Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Downloading [Closed]


  • This topic is locked This topic is locked

#1
LittleGeeky

LittleGeeky

    New Member

  • Member
  • Pip
  • 3 posts
Hello,
I have an HP computer and I use Google Chrome. Every time I download something on Chrome it will tell me that it is scanning for viruses and that it IS a virus then it will delete the download? It does the same thing with Internet explorer. I have Windows 7 and I also have AVG free but it doesent detect anything. Any ideas?

Thanks in advance! :happy:
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Do you have another PC with a flash drive we can use to transfer files? If so, do the following steps on that computer:


Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the desktop of your machine.

  • Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
  • At the configuration screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
  • Insert the USB Drive in your machine...it will be automatically vaccinated(as will any USB drives connected in the future).
Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advise would be to keep it installed.

Now, using the clean computer, please download Farbar Recovery Scan Tool. Please get the correct version for the infected computer. It will probably be the 64-bit version.

Now, plug the drive into the infected computer, and run the following scan:


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#3
LittleGeeky

LittleGeeky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you, Buddierdl I will try this today and get back to you tonight. :happy:
  • 0

#4
LittleGeeky

LittleGeeky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013
Ran by Alexandre (administrator) on ALEXANDRE-PC on 23-10-2013 11:39:52
Running from H:\
Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(215 Apps) C:\program files\shopping sidekick plugin\shopping sidekick plugin-bg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1996072 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2404376 2013-10-03] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SMART Floating Tools] - C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe [9221424 2013-08-22] (SMART Technologies ULC)
HKLM\...\Run: [SMARTNotification] - C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe [208688 2013-08-22] (SMART Technologies)
HKLM\...\Run: [SMART Tray Tools] - C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe [754992 2013-08-22] (SMART Technologies)
HKLM\...\Run: [SMART Board Service] - C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [1937200 2013-08-22] (SMART Technologies)
HKLM\...\Run: [sbsdk-server] - C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
HKLM\...\Run: [SMART Ink] - C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [147248 2013-08-22] (SMART Technologies)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [Nike+ Connect] - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-05-03] (Nike)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$476a158ce88ebc9f21156146218442f3\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKCU\...\Run: [Badoo Desktop] - C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
HKCU\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1903611777-2060121337-27779211-1000\$476a158ce88ebc9f21156146218442f3\n. ATTENTION! ====> ZeroAccess/Alureon?
MountPoints2: {2aa1c59c-1a0c-11e1-a871-60eb690e1854} - H:\laucher.exe
MountPoints2: {bedb7646-d1cb-11e2-91bf-60eb690e1854} - H:\DVAP.exe
BootExecute: autocheck autochk * aswBoot.exe /M:b6a66beb3

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/de...fr-ca&OCID=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4AFD9CBDFB65CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-CA
URLSearchHook: (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File
URLSearchHook: (No Name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No File
SearchScopes: HKCU - DefaultScope {8A244612-A1F7-11E0-95C0-E71F4824019B} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...fr&d=2012-09-07 22:50:11&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Shopping Sidekick Plugin - {11111111-1111-1111-1111-110211181102} - C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (215 Apps)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {F9BBF004-6E40-4019-8214-C43A37E1D058} - No File
Toolbar: HKCU - No Name - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.23.2.34 172.23.2.37

Chrome:
=======
CHR RestoreOnStartup: "hxxp://badoo.com/startpage/"
CHR DefaultSearchURL: (Search) - http://badoo.com/sta...q={searchTerms}
CHR DefaultSuggestURL: (Search) - "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Shopping Sidekick Plugin) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0
CHR Extension: (Skype Click to Call) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\Alexandre\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx
CHR HKLM\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Alexandre\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Alexandre\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [paoponfhfdfnjgddpnpjkambkcgdaaib] - C:\Users\Alexandre\AppData\Local\CRE\paoponfhfdfnjgddpnpjkambkcgdaaib.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-10-12] (Flexera Software LLC)
R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [539952 2013-08-22] (SMART Technologies)
R2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-03] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-03] (AVG Technologies)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 HabuFltr; C:\Windows\System32\drivers\habu.sys [23552 2006-08-14] (Razer (Asia-Pacific) Pte Ltd)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-08-12] (SMART Technologies)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-08-12] (SMART Technologies)
S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-08-12] (SMART Technologies ULC)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 11:39 - 2013-10-23 11:39 - 00000000 ____D C:\FRST
2013-10-23 08:44 - 2013-10-23 08:44 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-23 08:44 - 2013-10-23 08:44 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-23 08:43 - 2013-10-23 08:42 - 00848856 _____ (Panda Security ) C:\Users\Alexandre\Desktop\USBVaccineSetup.exe
2013-10-22 12:28 - 2013-10-22 12:28 - 00000000 ____D C:\ProgramData\Nike
2013-10-22 12:28 - 2013-10-22 12:28 - 00000000 ____D C:\Program Files\Nike
2013-10-12 17:21 - 2013-10-12 17:21 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-12 17:20 - 2013-10-12 17:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-12 17:20 - 2013-10-12 17:21 - 00000000 ____D C:\Program Files\iTunes
2013-10-12 17:20 - 2013-10-12 17:20 - 00000000 ____D C:\Program Files\iPod
2013-10-12 12:09 - 2013-10-12 12:09 - 00001166 _____ C:\Users\Public\Desktop\SMART Notebook 11.lnk
2013-10-12 12:09 - 2010-07-12 16:40 - 00033680 _____ (SMART Technologies ULC) C:\Windows\system32\smrtlocalmon.dll
2013-10-12 12:09 - 2010-07-12 16:40 - 00023848 _____ (SMART Technologies Inc.) C:\Windows\system32\smrtlocalui.dll
2013-10-12 12:08 - 2013-10-12 12:08 - 00000000 ____D C:\Program Files\National Instruments
2013-10-12 12:04 - 2013-10-12 12:04 - 00001124 _____ C:\Users\Public\Desktop\Visionneuse de document SMART Ink.lnk
2013-10-12 12:02 - 2003-02-14 19:14 - 00110592 _____ (TechSmith Corporation) C:\Windows\system32\tsccvid.dll
2013-09-27 13:39 - 2013-09-27 13:39 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\AVG2014
2013-09-27 13:36 - 2013-10-11 14:34 - 00000949 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-27 13:34 - 2013-09-27 13:38 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 13:28 - 2013-10-14 09:40 - 00000000 ____D C:\Users\Alexandre\AppData\Local\Avg2014
2013-09-25 20:57 - 2013-09-25 20:57 - 00120632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys

==================== One Month Modified Files and Folders =======

2013-10-23 11:39 - 2013-10-23 11:39 - 00000000 ____D C:\FRST
2013-10-23 11:34 - 2011-10-30 23:46 - 01910459 _____ C:\Windows\WindowsUpdate.log
2013-10-23 11:30 - 2012-06-26 11:07 - 00000000 ____D C:\Users\Alexandre\AppData\Local\Deployment
2013-10-23 11:29 - 2013-07-17 20:42 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-23 11:29 - 2012-04-20 18:31 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-23 08:54 - 2012-09-07 22:47 - 00000000 ____D C:\ProgramData\MFAData
2013-10-23 08:49 - 2013-07-17 20:42 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-23 08:49 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 08:49 - 2009-07-14 00:39 - 00079443 _____ C:\Windows\setupact.log
2013-10-23 08:44 - 2013-10-23 08:44 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-23 08:44 - 2013-10-23 08:44 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-23 08:42 - 2013-10-23 08:43 - 00848856 _____ (Panda Security ) C:\Users\Alexandre\Desktop\USBVaccineSetup.exe
2013-10-23 08:36 - 2011-10-31 00:30 - 01557240 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-23 08:35 - 2009-07-14 00:34 - 00010128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 08:35 - 2009-07-14 00:34 - 00010128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 12:28 - 2013-10-22 12:28 - 00000000 ____D C:\ProgramData\Nike
2013-10-22 12:28 - 2013-10-22 12:28 - 00000000 ____D C:\Program Files\Nike
2013-10-16 09:09 - 2013-07-17 20:43 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-14 09:40 - 2013-09-27 13:28 - 00000000 ____D C:\Users\Alexandre\AppData\Local\Avg2014
2013-10-14 09:01 - 2011-10-31 17:46 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\SMART Technologies
2013-10-12 21:40 - 2012-12-24 16:13 - 00000000 ____D C:\Users\Alexandre\AppData\Local\65926B58-606C-46C2-B23A-564554BDAAD2.aplzod
2013-10-12 17:27 - 2009-07-14 00:33 - 00423608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 17:26 - 2011-10-30 22:59 - 00042154 _____ C:\Windows\PFRO.log
2013-10-12 17:21 - 2013-10-12 17:21 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-12 17:21 - 2013-10-12 17:20 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-12 17:21 - 2013-10-12 17:20 - 00000000 ____D C:\Program Files\iTunes
2013-10-12 17:20 - 2013-10-12 17:20 - 00000000 ____D C:\Program Files\iPod
2013-10-12 17:20 - 2011-11-01 00:02 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-12 17:15 - 2011-11-01 00:03 - 00000000 ____D C:\Users\Alexandre\AppData\Local\Apple
2013-10-12 12:33 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-12 12:13 - 2011-10-31 18:12 - 00112088 _____ C:\Users\Alexandre\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-12 12:09 - 2013-10-12 12:09 - 00001166 _____ C:\Users\Public\Desktop\SMART Notebook 11.lnk
2013-10-12 12:09 - 2011-10-31 17:11 - 00205830 _____ C:\Windows\DPINST.LOG
2013-10-12 12:08 - 2013-10-12 12:08 - 00000000 ____D C:\Program Files\National Instruments
2013-10-12 12:04 - 2013-10-12 12:04 - 00001124 _____ C:\Users\Public\Desktop\Visionneuse de document SMART Ink.lnk
2013-10-12 12:02 - 2011-10-31 17:10 - 00000000 ____D C:\ProgramData\SMART Technologies
2013-10-12 12:02 - 2009-07-14 00:52 - 00000000 ____D C:\Windows\twain_32
2013-10-12 11:59 - 2011-10-31 17:06 - 00000000 ____D C:\Program Files\Common Files\SMART Technologies
2013-10-11 14:49 - 2012-04-20 18:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-11 14:49 - 2011-11-09 18:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-11 14:34 - 2013-09-27 13:36 - 00000949 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-11 14:34 - 2013-09-02 11:52 - 00000000 ___HD C:\$AVG
2013-10-03 09:10 - 2012-09-07 22:50 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-10-03 09:09 - 2012-09-07 22:50 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-09-27 19:40 - 2012-09-07 22:49 - 00000000 ____D C:\Program Files\AVG
2013-09-27 13:39 - 2013-09-27 13:39 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\AVG2014
2013-09-27 13:38 - 2013-09-27 13:34 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-25 20:57 - 2013-09-25 20:57 - 00120632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1903611777-2060121337-27779211-1000\$476a158ce88ebc9f21156146218442f3

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$476a158ce88ebc9f21156146218442f3

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Some content of TEMP:
====================
C:\Users\Alexandre\AppData\Local\Temp\APNStub.exe
C:\Users\Alexandre\AppData\Local\Temp\avguidx.dll
C:\Users\Alexandre\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Alexandre\AppData\Local\Temp\DivXSetup.exe
C:\Users\Alexandre\AppData\Local\Temp\GetCC.dll
C:\Users\Alexandre\AppData\Local\Temp\incredibar_install.exe
C:\Users\Alexandre\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Alexandre\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Alexandre\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Alexandre\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Alexandre\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Alexandre\AppData\Local\Temp\SendMsg.dll
C:\Users\Alexandre\AppData\Local\Temp\SHSetup.exe
C:\Users\Alexandre\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alexandre\AppData\Local\Temp\SMARTProductUpdate.exe
C:\Users\Alexandre\AppData\Local\Temp\tbedrs.dll
C:\Users\Alexandre\AppData\Local\Temp\tbuTor.dll
C:\Users\Alexandre\AppData\Local\Temp\tbVgr0.dll
C:\Users\Alexandre\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Alexandre\AppData\Local\Temp\uttCB09.tmp.exe
C:\Users\Alexandre\AppData\Local\Temp\vbmz6.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-10-21 08:56

==================== End Of Log ============================

Here is Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2013
Ran by Alexandre at 2013-10-23 11:42:06
Running from H:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3614)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
AVG Security Toolbar (Version: 17.0.1.12)
Bonjour (Version: 3.0.0.10)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.9)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
iCloud (Version: 3.0.2.163)
iTunes (Version: 11.1.1.11)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 37 (Version: 6.0.370)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Professionnel Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31117)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31121)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
MSVCRT (Version: 15.4.2862.0708)
Nike+ Connect (Version: 5.3.8)
Panda USB Vaccine 1.0.1.4
Shopping Sidekick Plugin (Version: 1.24.151.151)
Skype Click to Call (Version: 5.8.8855)
Skype™ 5.5 (Version: 5.5.124)
SMART Common Files (Version: 11.4.188.0)
SMART French Language Pack (Version: 11.3.27.0)
SMART Ink (Version: 2.0.719.0)
SMART Notebook (Version: 11.3.857.0)
SMART Pilotes de produit (Version: 11.3.533.0)
Synaptics Pointing Device Driver (Version: 15.2.4.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 1.0.1 (Version: 1.0.1)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

==================== Restore Points =========================

24-09-2013 18:09:38 Scheduled Checkpoint
27-09-2013 17:33:28 Installed AVG 2014
27-09-2013 17:35:03 Installed AVG 2014
04-10-2013 18:17:14 Scheduled Checkpoint
11-10-2013 22:03:43 Scheduled Checkpoint
12-10-2013 16:07:52 DirectX est installé
20-10-2013 19:09:52 Scheduled Checkpoint
21-10-2013 21:40:58 Windows Backup

==================== Hosts content: ==========================

2009-07-13 22:04 - 2012-09-07 20:35 - 00444231 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {15A1C83E-7883-4B7D-835B-6C1233D77B80} - System32\Tasks\4797 => C:\Users\ALEXAN~1\AppData\Local\Temp\launchie.vbsC:\Users\ALEXAN~1\AppData\Local\Temp\launchie.vbs //B
Task: {372726DC-CF1E-4752-97DC-B0295CBB7875} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {3B46921B-EEB8-41F2-BC8D-979CA897135D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {641AF874-7612-464E-946D-2B8ABF0241B4} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {912F42CB-11F7-46CB-9F73-CBC76FD31789} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AD23A27E-F317-4471-894F-D3D08EBA3F46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {AD5A6903-CEB9-4929-8ED4-53394033CE1D} - System32\Tasks\VisualBeeRecovery => C:\Users\Alexandre\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe
Task: {EA17D2A9-0F44-4344-B136-B6F44322A927} - System32\Tasks\{770F7CF0-066E-40B1-9095-16B10FF177FD} => Chrome.exe http://ui.skype.com/...?LastError=1601
Task: {F2EA5DD5-B623-4DBA-9540-F0AA201352B4} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {F90CCBE8-09EB-4D98-9EBD-7D8A51523059} - System32\Tasks\0 => Iexplore.exe
Task: {F95814B1-6E9B-47E4-8706-67D7F2D39490} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-07-28 19:09 - 2011-07-28 19:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-03 09:10 - 2013-10-03 09:09 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
2013-10-03 09:10 - 2013-10-03 09:09 - 00142360 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
2011-09-27 10:23 - 2011-09-27 10:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 10:22 - 2011-09-27 10:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node
2011-10-31 17:09 - 2011-10-31 17:09 - 00054184 _____ () C:\Windows\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\config:!
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Faulty Device Manager Devices =============

Name: SMART Virtual TabletPC
Description: SMART Virtual TabletPC
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: SMART Technologies ULC
Service: SMARTVTabletPCx86
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2013 11:29:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5151699

Error: (10/23/2013 11:29:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5151699

Error: (10/23/2013 11:29:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/23/2013 10:03:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (10/23/2013 10:03:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (10/23/2013 10:03:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/23/2013 08:49:30 AM) (Source: Winlogon) (User: )
Description: Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error: (10/23/2013 07:50:45 AM) (Source: Software Protection Platform Service) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005

Error: (10/23/2013 07:15:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37041096

Error: (10/23/2013 07:15:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37041096


System errors:
=============
Error: (10/23/2013 09:27:20 AM) (Source: DCOM) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (10/23/2013 08:49:38 AM) (Source: Service Control Manager) (User: )
Description: Le service Computer Browser s’est arrêté avec l’erreur :
%%1060

Error: (10/23/2013 08:49:21 AM) (Source: EventLog) (User: )
Description: L’arrêt système précédant à 08:47:54 le ‎2013-‎10-‎23 n’était pas prévu.

Error: (10/23/2013 08:47:35 AM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service avgwd.

Error: (10/23/2013 08:45:31 AM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service avgwd.

Error: (10/23/2013 08:43:46 AM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service avgwd.

Error: (10/23/2013 08:42:56 AM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service avgwd.

Error: (10/23/2013 08:33:46 AM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service avgwd.

Error: (10/23/2013 08:10:47 AM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service avgwd.

Error: (10/23/2013 08:10:17 AM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service avgwd.


Microsoft Office Sessions:
=========================
Error: (10/23/2013 11:29:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5151699

Error: (10/23/2013 11:29:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5151699

Error: (10/23/2013 11:29:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/23/2013 10:03:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (10/23/2013 10:03:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (10/23/2013 10:03:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/23/2013 08:49:30 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (10/23/2013 07:50:45 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (10/23/2013 07:15:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37041096

Error: (10/23/2013 07:15:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37041096


==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 2485.86 MB
Available physical RAM: 771.78 MB
Total Pagefile: 4970 MB
Available Pagefile: 2922.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.77 GB) (Free:58.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:21.7 GB) (Free:2.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (T-P STEPH) (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CA31C031)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

Thanks for your help! :happy:
  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's start with this. Please download the attached fixlist.txt to your flash drive with FRST. Then run FRST again in the same way, but press "Fix" this time. Please post the resulting fixlog.txt.

Attached Files


  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Are you having any trouble with my instructions?
  • 0

#7
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP