1:17:54 PM.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de licencias de software.) (.11/20/2010 - 1:21:24 PM.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 1:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 2:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 12:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:10 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:29 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Controlador de puerto de i8042.) (.7/14/2009 - 12:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 12:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 3:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:44 AM.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Controlador del sistema de archivos NTFS.) (.4/12/2013 - 2:45:29 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Controlador de puerto paralelo.) (.7/14/2009 - 12:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 12:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 12:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:17 AM.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Controlador de instantánea de volumen.) (.11/20/2010 - 1:30:16 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 01mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/12
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 2/5554
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 24mn AMs



---\\ Process running
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1768]
[MD5.4C4D8DE31E840EC339A43FA3C24BE611] - (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe [393320] [PID.2488]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2584]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2612]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2660]
[MD5.043D3570D9177818FE3B57C6228AA5A9] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2680]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2720]
[MD5.23DA60B2978D0C9779F2DB8A929D0C72] - (.Spigot, Inc. - Search Protection.) -- C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe [838984] [PID.2728] =>PUP.Dealio
[MD5.131E6FE09470F057000B0CC01C14D8B7] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe [708608] [PID.2792]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866584] [PID.776]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.3260]
[MD5.8B60C338C7919351E53375447FC68507] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.6100]
~ Processes Running: Scanned in 06mn AMs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 10 Legitimates Filtered in 49mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9roayojh.default\prefs.js
M3 - MFPP: Plugins - [Usuario] -- C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9roayojh.default\searchplugins\yahoo_ff.xml
~ Firefox Browser: 12 Legitimates Filtered in 01mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Acer Accessorios.lnk . (...) -- C:\Program Files\Acer Accessory Store\StartUrl.exe
O4 - GS\Desktop [Public]: Acer Configuration Manager for Android(TM).lnk . (.Macrovision Corporation - InstallShield.) -- C:\Windows\Installer\{523281E5-91DD-49F5-9D85-954148F7596A}\AndroidManager.exe_EDE5AF10CF5B4DA1B61C039E5CAD3FA5.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: LINE.lnk . (.NHN Japan - LINE.) -- C:\Program Files\Naver\LINE\Line.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: MyDefrag.lnk . (.J.C. Kessels - MyDefrag Script Interpreter.) -- C:\Program Files\MyDefrag v4.2.3\MyDefrag.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Usuario]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Usuario]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Usuario]: Viber.lnk . (...) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [Usuario]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Usuario]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Usuario]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Usuario]: Viber.lnk . (...) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
O4 - GS\Program [Usuario]: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - GS\Program [Usuario]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Usuario]: Viber.lnk . (...) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [Usuario]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Usuario]: Badoo.Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - GS\Desktop [Usuario]: Viber.lnk . (...) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
O4 - GS\Desktop [Usuario]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Invitado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Invitado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Invitado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Invitado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Invitado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 88 Legitimates Filtered in 07mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Acer VCM.lnk . (.Acer Incorporated - Acer VCM.) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
O4 - HKLM\..\Run: [iSyncData] . (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe
O4 - HKLM\..\Run: [AndroidManager] . (.No owner - Acer Configuration Manager for Android(TM) lau.) -- C:\Program Files\Acer\Android Manager\AML.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKCU\..\Run: [SearchProtection] . (.Spigot, Inc. - Search Protection.) -- C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe =>PUP.Dealio
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [SearchProtection] . (.Spigot, Inc. - Search Protection.) -- C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe =>PUP.Dealio
~ Application: Scanned in 00mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (.not file.)
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Final Media Player Update Checker.job [390]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FoxTab.job [296]
[MD5.161E9CDA1F25886525B6AFCC7BE518F5] [APT] [FoxTab] (...) -- C:\Users\Usuario\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.exe [112128]
[MD5.00000000000000000000000000000000] [APT] [{2618FF3F-07DD-42F6-9992-64FB3825BBB9}] (...) -- C:\Users\Usuario\Downloads\unetbootin-windows-584.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6B0ADC77-7E47-4C2A-A960-BA589A9BC5B3}] (...) -- C:\Users\Usuario\Downloads\Nokia_PC_Suite_ALL.exe (.not file.) [0]
~ Scheduled Task: 31 Legitimates Filtered in 17mn AMs



---\\ Software installed (O42)
O42 - Logiciel: Foxtab - (.FoxTab.) [HKLM] -- foxtab
~ Logic: 14 Legitimates Filtered in 06mn AMs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Goobzo]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\foxtab]
[HKLM\Software\DCE]
[HKLM\Software\Goobzo]
[HKLM\Software\InstallCore] =>Adware.InstallCore
~ Key Software: 210 Legitimates Filtered in 06mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 1/5/2014 - 10:23:01 PM - [0.865] ----D C:\Program Files\Foxtab
O43 - CFD: 10/12/2013 - 4:19:17 PM - [48.475] ----D C:\Program Files\GUM30F3.tmp
O43 - CFD: 12/24/2013 - 1:58:48 PM - [0.018] ----D C:\Program Files\ShopperPro
O43 - CFD: 1/19/2014 - 4:38:41 PM - [0.107] ----D C:\Users\Usuario\AppData\Roaming\FoxTab
O43 - CFD: 3/16/2013 - 12:15:28 PM - [0] -SH-D C:\Users\Usuario\AppData\Local\Archivos temporales de Internet
O43 - CFD: 12/28/2013 - 1:12:56 PM - [0] ----D C:\Users\Usuario\AppData\Local\Installer
O43 - CFD: 4/13/2013 - 3:18:21 PM - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
~ Program Folder: 167 Legitimates Filtered in 11mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.BC518089A945CBCB0E4018758BEBC4B6] - 1/10/2014 - 10:58:27 PM ---A- . (...) -- C:\Windows\System32\MyDefragScreenSaver.scr [93184]
~ Files: 21 Legitimates Filtered in 57mn AMs



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Viber [Key] . (.No owner - Viber.) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
~ SMSR Keys: 16 Legitimates Filtered in 00mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.496A5695B8351CA74011FF96D46FD21B] - 12/19/2013 - 2:11:30 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49376]
O58 - SDL:[MD5.FAF091AA45A6A6CF3CF94FE065950956] - 6/27/2013 - 11:46:29 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.3FFBEE694566CADB0A64D8A1ACD7DBCE] - 6/27/2013 - 11:46:29 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.BBCB563599904F68D66D0BE4D8BDD639] - 12/19/2013 - 2:11:32 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [175176]
O58 - SDL:[MD5.22EA82FFE8CA4965C1994F24C35DC202] - 6/27/2013 - 11:46:29 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 2:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/13/2009 - 11:54:14 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.EDF7F8387C2072205ABCF105F14B13B4] - 10/28/2013 - 1:12:12 AM ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [87064]
O58 - SDL:[MD5.24F5F92263E3B461A1105FE370D53D1C] - 10/28/2013 - 1:12:12 AM ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 2:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 10:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 10:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 10:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 10:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 10:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 10:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 10:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 10:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 10:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 10:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 10:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 10:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 10:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 10:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 10:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 06mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=636E85BA310741769F6F7203285A1529
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=A285299509A549C698CB8C1DF7646608
O69 - SBI: SearchScopes [HKCU] {44F062C3-3C18-4812-BCE0-D3BEC5F88BD0} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=A285299509A549C698CB8C1DF7646608
O69 - SBI: SearchScopes [HKCU] {6AE0852C-D008-4F77-88FC-8E03231E7F93} [DefaultScope] - (Yahoo) - https://es.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {B3103817-5053-4237-AC10-BB08FA69AF0E} - (Yahoo! Search) - https://es.search.yahoo.com/
~ Keys: Scanned in 00mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.5EA2896E382EE2F6FA6EFA29C5739B72] [SPRF][1/21/2014] (...) -- C:\Users\Usuario\AppData\Local\Temp\uttE601.tmp.exe [378912]
[MD5.347644B235F2D5C0EF587B7910A7A6C7] [SPRF][7/10/2013] (...) -- C:\Users\Usuario\Desktop\advisorinstaller.exe [3215536]
~ Files: 2 Legitimates Filtered in 00mn AMs



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "5E182325DD195F94D9585914847F95A6" . (.AndroidInstaller.) -- C:\Windows\Installer\{523281E5-91DD-49F5-9D85-954148F7596A}\ARPPRODUCTICON.exe
~ Update Products: 85 Legitimates Filtered in 00mn AMs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.D86E644F526BE0C225756B44F0A40AD9] [WIS][12/5/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\54dd73.msi [24997888]
[MD5.DF35689F44BE07AF19293BAEC2365822] [WIS][10/1/2009] (.Insyde - MSI Database.) -- C:\Windows\Installer\6786b.msi [618800]
~ WIS: 88 Legitimates Filtered in 35mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 7/10/1658 0 | (ACDaemon) . (...) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 1/21/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 3/19/2013 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 3/19/2013 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 3/19/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 1/9/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 12/19/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 8/6/2009 727584 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 6/4/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Registration\GregHSRW.exe
SR - | Auto 6/5/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 8/6/2009 311592 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
SR - | Auto 7/10/2009 253952 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer VCM\RS_Service.exe
SR - | Auto 7/4/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 39mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13027 - (1/24/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SearchProtection =>PUP.Dealio^
C:\Users\Usuario\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe =>PUP.Dealio^
~ Additionnel Scan: 319343 Items scanned in 09mn AMs



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26967630-adware-installpedia =>Adware.InstallPedia
~ MSI: 3 link(s) detected in 10mn AMs



~ 1004 Legitimates filtered by white list
End of the scan (455 lines in 38mn AMs)(0)



Thanks!!! :p
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 25, 2014 at 07:14 AM
Hi,

OK.

1. Close all applications

2. Select and copy all of the following bold lines.
----------------------------------------------------------------------------------
Script ZHPFix
[MD5.23DA60B2978D0C9779F2DB8A929D0C72] - (.Spigot, Inc. - Search Protection.) -- C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe [838984] [PID.2728] =>PUP.Dealio
O4 - HKCU\..\Run: [SearchProtection] . (.Spigot, Inc. - Search Protection.) -- C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe =>PUP.Dealio
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [SearchProtection] . (.Spigot, Inc. - Search Protection.) -- C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe =>PUP.Dealio
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SearchProtection =>PUP.Dealio^
C:\Users\Usuario\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe =>PUP.Dealio^
[MD5.00000000000000000000000000000000] [APT] [{2618FF3F-07DD-42F6-9992-64FB3825BBB9}] (...) -- C:\Users\Usuario\Downloads\unetbootin-windows-584.exe (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{6B0ADC77-7E47-4C2A-A960-BA589A9BC5B3}] (...) -- C:\Users\Usuario\Downloads\Nokia_PC_Suite_ALL.exe (.not file.) [0] => Fichier absent
O43 - CFD: 3/16/2013 - 12:15:28 PM - [0] -SH-D C:\Users\Usuario\AppData\Local\Archivos temporales de Internet => Empty Folder not necessary
O43 - CFD: 12/28/2013 - 1:12:56 PM - [0] ----D C:\Users\Usuario\AppData\Local\Installer => Empty Folder not necessary
[MD5.5EA2896E382EE2F6FA6EFA29C5739B72] [SPRF][1/21/2014] (...) -- C:\Users\Usuario\AppData\Local\Temp\uttE601.tmp.exe [378912] => Temporary file not necessary
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^


3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 25, 2014 at 10:58 AM
it's not accepting the script that you sent me :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 25, 2014 at 11:06 AM
Try with the script which is in this link : https://dl.dropboxusercontent.com/u/32869654/Pour%20bcn101.txt

Do Ctrl + A / Ctrl + C when you are in the link.

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 25, 2014 at 03:26 PM
hi....


please the result :

Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/2014
Fichier d'export Registre :
Run by Usuario at 1/25/2014 5:13:33 PM
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (34mn AMs)

========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Users\Usuario\AppData\Roaming\Search Protection\SearchProtection.exe
REMOVES: Memory Process: C:\Users\Usuario\AppData\Local\Temp\uttE601.tmp.exe

========== Registry keys ==========
REMOVES: HKCU\Software\InstallCore
REMOVES: HKLM\Software\InstallCore
REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]

========== Registry values ==========
REMOVES RunValue: SearchProtection
REMOVES: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
REMOVES: c:\users\usuario\appdata\roaming\search protection\searchprotection.exe
Deletes temporary Windows (66) (36,751,844 octets)
REMOVES Flash Cookies (0) (0 octets)

========== Scheduled task ==========
REMOVES: {2618FF3F-07DD-42F6-9992-64FB3825BBB9}
REMOVES: {6B0ADC77-7E47-4C2A-A960-BA589A9BC5B3}

========== System restore ==========
The system successfully created restore point


========== Summary ==========
2 : Process memory
3 : Registry keys
2 : Registry values
1 : Folders
3 : Files
2 : Scheduled task
1 : System restore


End of clean in 05mn AMs

========== Path to file report ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 1/25/2014 6:47:07 PM [1549]


Video is still not working well.. even worst now. my computer is kept on saying install the latest version of flash player and i really did, and I checked it and it is updated. video and sounds doesnt synchronized. help :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 25, 2014 at 04:53 PM
Hi,

Mmmmm...

Can you make a new report ZHPDiag with the rightmost magnifying glass "diagnosis with legitimates" ?

- To transmit the report, click on this link :

https://authentification.site

- Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

- Select the file ZHPDiag.txt.

- Click on "upload »

- Copy the URL and post it here.

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 25, 2014 at 07:00 PM
Hi Gab, please see the log :

http://speedy.sh/8MBHJ/ZHPDiag.txt
[code]http://speedy.sh/8MBHJ/ZHPDiag.txt/code
<a href="http://speedy.sh/8MBHJ/ZHPDiag.txt">Download at SpeedyShare</a>

I tried diagnosing it like thrice cause it always freezes and stopped. Also, the blue screen of death appeared and had my computer turned off. Watching videos is getting worst everyday. Lots of freezing, squeeking and sometimes there would bge no sounds. :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 26, 2014 at 12:06 PM
Hi,

Uninstall the software Search Protection.

After, I don't see what's the problem. You can open a new topic in internet : https://ccm.net/forum/internet-social-networks-27
Maybe someone have another solutions.

Sorry, and good luck.

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 26, 2014 at 12:53 PM
Hi, I have uninstalled it, what's next?
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 26, 2014 at 01:53 PM
Open a new topic in internet, because i don't know what try now...

Gabriel.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 26, 2014 at 01:58 PM
Oh great gabriel.... THANKS!
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 27, 2014 at 12:10 AM
I follow the other topic... :)
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 31, 2014 at 08:50 PM
Excuse me why did you mark this as SOLVED? I can prove that your theory is wrong. I just finished running a speed test again and here's the result.

ping 76 ms
download speed 14.72
upload speed 12.32


Do you usually mark topics as SOLVED even if it is not solved yet? Ambucias, i have consulted you about this before and you even ignored it cause you can't solve it, the video and this annoying squeeking sound. I don't mean to be rude but if you don't want to help me, just ignore it then like what you did before and perhaps there would be another individual who is willing to help.

Thanks. AND THIS TOPIC IS NOT YET SOLVED!
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Feb 1, 2014 at 05:00 PM
bcn101

The virus issue of this topic is solved. As 2011N2 suggested, the other portion should be subject of another topic. Don't worry I will not help you anymore even if I can since that's what you wish.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Feb 2, 2014 at 08:40 AM
I did open another topic and you suddenly appeared. You closed this case even if it is not yours. This is not solved yet, if Gabriel was the one who closed it it's fine. But you don't have the right to. I am not asking for your help, if you don't want to help me then fine, don't help me.
0