Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help! how to remove ".trasher" on my external hard drive.


  • This topic is locked This topic is locked
3 replies to this topic

#1 johnsworthy

johnsworthy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 11 February 2014 - 03:48 AM


i have a ".trasher"  on my external hard drive . can someone help me please? 

 

i can't see any folder on my external hard drive but when i search it on my computer's search bar i can see the contents.



I have scanned my external using RougeKiller, UsbFix and I am Currently scanning using Malwarebytes AntiMAlware
from RougeKiller
file:///C:/Users/DELL/Desktop/RKreport%5B0%5D_S_02112014_112106.txt
From UsbFix
file:///C:/Users/DELL/Desktop/UsbFix.txt

 
 
Mod Edit:  Merged posts, moved to Malware Removal Logs - Hamluis.

Edited by hamluis, 11 February 2014 - 09:20 AM.


BC AdBot (Login to Remove)

 


#2 johnsworthy

johnsworthy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 11 February 2014 - 04:37 AM

RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DELL [Admin rights]
Mode : Scan -- Date : 02/11/2014 11:21:06
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Viber ("C:\Users\DELL\AppData\Local\Viber\Viber.exe" StartMinimized [x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1512941640-2705596818-1122908505-1001\[...]\Run : Viber ("C:\Users\DELL\AppData\Local\Viber\Viber.exe" StartMinimized [x][x]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{7667F7A0-F71E-465A-B4CC-7D8805F200B0} : NameServer (94.128.0.46 94.129.128.137 [KUWAIT (KW) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{B4E03E28-874C-4E97-930A-16DEBF88B6F4} : NameServer (94.128.0.25 94.129.128.137 [KUWAIT (KW) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{7667F7A0-F71E-465A-B4CC-7D8805F200B0} : NameServer (94.128.0.46 94.129.128.137 [KUWAIT (KW) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{B4E03E28-874C-4E97-930A-16DEBF88B6F4} : NameServer (94.128.0.25 94.129.128.137 [KUWAIT (KW) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{7667F7A0-F71E-465A-B4CC-7D8805F200B0} : NameServer (94.128.0.46 94.129.128.137 [KUWAIT (KW) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{B4E03E28-874C-4E97-930A-16DEBF88B6F4} : NameServer (94.128.0.25 94.129.128.137 [KUWAIT (KW) - (Unknown Country?) (XX)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] DTReg : C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe [7] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9750420AS +++++
--- User ---
[MBR] 578fcd808a47353b1fc6e9e2d7ef4c92
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate Expansion USB Device +++++
--- User ---
[MBR] dddfb6eff3a8d70a4dd4ebbc48700062
[BSP] d2c85772aa9920e3bd53e09f5a985a9c : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_02112014_112106.txt >>

############################## | UsbFix V 7.164 | [Listing]
 
User: DELL (Administrator) # DELL-PC
Updated05/02/2014 by El Desaparecido - Team SosVirus
Started at 11:27:12 | 11/02/2014
 
Website : http://www.en.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
 
PC: Dell Inc. (0NJT03)
CPU: Intel® Core™ i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 6038 Mo| Free : 3253 Mo]
Bios: Dell Inc.        
Boot: Normal boot
 
OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 32.0.1700.107
WB: Mozilla Firefox : 26.0
 
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 679 Gb (518 Mb free - 76%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 932 Gb (482 Mb free - 52%) [Seagate Expansion Drive] # NTFS
Y:\ -> Fixed drive # 20 Gb (10 Mb free - 51%) [RECOVERY] # NTFS
 
################## | Listing Beta |
 
[24/01/2014 - 09:30:21 | HD] - C:\$AVG
[04/09/2012 - 19:33:51 | SHD] - C:\$RECYCLE.BIN
[22/10/2011 - 16:24:58 | D] - C:\apps
[24/01/2014 - 10:13:39 | SHD] - C:\Config.Msi
[04/09/2012 - 19:48:54 | D] - C:\DELL
[22/10/2011 - 16:29:38 | RAH | 4 Ko] - C:\dell.sdr
[14/07/2009 - 08:08:56 | SHD] - C:\Documents and Settings
[22/10/2011 - 16:54:32 | D] - C:\Drivers
[22/10/2011 - 15:56:15 | A | 1 Ko] - C:\freefallprotection.log
[19/01/2014 - 03:11:58 | D] - C:\games
[11/02/2014 - 10:41:24 | ASH | 4637312 Ko] - C:\hiberfil.sys
[22/10/2011 - 15:53:56 | D] - C:\Intel
[07/09/2012 - 02:39:06 | D] - C:\logs
[11/02/2014 - 10:41:37 | ASH | 6183084 Ko] - C:\pagefile.sys
[14/07/2009 - 06:20:08 | D] - C:\PerfLogs
[22/10/2011 - 17:18:31 | D] - C:\PostVistaPE
[01/02/2014 - 08:40:12 | D] - C:\Program Files
[10/02/2014 - 07:11:38 | RD] - C:\Program Files (x86)
[24/01/2014 - 11:21:00 | HD] - C:\ProgramData
[10/02/2014 - 04:09:42 | SHD] - C:\System Volume Information
[05/02/2013 - 20:47:38 | D] - C:\Temp
[11/02/2014 - 11:26:09 | D] - C:\UsbFix
[11/02/2014 - 11:27:14 | A | 2 Ko | 1238532CA9DBFDCE315A31F2A17E0217] - C:\UsbFix [Listing 1] DELL-PC.txt
[04/09/2012 - 19:29:20 | RD] - C:\Users
[22/10/2011 - 16:13:30 | A | 1343 Ko] - C:\vcredist_x86.log
[24/01/2014 - 09:10:35 | D] - C:\WINDOWS
[23/11/2012 - 10:42:15 | SHD] - E:\$AVG
[23/01/2014 - 07:37:31 | A | 2 Ko] - E:\$AVG.lnk
[23/01/2014 - 07:08:34 | SHD] - E:\$RECYCLE.BIN
[23/01/2014 - 07:37:31 | A | 2 Ko] - E:\$RECYCLE.BIN.lnk
[01/01/1970 - 03:00:32 | A | 0 Ko] - E:\.cm0012
[01/01/1970 - 03:03:53 | A | 1867 Ko] - E:\.cmdb
[28/11/2013 - 03:16:16 | A | 11 Ko] - E:\988347_506058316156297_1401706691_n.jpg
[22/12/2012 - 11:52:41 | SHD] - E:\backup.exe
[23/01/2014 - 07:37:31 | A | 2 Ko] - E:\backup.exe.lnk
[23/01/2013 - 03:05:30 | SHD] - E:\c2-03
[23/01/2014 - 07:37:31 | A | 2 Ko] - E:\c2-03.lnk
[25/07/2013 - 10:07:18 | SHD] - E:\c8
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\c8.lnk
[03/09/2013 - 13:09:49 | SHD] - E:\converted
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\converted.lnk
[07/11/2007 - 03:00:40 | A | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1028.txt
[07/11/2007 - 03:00:40 | A | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1031.txt
[07/11/2007 - 03:00:40 | A | 10 Ko | 99C22D4A31F4EAD4351B71D6F4E5F6A1] - E:\eula.1033.txt
[07/11/2007 - 03:00:40 | A | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1036.txt
[07/11/2007 - 03:00:40 | A | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1040.txt
[07/11/2007 - 03:00:40 | A | 0 Ko | 9B15A3A055CC6E67EA191A1B7885649A] - E:\eula.1041.txt
[07/11/2007 - 03:00:40 | A | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1042.txt
[07/11/2007 - 03:00:40 | A | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.2052.txt
[07/11/2007 - 03:00:40 | A | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.3082.txt
[22/12/2012 - 09:26:42 | A | 1976 Ko | 8B12CD8747B553F458C3C71342548BA8] - E:\Folder Lock Protable.exe
[13/10/2013 - 00:35:38 | SHD] - E:\found.000
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\found.000.lnk
[03/01/2014 - 02:35:54 | SHD] - E:\from c
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\from c.lnk
[13/10/2013 - 10:21:14 | SHD] - E:\games
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\games.lnk
[07/11/2007 - 03:00:40 | A | 1 Ko] - E:\globdata.ini
[07/11/2007 - 03:03:18 | A | 550 Ko | 520A6D1CBCC9CF642C625FE814C93C58] - E:\install.exe
[07/11/2007 - 03:00:40 | A | 1 Ko] - E:\install.ini
[07/11/2007 - 03:03:18 | A | 75 Ko | 4151A4D07640863783F837E588235837] - E:\install.res.1028.dll
[07/11/2007 - 03:03:18 | A | 94 Ko | 3B8A82E04238655EAEF97E074FB29911] - E:\install.res.1031.dll
[07/11/2007 - 03:03:18 | A | 89 Ko | 9EDEB8B1C5C0A4CD3A3016B85108127D] - E:\install.res.1033.dll
[07/11/2007 - 03:03:18 | A | 95 Ko | 5B6FF470CFA7087690E61F87E81EF78A] - E:\install.res.1036.dll
[07/11/2007 - 03:03:18 | A | 93 Ko | 6310AB8FC9E3DBEE80592FC453A34FEE] - E:\install.res.1040.dll
[07/11/2007 - 03:03:18 | A | 80 Ko | 13ED4517152203DE4BC52ACC0255D952] - E:\install.res.1041.dll
[07/11/2007 - 03:03:18 | A | 78 Ko | 0D4FB4095EA49C1EC89B9E8DB0B936A3] - E:\install.res.1042.dll
[07/11/2007 - 03:03:18 | A | 74 Ko | D7366B34E8AFB605C39EF56E2201FE85] - E:\install.res.2052.dll
[07/11/2007 - 03:03:18 | A | 94 Ko | 41BB37A347121F3E5E88D85100638B79] - E:\install.res.3082.dll
[28/07/2013 - 05:07:05 | SHD] - E:\johnvie
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\johnvie.lnk
[01/11/2013 - 04:26:35 | SHD] - E:\mediaget dls
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\mediaget dls.lnk
[23/12/2013 - 03:23:39 | SHD] - E:\movies inport
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\movies inport.lnk
[08/12/2013 - 07:15:05 | SHD] - E:\mp3
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\mp3.lnk
[19/03/2013 - 12:38:45 | SHD] - E:\msdownld.tmp
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\msdownld.tmp.lnk
[07/09/2013 - 13:03:14 | SHD] - E:\New folder
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\New folder.lnk
[06/02/2013 - 11:36:07 | A | 11 Ko] - E:\New Microsoft Office Word Document.docx
[02/08/2013 - 06:37:14 | SHD] - E:\nokia c7 backup 080213
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\nokia c7 backup 080213.lnk
[01/12/2013 - 02:04:21 | SHD] - E:\out
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\out.lnk
[16/07/2013 - 13:09:34 | SHD] - E:\recovered
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\recovered.lnk
[22/11/2012 - 22:52:53 | SHD] - E:\RECYCLER
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\RECYCLER.lnk
[31/05/2012 - 15:15:34 | SHD] - E:\Seagate
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\Seagate.lnk
[05/03/2012 - 10:44:44 | A | 1606 Ko] - E:\SeagateExpansion.ico
[16/01/2009 - 11:14:08 | A | 153 Ko | 83AC83E93D62980F1FBBB6580D87A197] - E:\Setup.exe
[23/12/2012 - 09:02:29 | SHD] - E:\System Volume Information
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\System Volume Information.lnk
[31/07/2013 - 14:31:33 | SHD] - E:\Tor Browser Bundle
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\Tor Browser Bundle.lnk
[30/09/2013 - 08:50:51 | SHD] - E:\tors
[23/01/2014 - 07:37:32 | A | 2 Ko] - E:\tors.lnk
[07/11/2007 - 03:00:40 | A | 6 Ko] - E:\vcredist.bmp
[07/11/2007 - 03:09:22 | A | 1409 Ko] - E:\VC_RED.cab
[07/11/2007 - 03:12:28 | A | 228 Ko] - E:\VC_RED.MSI
[30/09/2013 - 08:14:19 | A | 0 Ko] - Y:\ADRInfos.xml
[01/05/2004 - 01:01:00 | SH | 0 Ko] - Y:\AUTORUN.INF
[15/01/2013 - 18:29:56 | RSHD] - Y:\Boot
[21/11/2010 - 06:23:51 | SH | 375 Ko] - Y:\bootmgr
[04/09/2012 - 18:16:27 | RSHD] - Y:\dell
[29/04/2009 - 01:49:00 | SH | 7 Ko] - Y:\Desktop.ini
[04/09/2012 - 18:01:07 | SH | 0 Ko] - Y:\DRECOVERY
[08/07/2011 - 18:12:06 | SH | 81 Ko | C386B78CE817E0A725A4F93D2096C1B8] - Y:\Info.exe
[04/09/2012 - 19:36:03 | RSHD] - Y:\Logs
[11/02/2014 - 11:17:34 | ASH | 0 Ko] - Y:\MASTER.LOG
[04/09/2012 - 18:16:28 | RSHD] - Y:\preload
[05/04/2011 - 02:08:18 | SH | 34 Ko] - Y:\protect.arabic
[05/04/2011 - 02:08:18 | SH | 114 Ko] - Y:\protect.chinese simplified
[05/04/2011 - 02:08:18 | SH | 115 Ko] - Y:\protect.chinese traditional
[21/04/2011 - 19:51:16 | SH | 33 Ko] - Y:\protect.croatian
[05/04/2011 - 02:08:18 | SH | 33 Ko] - Y:\protect.czech
[21/04/2011 - 19:23:16 | SH | 33 Ko] - Y:\protect.danish
[05/04/2011 - 02:08:18 | SH | 117 Ko] - Y:\protect.dutch
[05/04/2011 - 02:08:18 | SH | 46 Ko] - Y:\protect.ed
[05/04/2011 - 02:08:18 | SH | 46 Ko] - Y:\protect.english
[05/04/2011 - 02:08:18 | SH | 33 Ko] - Y:\protect.finnish
[05/04/2011 - 02:08:18 | SH | 113 Ko] - Y:\protect.french
[05/04/2011 - 02:08:18 | SH | 114 Ko] - Y:\protect.german
[05/04/2011 - 02:08:18 | SH | 34 Ko] - Y:\protect.greek
[05/04/2011 - 02:08:18 | SH | 34 Ko] - Y:\protect.hebrew
[05/04/2011 - 02:08:18 | SH | 33 Ko] - Y:\protect.hungarian
[05/04/2011 - 02:08:18 | SH | 113 Ko] - Y:\protect.italian
[05/04/2011 - 02:08:18 | SH | 115 Ko] - Y:\protect.japanese
[05/04/2011 - 02:08:18 | SH | 122 Ko] - Y:\protect.korean
[05/04/2011 - 02:08:18 | SH | 113 Ko] - Y:\protect.norwegian
[05/04/2011 - 02:08:18 | SH | 33 Ko] - Y:\protect.polish
[05/04/2011 - 02:08:18 | SH | 33 Ko] - Y:\protect.portuguese
[05/04/2011 - 02:08:18 | SH | 114 Ko] - Y:\protect.portuguese brazilian
[21/04/2011 - 19:51:16 | SH | 33 Ko] - Y:\protect.romanian
[05/04/2011 - 02:08:18 | SH | 34 Ko] - Y:\protect.russian
[21/04/2011 - 19:51:16 | SH | 33 Ko] - Y:\protect.slovak
[21/04/2011 - 19:51:16 | SH | 33 Ko] - Y:\protect.slovenian
[05/04/2011 - 02:08:18 | SH | 114 Ko] - Y:\protect.spanish
[05/04/2011 - 02:08:18 | SH | 114 Ko] - Y:\protect.swedish
[21/04/2011 - 19:51:16 | SH | 34 Ko] - Y:\protect.thai
[05/04/2011 - 02:08:18 | SH | 33 Ko] - Y:\protect.turkish
[04/09/2012 - 18:16:28 | RD] - Y:\Recovery
[22/10/2011 - 20:10:01 | SH | 0 Ko] - Y:\ResSys.ini
[22/10/2011 - 16:10:12 | SH | 0 Ko] - Y:\ST_InstallBackup.ini
[04/09/2012 - 18:16:28 | SHD] - Y:\System Volume Information
 
################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |


Malwarebytes Anti-Malware scan is finished here is the report
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.11.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
DELL :: DELL-PC [administrator]
 
2/11/2014 12:10:41 PM
mbam-log-2014-02-11 (12-10-41).txt
 
Scan type: Full scan (E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295858
Time elapsed: 28 minute(s), 59 second(s)
 
Memory Processes Detected: 5
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 2376 -> Delete on reboot.
C:\Program Files (x86)\DefaultTab\DefaultTabHost.exe (PUP.Optional.DefaultTab.A) -> 432 -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.Optional.MindSpark) -> 6008 -> Delete on reboot.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrchMn.exe (PUP.Optional.MindSpark) -> 3276 -> Delete on reboot.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29brmon.exe (PUP.Optional.MindSpark) -> 2828 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 76
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\HeadlineAlley_29Service (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\HeadlineAlley_29.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\HeadlineAlley_29.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\HeadlineAlley_29.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\HeadlineAlley_29.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E887CC26-926E-B8D3-F83C-C862067B22E2} (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E887CC26-926E-B8D3-F83C-C862067B22E2} (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E887CC26-926E-B8D3-F83C-C862067B22E2} (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 7
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.3.0 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.3.0 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter_4z Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HeadlineAlley Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\HEADLI~2\bar\1.bin\29srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HeadlineAlley_29 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\HEADLI~2\bar\1.bin\29brmon.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 23
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Program Files (x86)\WebSearch (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Bundled software uninstaller (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\OpenCandy\D29D31E77ACB4FC5BE201C2A4C6D1491 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.8.11.10 (PUP.Optional.BabylonToolbar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\Apps (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 68
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29barsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Delete on reboot.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29sknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\DM.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
E:\from c\from dloads\Compressed\Medal.of.Honor.Warfighter.v1.0.0.2.Plus.4.Trainer.zip (PUP.HackTool.Agent) -> Quarantined and deleted successfully.
E:\from c\from dloads\Compressed\system fixers\Live TV Software 2011 Cracked.rar (Trojan.Agent) -> Quarantined and deleted successfully.
E:\from c\from dloads\Compressed\system fixers\Pc Speed Maximizer 3.0.1 + Patch By bobby d dog\Patch\Patch.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\from c\from dloads\Programs\[_www_Torrenting_com_]_Brave_2012_DVDRip_XviD_AC3_[PDU_ENCODE].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
E:\from c\from dloads\Programs\[_www_Torrenting_com_]_Brave_2012_DVDRip_XviD_AC3_[PDU_ENCODE]_2.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
E:\from c\from dloads\transfer\Compressed\Google Earth Pro 7.1.1.1580 Setup[GENESISPOGI].rar (Trojan.P2P.Worm) -> Quarantined and deleted successfully.
E:\from c\from dloads\transfer\Programs\ManyCamSetup.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
E:\from c\from dloads\transfer\Programs\setup-ziggygames.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
E:\games\Beach Head 2002\BH2002.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
E:\johnvie\clinx\setups\produkey-x64.zip (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
E:\movies inport\SET-UPS\Corel VideoStudio Pro X5 Ultimate 15.0.0.258 ML Retail with bonus pack (keygen-CORE) [ChingLiu]\Keygen-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Homepage.lnk (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Contact Us.lnk (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\PriceGong Help.lnk (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong\Uninstall PriceGong.lnk (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab\DefaultTab.crx (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab\DefaultTabHost.exe (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Program Files (x86)\DefaultTab\DefaultTabHost.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab\uid (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebSearch\sprotector.dll (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebSearch\uninstall.exe (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Bundled software uninstaller\biclient.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrchMn.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\ProgramData\Search-NewTab\510f15bde47b9.dll (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab\510f15bde47b9.tlb (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab\settings.ini (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab\uninstall.exe (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab\Search-NewTab.lnk (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab\Uninstall.lnk (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\OpenCandy\D29D31E77ACB4FC5BE201C2A4C6D1491\TuneUpUtilities2013-2200319_en-US.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\uninstall.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\addon.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DT.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Roaming\DefaultTab\DefaultTab\update.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091\CT2504091.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DELL\AppData\Local\Temp\ct2504091\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)


i have used deletion method on Usbfix and here is the report
 
############################## | UsbFix V 7.164 | [Deletion]
 
User: DELL (Administrator) # DELL-PC
Updated05/02/2014 by El Desaparecido - Team SosVirus
Started at 13:46:04 | 11/02/2014
 
Website : http://www.en.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
 
PC: Dell Inc. (0NJT03)
CPU: Intel® Core™ i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 6038 Mo| Free : 4602 Mo]
Bios: Dell Inc.         
Boot: Normal boot
 
OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 32.0.1700.107
WB: Mozilla Firefox : 26.0
 
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001
 
C:\ (%systemdrive%) -> Fixed drive # 679 Gb (406 Mb free - 60%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 932 Gb (594 Mb free - 64%) [Seagate Expansion Drive] # NTFS
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID: 532 |ParentID: 432)
C:\Windows\system32\csrss.exe (ID: 700 |ParentID: 692)
C:\Windows\system32\wininit.exe (ID: 708 |ParentID: 432)
C:\Windows\system32\winlogon.exe (ID: 748 |ParentID: 692)
C:\Windows\system32\services.exe (ID: 804 |ParentID: 708)
C:\Windows\system32\lsass.exe (ID: 812 |ParentID: 708)
C:\Windows\system32\lsm.exe (ID: 820 |ParentID: 708)
C:\Windows\system32\svchost.exe (ID: 912 |ParentID: 804)
C:\Windows\system32\nvvsvc.exe (ID: 976 |ParentID: 804)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 1000 |ParentID: 804)
C:\Windows\system32\svchost.exe (ID: 132 |ParentID: 804)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 600 |ParentID: 804)
C:\Windows\System32\svchost.exe (ID: 868 |ParentID: 804)
C:\Windows\System32\svchost.exe (ID: 1040 |ParentID: 804)
C:\Windows\system32\svchost.exe (ID: 1068 |ParentID: 804)
C:\Windows\system32\svchost.exe (ID: 1092 |ParentID: 804)
C:\Windows\system32\svchost.exe (ID: 1220 |ParentID: 804)
C:\Windows\system32\svchost.exe (ID: 1336 |ParentID: 804)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1396 |ParentID: 976)
C:\Windows\system32\nvvsvc.exe (ID: 1420 |ParentID: 976)
C:\Windows\system32\svchost.exe (ID: 1496 |ParentID: 804)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1560 |ParentID: 1040)
C:\Windows\system32\WLANExt.exe (ID: 1624 |ParentID: 1040)
C:\Windows\system32\conhost.exe (ID: 1652 |ParentID: 532)
C:\Windows\System32\spoolsv.exe (ID: 1860 |ParentID: 804)
C:\Windows\system32\taskeng.exe (ID: 1872 |ParentID: 1092)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1308 |ParentID: 804)
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (ID: 1432 |ParentID: 804)
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (ID: 1656 |ParentID: 804)
C:\Program Files (x86)\MyPC Backup\BackupStack.exe (ID: 1996 |ParentID: 804)
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (ID: 1276 |ParentID: 804)
C:\Windows\system32\svchost.exe (ID: 1744 |ParentID: 804)
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (ID: 2076 |ParentID: 804)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID: 2148 |ParentID: 804)
C:\ProgramData\DatacardService\HWDeviceService64.exe (ID: 2236 |ParentID: 804)
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (ID: 2316 |ParentID: 804)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID: 2440 |ParentID: 804)
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 2488 |ParentID: 804)
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (ID: 2924 |ParentID: 804)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2960 |ParentID: 804)
C:\Windows\system32\svchost.exe (ID: 3032 |ParentID: 804)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2244 |ParentID: 804)
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (ID: 2572 |ParentID: 804)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2692 |ParentID: 2244)
C:\Windows\system32\wbem\unsecapp.exe (ID: 3160 |ParentID: 912)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3316 |ParentID: 912)
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (ID: 3348 |ParentID: 804)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 3480 |ParentID: 804)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 3660 |ParentID: 804)
C:\Windows\System32\WUDFHost.exe (ID: 4032 |ParentID: 1040)
C:\Windows\system32\svchost.exe (ID: 3468 |ParentID: 804)
C:\Windows\system32\svchost.exe (ID: 144 |ParentID: 804)
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID: 4012 |ParentID: 804)
C:\Program Files (x86)\Nero\Update\NASvc.exe (ID: 3548 |ParentID: 804)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2764 |ParentID: 912)
C:\Windows\system32\sppsvc.exe (ID: 1484 |ParentID: 804)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3296 |ParentID: 804)
C:\Windows\system32\SearchIndexer.exe (ID: 3476 |ParentID: 804)
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID: 2508 |ParentID: 804)
C:\Windows\system32\taskhost.exe (ID: 1292 |ParentID: 804)
C:\Windows\system32\Dwm.exe (ID: 1760 |ParentID: 1040)
C:\Windows\Explorer.EXE (ID: 608 |ParentID: 3828)
C:\Windows\system32\runonce.exe (ID: 3132 |ParentID: 608)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 2936 |ParentID: 2236)
C:\Windows\system32\SearchProtocolHost.exe (ID: 4132 |ParentID: 3476)
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (ID: 4160 |ParentID: 2924)
C:\Windows\system32\SearchFilterHost.exe (ID: 4180 |ParentID: 3476)
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (ID: 4204 |ParentID: 2924)
C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe (ID: 4236 |ParentID: 4192)
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (ID: 4272 |ParentID: 4144)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 4836 |ParentID: 4160)
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID: 4484 |ParentID: 1040)
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (ID: 4704 |ParentID: 4484)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 1604 |ParentID: 1396)
 
################## | Regedit Run |
 
04 - HKCU\..\Run : [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [Mobile Partner] C:\Program Files (x86)\WEB Partner\WEB Partner
04 - HKCU\..\Run : [Viber] "C:\Users\DELL\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKCU\..\Run : [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
04 - HKLM\..\Run : [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
04 - HKLM\..\Run : [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
04 - HKLM\..\Run : [] 
04 - HKLM\..\Run : [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
04 - HKLM\..\Run : [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
04 - HKLM\..\Run : [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
04 - HKLM\..\Run : [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
04 - HKLM\..\Run : [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
04 - HKLM\..\Run : [UVS12 Preload] C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
04 - HKLM64\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
04 - HKLM64\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
04 - HKLM64\..\Run : [NtrigApplet] C:\Program Files\N-trig\DuoSense Control Apps\NtrigApplet.exe
04 - HKLM64\..\Run : [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
04 - HKLM64\..\Run : [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
04 - HKLM64\..\Run : [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
04 - HKLM64\..\Run : [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
04 - HKLM64\..\Run : [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
04 - HKLM64\..\Run : [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
04 - HKLM64\..\Run : [HeadlineAlley Home Page Guard 64 bit] "C:\PROGRA~2\HEADLI~2\bar\1.bin\AppIntegrator64.exe"
04 - HKLM64\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\..\Run : [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\..\Run : [Mobile Partner] C:\Program Files (x86)\WEB Partner\WEB Partner
04 - HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\..\Run : [Viber] "C:\Users\DELL\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\..\Run : [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Deleted ! E:\Backup.exe
Not deleted ! E:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
 
(!) Temporary files deleted.
 
################## | Registry |
 
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Deleted ! HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\Software\.\.\.\.\Mountpoints2\{13cdafe4-f873-11e1-82a0-ac7289e79adb}
Deleted ! HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\Software\.\.\.\.\Mountpoints2\{14fca87e-898e-11e2-85d6-001e101f1838}
Deleted ! HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\Software\.\.\.\.\Mountpoints2\{39393c3b-3715-11e3-94ab-806e6f6e6963}
Deleted ! HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\Software\.\.\.\.\Mountpoints2\{457b474c-61eb-11e2-b5b0-001e101fabdd}
Deleted ! HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\Software\.\.\.\.\Mountpoints2\{457b4761-61eb-11e2-b5b0-001e101fabdd}
Deleted ! HKU\S-1-5-21-1512941640-2705596818-1122908505-1001\Software\.\.\.\.\Mountpoints2\{ea475dd7-89f3-11e2-950e-ac7289e79adb}
 
################## | Listing |
 
[24/01/2014 - 09:30:21 | D] - C:\$AVG
[04/09/2012 - 19:33:51 | SHD] - C:\$RECYCLE.BIN
[22/10/2011 - 16:24:58 | D] - C:\apps
[04/09/2012 - 19:48:54 | D] - C:\DELL
[22/10/2011 - 16:29:38 | N | 4 Ko] - C:\dell.sdr
[14/07/2009 - 08:08:56 | SHD] - C:\Documents and Settings
[22/10/2011 - 16:54:32 | D] - C:\Drivers
[22/10/2011 - 15:56:15 | N | 1 Ko] - C:\freefallprotection.log
[19/01/2014 - 03:11:58 | D] - C:\games
[11/02/2014 - 13:41:34 | ASH | 4637312 Ko] - C:\hiberfil.sys
[22/10/2011 - 15:53:56 | D] - C:\Intel
[07/09/2012 - 02:39:06 | D] - C:\logs
[11/02/2014 - 13:41:49 | ASH | 6183084 Ko] - C:\pagefile.sys
[14/07/2009 - 06:20:08 | D] - C:\PerfLogs
[22/10/2011 - 17:18:31 | D] - C:\PostVistaPE
[01/02/2014 - 08:40:12 | D] - C:\Program Files
[11/02/2014 - 12:49:09 | D] - C:\Program Files (x86)
[11/02/2014 - 12:45:15 | HD] - C:\ProgramData
[10/02/2014 - 04:09:42 | SHD] - C:\System Volume Information
[05/02/2013 - 20:47:38 | D] - C:\Temp
[11/02/2014 - 11:26:09 | D] - C:\UsbFix
[11/02/2014 - 13:06:13 | N | 11 Ko | 0C6B0066D4B517ACC1CC14C5541C79EB] - C:\UsbFix [Clean 2] DELL-PC.txt
[11/02/2014 - 13:34:13 | N | 11 Ko | DE9950D84089EE78E44E0813A95D3B07] - C:\UsbFix [Clean 4] DELL-PC.txt
[11/02/2014 - 13:50:49 | A | 14 Ko | 167493A38FDE756AF4D76D41B011F61B] - C:\UsbFix [Clean 6] DELL-PC.txt
[11/02/2014 - 11:27:21 | N | 10 Ko | 03C2D743E59E05788CA38A50D4A14466] - C:\UsbFix [Listing 1] DELL-PC.txt
[04/09/2012 - 19:29:20 | D] - C:\Users
[22/10/2011 - 16:13:30 | N | 1343 Ko] - C:\vcredist_x86.log
[24/01/2014 - 09:10:35 | D] - C:\WINDOWS
[23/11/2012 - 10:42:15 | D] - E:\$AVG
[23/01/2014 - 07:08:34 | SHD] - E:\$RECYCLE.BIN
[01/01/1970 - 03:00:32 | N | 0 Ko] - E:\.cm0012
[01/01/1970 - 03:03:53 | N | 1867 Ko] - E:\.cmdb
[28/11/2013 - 03:16:16 | N | 11 Ko] - E:\988347_506058316156297_1401706691_n.jpg
[23/01/2013 - 03:05:30 | D] - E:\c2-03
[25/07/2013 - 10:07:18 | D] - E:\c8
[03/09/2013 - 13:09:49 | D] - E:\converted
[07/11/2007 - 03:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1028.txt
[07/11/2007 - 03:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1031.txt
[07/11/2007 - 03:00:40 | N | 10 Ko | 99C22D4A31F4EAD4351B71D6F4E5F6A1] - E:\eula.1033.txt
[07/11/2007 - 03:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1036.txt
[07/11/2007 - 03:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1040.txt
[07/11/2007 - 03:00:40 | N | 0 Ko | 9B15A3A055CC6E67EA191A1B7885649A] - E:\eula.1041.txt
[07/11/2007 - 03:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.1042.txt
[07/11/2007 - 03:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.2052.txt
[07/11/2007 - 03:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - E:\eula.3082.txt
[22/12/2012 - 09:26:42 | N | 1976 Ko | 8B12CD8747B553F458C3C71342548BA8] - E:\Folder Lock Protable.exe
[13/10/2013 - 00:35:38 | D] - E:\found.000
[03/01/2014 - 02:35:54 | D] - E:\from c
[13/10/2013 - 10:21:14 | D] - E:\games
[07/11/2007 - 03:00:40 | N | 1 Ko] - E:\globdata.ini
[07/11/2007 - 03:03:18 | N | 550 Ko | 520A6D1CBCC9CF642C625FE814C93C58] - E:\install.exe
[07/11/2007 - 03:00:40 | N | 1 Ko] - E:\install.ini
[07/11/2007 - 03:03:18 | N | 75 Ko | 4151A4D07640863783F837E588235837] - E:\install.res.1028.dll
[07/11/2007 - 03:03:18 | N | 94 Ko | 3B8A82E04238655EAEF97E074FB29911] - E:\install.res.1031.dll
[07/11/2007 - 03:03:18 | N | 89 Ko | 9EDEB8B1C5C0A4CD3A3016B85108127D] - E:\install.res.1033.dll
[07/11/2007 - 03:03:18 | N | 95 Ko | 5B6FF470CFA7087690E61F87E81EF78A] - E:\install.res.1036.dll
[07/11/2007 - 03:03:18 | N | 93 Ko | 6310AB8FC9E3DBEE80592FC453A34FEE] - E:\install.res.1040.dll
[07/11/2007 - 03:03:18 | N | 80 Ko | 13ED4517152203DE4BC52ACC0255D952] - E:\install.res.1041.dll
[07/11/2007 - 03:03:18 | N | 78 Ko | 0D4FB4095EA49C1EC89B9E8DB0B936A3] - E:\install.res.1042.dll
[07/11/2007 - 03:03:18 | N | 74 Ko | D7366B34E8AFB605C39EF56E2201FE85] - E:\install.res.2052.dll
[07/11/2007 - 03:03:18 | N | 94 Ko | 41BB37A347121F3E5E88D85100638B79] - E:\install.res.3082.dll
[28/07/2013 - 05:07:05 | D] - E:\johnvie
[01/11/2013 - 04:26:35 | D] - E:\mediaget dls
[23/12/2013 - 03:23:39 | D] - E:\movies inport
[08/12/2013 - 07:15:05 | D] - E:\mp3
[19/03/2013 - 12:38:45 | D] - E:\msdownld.tmp
[07/09/2013 - 13:03:14 | D] - E:\New folder
[06/02/2013 - 11:36:07 | N | 11 Ko] - E:\New Microsoft Office Word Document.docx
[02/08/2013 - 06:37:14 | D] - E:\nokia c7 backup 080213
[01/12/2013 - 02:04:21 | D] - E:\out
[16/07/2013 - 13:09:34 | D] - E:\recovered
[22/11/2012 - 22:52:53 | SHD] - E:\RECYCLER
[31/05/2012 - 15:15:34 | D] - E:\Seagate
[05/03/2012 - 10:44:44 | N | 1606 Ko] - E:\SeagateExpansion.ico
[16/01/2009 - 11:14:08 | N | 153 Ko | 83AC83E93D62980F1FBBB6580D87A197] - E:\Setup.exe
[23/12/2012 - 09:02:29 | SHD] - E:\System Volume Information
[31/07/2013 - 14:31:33 | D] - E:\Tor Browser Bundle
[30/09/2013 - 08:50:51 | D] - E:\tors
[07/11/2007 - 03:00:40 | N | 6 Ko] - E:\vcredist.bmp
[07/11/2007 - 03:09:22 | N | 1409 Ko] - E:\VC_RED.cab
[07/11/2007 - 03:12:28 | N | 228 Ko] - E:\VC_RED.MSI
 
################## | Vaccin |
 
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
 
################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |

Edited by hamluis, 11 February 2014 - 09:18 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted 13 February 2014 - 09:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted 19 February 2014 - 10:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users