Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Three Days No Rest Laptop ( OTL included ) [Closed]

Started by Paolo434 , Dec 26 2012 05:28 AM

  • This topic is locked This topic is locked

#1
Paolo434
Posted 26 December 2012 - 05:28 AM

Paolo434

    New Member

  • Member
  • Pip
  • 2 posts
I've turned on my laptop today only to find 6 infections located at C:\windows\installers the 6 infections are:


"C:\Windows\Installer\11a8c.msi:\Disk1:\isuspm.exe.4747EFCD_A8CE_4016_80F6_050BCAD9FE72";"Trojan horse SHeur4.AWYN";"Infected"
"C:\Windows\Installer\11a8c.msi:\Disk1";"Trojan horse SHeur4.AWYN";"Infected"
"C:\Windows\Installer\11a8c.msi";"Trojan horse SHeur4.AWYN";"Infected"
"C:\Windows\Installer\11a77.msi:\Disk1:\isuspm.exe.4747EFCD_A8CE_4016_80F6_050BCAD9FE72";"Trojan horse SHeur4.AWYN";"Infected"
"C:\Windows\Installer\11a77.msi:\Disk1";"Trojan horse SHeur4.AWYN";"Infected"
"C:\Windows\Installer\11a77.msi";"Trojan horse SHeur4.AWYN";"Infected"

I cant remove them and am scared to turn off my laptop because someone told me it might not reboot again.. Please help me ASAP
*Laptop is for family use and has MANY important files. It is still turned on in an highly conditioned room for 3 days due to me being scared of turning it off


OTL logfile created on: 12/27/2012 7:14:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Downloads\Programs
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 29.54% Memory free
3.73 Gb Paging File | 1.56 Gb Available in Paging File | 41.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.34 Gb Total Space | 45.26 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive I: | 34.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/27 19:13:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Downloads\Programs\OTL.exe
PRC - [2012/12/16 18:33:07 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/12/16 18:33:07 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/12/15 22:02:42 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/04 17:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/11 01:56:07 | 001,389,976 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012/08/27 19:10:13 | 000,344,064 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
PRC - [2012/08/27 19:10:01 | 000,655,712 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/04/11 12:54:20 | 002,607,424 | ---- | M] (DT Soft Ltd) -- C:\KianZy\Utilities\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2012/04/11 09:45:18 | 003,521,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgui.exe
PRC - [2012/04/11 09:45:16 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2012/04/11 09:24:10 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2012/04/11 09:24:09 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2012/04/11 09:24:07 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2012/04/11 09:24:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2012/04/11 09:24:05 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2012/04/11 09:24:05 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2011/06/29 17:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/28 04:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\StageRemote.exe
PRC - [2011/05/28 16:51:44 | 000,007,680 | ---- | M] (winreview.ru) -- C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe
PRC - [2011/05/27 22:06:16 | 001,138,783 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/05/27 22:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2011/04/13 19:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/03/29 23:50:06 | 000,501,104 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011/03/24 23:20:10 | 003,405,168 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2011/03/14 18:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/14 00:05:22 | 002,848,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2011/01/14 00:05:22 | 000,840,992 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2011/01/14 00:05:22 | 000,660,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/13 03:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/21 00:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/17 19:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/16 16:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/11/10 08:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/08/26 05:27:30 | 002,075,480 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
PRC - [2010/08/21 02:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/12 03:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/07/08 00:59:20 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/07/02 14:10:28 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/02 14:10:24 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/06/01 01:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/05/25 15:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/01/12 16:35:04 | 000,471,040 | ---- | M] (Blizzard Entertainment) -- c:\KianZy\Games\Warcraft\war3.exe
PRC - [2009/03/03 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/16 18:33:07 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/12/16 18:33:07 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/12/16 18:33:07 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/12/14 09:32:21 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6735246d68993bee06abd24deeb32983\IAStorUtil.ni.dll
MOD - [2012/12/14 09:32:21 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0beca50c12eaf6f0bff6236eb72cc36e\IAStorCommon.ni.dll
MOD - [2012/12/13 22:31:53 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/12/13 22:31:26 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/12/13 22:31:18 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/12/13 22:31:05 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/12/13 22:30:59 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/12/13 22:30:55 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/12/13 22:30:54 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/12/13 22:30:47 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/09/15 16:58:16 | 000,175,104 | ---- | M] () -- C:\Windows\System32\msiwfk32.dll
MOD - [2012/08/27 19:10:13 | 000,344,064 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
MOD - [2012/08/27 19:10:01 | 009,515,520 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtGui4.dll
MOD - [2012/08/27 19:10:01 | 002,415,104 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtCore4.dll
MOD - [2012/08/27 19:10:01 | 001,148,416 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtNetwork4.dll
MOD - [2012/08/27 19:10:01 | 001,101,824 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISAPI.dll
MOD - [2012/08/27 19:10:01 | 000,823,808 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SMSUIPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,693,760 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LiveUpdateInterface.dll
MOD - [2012/08/27 19:10:01 | 000,670,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsAppPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,646,144 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallUIPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,547,840 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,545,280 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\PluginContainer.dll
MOD - [2012/08/27 19:10:01 | 000,538,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceMgrUIPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,485,888 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoUIExPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,441,856 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialupUIPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,437,248 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\core.dll
MOD - [2012/08/27 19:10:01 | 000,406,528 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogUIPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,398,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtXml4.dll
MOD - [2012/08/27 19:10:01 | 000,382,464 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Proxy.dll
MOD - [2012/08/27 19:10:01 | 000,370,176 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qtiff4.dll
MOD - [2012/08/27 19:10:01 | 000,350,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qmng4.dll
MOD - [2012/08/27 19:10:01 | 000,339,968 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceAppPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,335,360 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,318,976 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\StatusBarMgrPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,304,128 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,299,520 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\MenuMgrPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,278,528 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,264,192 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\sdk.dll
MOD - [2012/08/27 19:10:01 | 000,250,880 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoRecordUIPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,243,200 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ToolBarMgrPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,238,080 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,238,080 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AtCodec.dll
MOD - [2012/08/27 19:10:01 | 000,218,112 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Common.dll
MOD - [2012/08/27 19:10:01 | 000,217,600 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,211,968 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialUpPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,192,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qjpeg4.dll
MOD - [2012/08/27 19:10:01 | 000,184,320 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XFramePlugin.dll
MOD - [2012/08/27 19:10:01 | 000,182,272 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallAppPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,180,736 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,160,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XCodec.dll
MOD - [2012/08/27 19:10:01 | 000,158,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,157,184 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DataServicePlugin.dll
MOD - [2012/08/27 19:10:01 | 000,156,672 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\STKSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,142,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\USSDSrvPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,135,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Trace.dll
MOD - [2012/08/27 19:10:01 | 000,133,120 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSDialup.dll
MOD - [2012/08/27 19:10:01 | 000,131,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSNDIS.dll
MOD - [2012/08/27 19:10:01 | 000,123,392 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ATR2SMgr.dll
MOD - [2012/08/27 19:10:01 | 000,117,760 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LayoutPlugin.dll
MOD - [2012/08/27 19:10:01 | 000,114,688 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Win7Support.dll
MOD - [2012/08/27 19:10:01 | 000,101,888 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSAdapt.dll
MOD - [2012/08/27 19:10:01 | 000,093,184 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NotifyServicePlugin.dll
MOD - [2012/08/27 19:10:01 | 000,082,944 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qgif4.dll
MOD - [2012/08/27 19:10:01 | 000,081,920 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qico4.dll
MOD - [2012/08/27 19:10:01 | 000,065,536 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSPowerMgr.dll
MOD - [2012/08/27 19:10:01 | 000,062,976 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSCall.dll
MOD - [2012/08/27 19:10:01 | 000,043,008 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\libgcc_s_dw2-1.dll
MOD - [2012/08/27 19:10:01 | 000,011,362 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\mingwm10.dll
MOD - [2012/08/27 19:10:00 | 001,078,272 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookPlugin.dll
MOD - [2012/08/27 19:10:00 | 000,771,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookUIPlugin.dll
MOD - [2012/08/27 19:10:00 | 000,264,704 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookSrvPlugin.dll
MOD - [2011/09/30 18:12:40 | 000,412,728 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 18:12:39 | 003,696,184 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 18:11:13 | 000,142,568 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 18:11:12 | 000,253,320 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 18:11:10 | 002,403,240 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 23:06:57 | 008,587,936 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/06/29 17:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/28 04:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/28 04:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\DataService.dll
MOD - [2011/06/25 08:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/25 08:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\sqlite3.dll
MOD - [2011/03/26 04:28:22 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/01/14 00:05:32 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2010/11/25 07:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 19:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/12 03:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/12 03:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/12 03:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/12 03:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/12 03:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/12 03:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/12 03:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/12 03:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/03/23 00:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/17 05:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/17 05:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/17 05:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/12 04:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/12 04:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/06 00:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/06 00:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files\Dell\Stage Remote\plugins\imageformats\qico4.dll
MOD - [2009/08/18 18:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2012/12/16 18:33:07 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/27 19:10:01 | 000,655,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/04/11 09:24:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2012/04/11 09:24:05 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2011/05/28 16:51:44 | 000,007,680 | ---- | M] (winreview.ru) [Auto | Running] -- C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe -- (persdwmsrv)
SRV - [2011/05/27 22:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011/03/14 18:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011/01/14 00:05:22 | 000,660,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 14:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 14:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/26 05:27:30 | 002,075,480 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/21 02:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/07/02 14:10:28 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/02 14:10:24 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2012/12/16 18:33:07 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/27 19:10:01 | 000,195,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/08/27 19:10:01 | 000,190,976 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012/08/27 19:10:01 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/08/27 19:10:01 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/08/27 19:10:01 | 000,073,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/08/27 19:10:01 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/08/27 19:10:01 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/04/23 14:46:39 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/04/23 14:26:26 | 000,096,056 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/04/11 09:24:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012/04/11 09:24:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2012/04/09 14:03:54 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2012/04/09 14:03:54 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/05/27 22:06:16 | 000,441,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/04/01 06:34:32 | 000,294,520 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/01/20 20:20:02 | 000,147,392 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/11/21 00:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 00:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/21 00:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/10/30 03:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/10/15 12:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/02/27 03:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 03:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/14 01:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009/05/28 19:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2006/11/02 03:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del...c=ae&l=ar&s=gen
IE - HKCU\..\SearchScopes,DefaultScope = {1A39F3AE-ACF0-4CAB-AF88-6FD83AF33CCD}
IE - HKCU\..\SearchScopes\{007F89E9-FF6B-4122-92EA-EFB334C0D58E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{00E65111-A863-4ACE-A9C9-E75371D410A8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{01428EED-A547-46F8-A887-CFFE699B7809}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{060D5DC4-6EFF-4F3E-81BE-3C02540556AB}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0654E5D9-E3B3-4152-B2D2-2F03289ECAB2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{07A25A5E-B47F-4DCD-98CC-4DA9B9FAD8AF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0EF46D3A-DC0D-4A7B-98AF-AE0A86A3277C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0F53A71D-40AC-476D-AAAD-57E14C3357BA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{142A0E14-FAC3-40A2-A620-D9F0ABBE93E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{15FD77A4-1FD7-437F-8AB0-A7FED3330A93}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1A39F3AE-ACF0-4CAB-AF88-6FD83AF33CCD}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1BD9281B-0F69-48A6-AD5D-703D2529B42E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1C475BC9-D7ED-4529-AE8C-BBE701071910}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1F204DE5-899B-4BD7-B168-32D2CB80724E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2577762E-77D7-436F-B7B2-8EEE2BBA9641}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{28AB926C-5070-4AF7-9F23-C8CAB63671A4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2B0D6AE2-19C8-4822-B7E2-88F4277AC54B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2C48B525-6F13-4C6B-B533-58A4414205F0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2CA3D7B7-F4F8-489F-8CC5-C6A7D88211D3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2CACFC49-F342-4C68-911E-E9B75B062517}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2CAD783A-50A2-4F16-B54D-718BCD93BDE3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2FF61099-1C0C-4B3C-A8F3-16A49339A612}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{35F15591-3A52-4E43-8D9C-E9C3E8428B16}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{37438B13-C639-432E-89B2-043AC4E89026}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{38BBA509-7910-4E7D-ADC0-89FBBBB5E615}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{432E5876-7634-4D4F-89B1-1021CD935CB7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{439958CA-4B6C-47D7-AB93-1292E40946E3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{462DD333-7439-4B2E-AD34-0C4BA8EB55A5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{490A97FC-18DB-49DD-9FF2-644E81C86468}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5487FCF9-1076-4FF6-BF4C-DFBD77D3D967}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{57D23064-CB26-433B-829F-6763ACD85F37}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{57D396EB-36B9-4A57-B4B4-7F5B6E575D42}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5ED9E6E0-73A4-44F4-A4ED-39F9284A73FC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{666EB2A4-27E3-45D2-A3AB-16E352156798}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{68B87B26-CE3A-4681-B8D8-0BE1B12F6A02}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6B5F3A4F-E294-43FB-AED8-D050FC7A01B3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6CEF8AFC-9ADD-4224-820D-73100E1AA01D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7682D361-4A25-4F55-A983-CE7BA06B556B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{78D44031-8B7A-407D-9647-767842836A7C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7B958F96-BB85-41E3-928A-9878A0F3DB35}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7EAA1153-8B21-4720-B610-A30C3B5F2CEE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8242B86A-3F75-4C91-B8D3-FD49D72E3E13}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8791A151-1C4F-41EA-82DE-F6BB9F6F23F9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8D2C375A-F87A-4E2D-B230-D089994376E4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8D43F44A-4DC1-4C9B-AD50-C16807BFC466}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8EC693CE-D6C1-45C7-A49C-8E45E15C791D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{91AB4014-40A0-4731-94A2-FF7454C603B3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-07-22 14:51:39&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{95F099E3-E3EE-4E83-8A04-C2EB8247B373}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{96198342-6607-4EE7-AAF5-D1E1B31F1F79}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9DC13485-982B-447F-90CE-A7262B57A33C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9E9A35EB-C506-4B39-A85C-24E4575D05EC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A46BE816-684C-40A4-A6E8-AF732CFBA44D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{AD942BAF-68A7-4290-A4BF-1D8D45546CA9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B1584A1E-EC0E-416B-B4A3-F0CEE00E697F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D24B215A-4072-4773-84F9-8441CDAC77D7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D24ECEF0-494E-4DB2-87B7-D92BDA1BCDAE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D877DFFB-E1D2-448A-9FEE-1CD8F011F080}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DC61F08B-88BD-489D-B210-4C310B85555B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{EC044800-C12A-4288-981A-7A3EA443B4E9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F8FC1EDB-FF16-4F5E-B4F5-23D076D0E74A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FA8113B2-F646-47E2-9DF4-FE69BAD684E9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FEE2033E-F458-4556-8E1F-83EDF4E46E13}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Burst Files"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: [email protected]:7.3.31
FF - prefs.js..extensions.enabledAddons: avg@toolbar:13.2.0.5
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.5.0.11422
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2012/04/11 09:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/12/16 18:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/13 20:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Dell\AppData\Roaming\IDM\idmmzcc5 [2012/12/15 21:39:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Dell\AppData\Roaming\IDM\idmmzcc5 [2012/12/15 21:39:35 | 000,000,000 | ---D | M]

[2012/04/09 14:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Extensions
[2012/09/15 01:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\eb2pwg8l.default\extensions
[2012/09/15 17:54:47 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\eb2pwg8l.default\extensions\[email protected]
[2012/09/15 01:32:55 | 000,002,223 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\eb2pwg8l.default\searchplugins\BabylonMngr.xml
[2012/12/27 11:34:47 | 000,002,285 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\eb2pwg8l.default\searchplugins\burst-files.xml
[2012/08/27 19:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/16 23:33:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/16 18:33:21 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5
[2012/12/15 21:39:35 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\DELL\APPDATA\ROAMING\IDM\IDMMZCC5
[2011/09/29 09:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/12/16 18:33:08 | 000,003,574 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/15 01:38:24 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/29 03:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Burst Files (Enabled)
CHR - default_search_provider: search_url = http://www.burstfile...ampaign=search
CHR - default_search_provider: suggest_url = http://suggestquerie...u={searchTerms}
CHR - homepage: http://search.babylo...000000000000000
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: AVG Secure Search = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak

O1 HOSTS File: ([2010/03/20 15:28:05 | 000,001,057 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellStage] C:\Program Files\Dell Stage\Dell Stage\stage_primary.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [Stage Remote] C:\Program Files\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Tutorials] "C:\Program Files\Tuto4pc\sangguni.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\KianZy\Utilities\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSIDLL] C:\windows\System32\msiwfk32.dll ()
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A4231C5-0795-4D55-97A3-7C9EE099EFB2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFA2FFE1-9D66-427A-AB61-20359826C23C}: NameServer = 10.198.220.124 202.126.40.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAF9F3F3-4CF2-48A5-88D6-8A6A29A8A522}: DhcpNameServer = 192.168.71.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/05/16 09:01:31 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/09/28 16:55:08 | 000,148,320 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/09/28 16:55:08 | 000,000,045 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{04810994-9c00-11e1-8659-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{04810994-9c00-11e1-8659-642737d76c8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43b14b5c-9b6b-11e1-821c-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{43b14b5c-9b6b-11e1-821c-642737d76c8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43b14b71-9b6b-11e1-821c-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{43b14b71-9b6b-11e1-821c-642737d76c8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7ea7b0f0-9ac4-11e1-8df8-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea7b0f0-9ac4-11e1-8df8-642737d76c8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7ea7b106-9ac4-11e1-8df8-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea7b106-9ac4-11e1-8df8-642737d76c8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a9e597ef-f9be-11e1-8090-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{a9e597ef-f9be-11e1-8090-642737d76c8e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b123c12b-f0f7-11e1-813c-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{b123c12b-f0f7-11e1-813c-642737d76c8e}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2011/09/28 16:55:08 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{caf6d1a9-f029-11e1-84a7-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{caf6d1a9-f029-11e1-84a7-642737d76c8e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{caf6d1bc-f029-11e1-84a7-642737d76c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{caf6d1bc-f029-11e1-84a7-642737d76c8e}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2011/09/28 16:55:08 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/26 21:35:19 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\GameFaqs
[2012/12/25 21:38:48 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\GarenaPlus
[2012/12/25 21:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012/12/25 21:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Garena Plus
[2012/12/25 21:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/12/25 20:04:24 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2012/12/25 20:02:16 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\windows\DIIUnin.exe
[2012/12/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlugY, The Survival Kit
[2012/12/23 15:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlugY, The Survival Kit
[2012/12/17 02:59:19 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Apps
[2012/12/16 17:06:22 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\WebStripper
[2012/12/16 17:06:22 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\WebStripper
[2012/12/16 17:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Solent
[2012/12/16 17:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageNest
[2012/12/15 21:39:15 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\IDM
[2012/12/15 21:39:08 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/12/15 21:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/12/15 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/27 13:45:53 | 062,739,779 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2012/12/27 11:41:01 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/27 11:41:01 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/27 11:40:09 | 000,660,304 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/12/27 11:40:09 | 000,121,200 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/12/27 11:33:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/27 11:33:35 | 1502,629,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/25 21:40:21 | 000,045,270 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\room_v3.dat
[2012/12/25 21:38:45 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/12/25 20:08:03 | 000,036,308 | ---- | M] () -- C:\windows\DIIUnin.dat
[2012/12/25 20:02:16 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\windows\DIIUnin.exe
[2012/12/25 20:02:16 | 000,002,829 | ---- | M] () -- C:\windows\DIIUnin.pif
[2012/12/24 01:04:27 | 000,000,023 | ---- | M] () -- C:\windows\BlendSettings.ini
[2012/12/24 00:42:27 | 000,001,703 | ---- | M] () -- C:\Users\Dell\Desktop\OblivionModManager - Shortcut.lnk
[2012/12/23 07:36:00 | 000,453,000 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/12/16 18:33:07 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys
[2012/12/16 17:06:18 | 000,001,042 | ---- | M] () -- C:\Users\Dell\Desktop\PageNest.lnk
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/25 21:40:21 | 000,045,270 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\room_v3.dat
[2012/12/25 21:38:45 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/12/25 20:02:18 | 000,036,308 | ---- | C] () -- C:\windows\DIIUnin.dat
[2012/12/25 20:02:16 | 000,002,829 | ---- | C] () -- C:\windows\DIIUnin.pif
[2012/12/16 17:06:18 | 000,001,042 | ---- | C] () -- C:\Users\Dell\Desktop\PageNest.lnk
[2012/12/13 20:54:39 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/13 20:54:05 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/09/30 12:04:09 | 000,000,019 | ---- | C] () -- C:\windows\popcinfo.dat
[2012/09/15 16:58:16 | 000,175,104 | ---- | C] () -- C:\windows\System32\msiwfk32.dll
[2012/09/09 00:15:25 | 000,213,544 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2012/08/23 18:29:22 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2012/08/05 00:53:31 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2012/08/05 00:53:31 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2012/08/05 00:53:31 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2012/04/18 14:58:32 | 000,015,184 | ---- | C] () -- C:\windows\ARCUS.DLL
[2012/04/18 14:58:11 | 000,268,640 | ---- | C] () -- C:\windows\LOAD.EXE
[2012/04/18 14:58:11 | 000,003,270 | ---- | C] () -- C:\windows\INSTALL.DAT
[2012/04/16 14:52:24 | 000,000,000 | ---- | C] () -- C:\Users\Dell\AppData\Local\rx_image32.Cache
[2012/04/13 18:10:03 | 000,007,602 | ---- | C] () -- C:\Users\Dell\AppData\Local\resmon.resmoncfg
[2012/04/13 13:02:40 | 000,011,264 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/22 15:06:54 | 000,867,020 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2012/02/22 15:06:54 | 000,128,204 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2012/02/22 15:06:54 | 000,105,428 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2012/02/22 15:06:54 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2012/02/22 15:06:54 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/02/22 15:06:54 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2012/02/22 13:58:10 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2012/02/22 13:42:26 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2012/02/22 13:40:34 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/11/16 21:57:16 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/11/16 21:57:13 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/11/16 21:57:13 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/11/16 21:57:13 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/11/16 21:57:13 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/11/16 21:57:13 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/11/16 21:57:13 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/11/16 21:57:13 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini

========== ZeroAccess Check ==========

[2009/07/14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 07:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Crowbar
Posted 26 December 2012 - 08:40 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello Paolo434 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I am reviewing your log file now. Can you please tell me what program you have that issued the warnings about Trojan horse SHeur4.AWYN?
I am also closing your other topic to avoid any confusion.
I will post back shortly.
  • 0

#3
Crowbar
Posted 26 December 2012 - 09:56 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi there,
First thing I would like to address, is that you have 15.97% Space Free on your C: drive. You are running kind of low there, Windows will be much happier when there is %20 or greater free space. You really should free up some space. I will eventually clear out your temp files and folders, so maybe that will be enough. We will see.

Second, I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • BitTorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Your AVG anti virus program is quite old, AVG 8 has been replaced a while ago, but since it's working, let's not mess with it at the moment. I will come back to this and address it later.

Last, I would like you to move the program OTL.exe to your desktop, right now it is here: C:\Users\Dell\Downloads\Programs.

Let's get started:

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
[createrestorepoint]
:OTL
IE - HKCU\..\SearchScopes\{007F89E9-FF6B-4122-92EA-EFB334C0D58E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{00E65111-A863-4ACE-A9C9-E75371D410A8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{01428EED-A547-46F8-A887-CFFE699B7809}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{060D5DC4-6EFF-4F3E-81BE-3C02540556AB}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0654E5D9-E3B3-4152-B2D2-2F03289ECAB2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{07A25A5E-B47F-4DCD-98CC-4DA9B9FAD8AF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0EF46D3A-DC0D-4A7B-98AF-AE0A86A3277C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0F53A71D-40AC-476D-AAAD-57E14C3357BA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{142A0E14-FAC3-40A2-A620-D9F0ABBE93E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{15FD77A4-1FD7-437F-8AB0-A7FED3330A93}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1A39F3AE-ACF0-4CAB-AF88-6FD83AF33CCD}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1BD9281B-0F69-48A6-AD5D-703D2529B42E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1C475BC9-D7ED-4529-AE8C-BBE701071910}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1F204DE5-899B-4BD7-B168-32D2CB80724E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2577762E-77D7-436F-B7B2-8EEE2BBA9641}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{28AB926C-5070-4AF7-9F23-C8CAB63671A4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2B0D6AE2-19C8-4822-B7E2-88F4277AC54B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2C48B525-6F13-4C6B-B533-58A4414205F0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2CA3D7B7-F4F8-489F-8CC5-C6A7D88211D3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2CACFC49-F342-4C68-911E-E9B75B062517}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2CAD783A-50A2-4F16-B54D-718BCD93BDE3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2FF61099-1C0C-4B3C-A8F3-16A49339A612}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{35F15591-3A52-4E43-8D9C-E9C3E8428B16}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{37438B13-C639-432E-89B2-043AC4E89026}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{38BBA509-7910-4E7D-ADC0-89FBBBB5E615}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{432E5876-7634-4D4F-89B1-1021CD935CB7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{439958CA-4B6C-47D7-AB93-1292E40946E3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{462DD333-7439-4B2E-AD34-0C4BA8EB55A5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{490A97FC-18DB-49DD-9FF2-644E81C86468}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5487FCF9-1076-4FF6-BF4C-DFBD77D3D967}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{57D23064-CB26-433B-829F-6763ACD85F37}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{57D396EB-36B9-4A57-B4B4-7F5B6E575D42}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5ED9E6E0-73A4-44F4-A4ED-39F9284A73FC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{666EB2A4-27E3-45D2-A3AB-16E352156798}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{68B87B26-CE3A-4681-B8D8-0BE1B12F6A02}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6B5F3A4F-E294-43FB-AED8-D050FC7A01B3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6CEF8AFC-9ADD-4224-820D-73100E1AA01D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7682D361-4A25-4F55-A983-CE7BA06B556B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{78D44031-8B7A-407D-9647-767842836A7C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7B958F96-BB85-41E3-928A-9878A0F3DB35}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7EAA1153-8B21-4720-B610-A30C3B5F2CEE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8242B86A-3F75-4C91-B8D3-FD49D72E3E13}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8791A151-1C4F-41EA-82DE-F6BB9F6F23F9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8D2C375A-F87A-4E2D-B230-D089994376E4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8D43F44A-4DC1-4C9B-AD50-C16807BFC466}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8EC693CE-D6C1-45C7-A49C-8E45E15C791D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{91AB4014-40A0-4731-94A2-FF7454C603B3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{95F099E3-E3EE-4E83-8A04-C2EB8247B373}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{96198342-6607-4EE7-AAF5-D1E1B31F1F79}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9DC13485-982B-447F-90CE-A7262B57A33C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9E9A35EB-C506-4B39-A85C-24E4575D05EC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A46BE816-684C-40A4-A6E8-AF732CFBA44D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{AD942BAF-68A7-4290-A4BF-1D8D45546CA9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B1584A1E-EC0E-416B-B4A3-F0CEE00E697F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D24B215A-4072-4773-84F9-8441CDAC77D7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D24ECEF0-494E-4DB2-87B7-D92BDA1BCDAE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D877DFFB-E1D2-448A-9FEE-1CD8F011F080}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DC61F08B-88BD-489D-B210-4C310B85555B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{EC044800-C12A-4288-981A-7A3EA443B4E9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F8FC1EDB-FF16-4F5E-B4F5-23D076D0E74A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FA8113B2-F646-47E2-9DF4-FE69BAD684E9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FEE2033E-F458-4556-8E1F-83EDF4E46E13}: "URL" = http://www.burstfile...ampaign=search
FF - prefs.js..browser.search.selectedEngine: "Burst Files"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
[2012/09/15 17:54:47 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\eb2pwg8l.default\extensions\[email protected]
[2012/09/15 01:32:55 | 000,002,223 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\eb2pwg8l.default\searchplugins\BabylonMngr.xml
[2012/12/27 11:34:47 | 000,002,285 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\eb2pwg8l.default\searchplugins\burst-files.xml
[2012/09/15 01:38:24 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O4 - HKCU..\Run: [MSIDLL] C:\windows\System32\msiwfk32.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
:commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 4
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

In your next reply I would like to see:
  • OTL fix log from step 1
  • ADWcleaner log
  • RogueKiller log
  • OTL custom scan log
  • Please post the extras.txt file - it is most likely in the C:\Users\Dell\Downloads\Programs folder from where you originally ran OTL.
  • What are the current symptoms?

  • 0

#4
Crowbar
Posted 30 December 2012 - 07:38 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP