How to remove folder shortcut virus ?? [Solved/Closed]

alavudeenstudio 4 Posts Thursday October 17, 2013Registration date January 25, 2014 Last seen - Oct 17, 2013 at 10:27 AM - Latest reply:  gjhjgj
- Apr 4, 2015 at 04:41 PM
i inserted any external usb or memmory card in my computer , when I opened the external sd card, useb, memmory card....... the folders going to shortcut...

please help me how to fix that one
See more 

21 replies

Best answer
Ambucias 55106 Posts Monday February 1, 2010Registration dateModeratorStatus September 24, 2018 Last seen - Oct 17, 2013 at 04:11 PM
23
Thank you
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.

Here is a tool to remove the virus and vaccinate your USB against further viruses.


Download UsbFix (created by El Desaparecido) on your desktop.

http://www.en.usbfix.net/download/usbfix/

If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.

Click on deletion
.
Let the tool work.

Ambucias
Moderator/virus security contributor

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).

You can also vaccinate against any virus.

Thank you, Ambucias 23

Something to say? Add comment

CCM has helped 1810 users this month

Hespeaks 1 Posts Friday October 17, 2014Registration date October 17, 2014 Last seen - Oct 17, 2014 at 11:42 AM
[b]############################## | UsbFix V 7.183 | [Clean][/b]

User: admin (Administrator) # ADMIN-PC
Updated 30/09/2014 by El Desaparecido - SosVirus
Started at 20:26:37 | 17/10/2014

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Live detection : [url=http://how-to-remove.us/]http://how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

MB: Dell Inc. (0FXK2Y)
CPU: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
RAM -> [Total : 3237 Mo | Free : 291 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft(TM) Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 37.0.2062.124
WB: Mozilla Firefox : 12.0

[b]################## | Security Information |[/b]

AV: avast! Antivirus [Enabled |[b](!) Outdated[/b]]
AS: avast! Antivirus [Enabled |[b](!) Outdated[/b]]
AS: Windows Defender [Enabled |[b](!) Outdated[/b]]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Fixed disk # 98 Gb (30 Gb free - 30%) [] # NTFS
D:\ -> Fixed disk # 179 Gb (99 Gb free - 56%) [d:] # NTFS
E:\ -> Fixed disk # 188 Gb (116 Gb free - 61%) [E] # NTFS
F:\ -> CD-ROM # 1 Gb (0 Mb free - 0%) [Test Engine] # UDF
G:\ -> Removable disk # 7 Gb (7 Gb free - 94%) [] # FAT32

[b]################## | Generic Research |[/b]

Deleted! C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\File.vbs
Deleted! C:\Users\admin\AppData\Local\Temp\File.vbs

(!) Temporary files deleted. (3064.62548160553 MB)

[b]################## | Registry |[/b]

Deleted! HKU\S-1-5-21-679191476-2898784560-2428728078-1000\Software\Microsoft\Windows\CurrentVersion\Run|File

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] EXPLORER.EXE
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Slick Savings] "C:\Users\admin\AppData\Roaming\Slick Savings\CouponsHelper.exe"
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
04 - HKLM\..\Run : [AtherosBtStack] "C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe"
04 - HKLM\..\Run : [AthBtTray] "C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [boinctray] "C:\Program Files\BOINC\boinctray.exe"
04 - HKLM\..\Run : [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [Slick Savings] "C:\Users\admin\AppData\Roaming\Slick Savings\CouponsHelper.exe"
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

[b]################## | UsbFix - Information |[/b]

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]

[b]################## | Hijack |[/b]


[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

[14/03/2014 - 00:39:51 | D] - C:\.Xilinx
[18/06/2012 - 11:56:33 | A | 0 Ko] - C:\mini-agent.txt
[11/06/2009 - 03:27:20 | A | 0 Ko] - C:\config.sys
[17/10/2014 - 20:00:23 | ASH | 2486144 Ko] - C:\hiberfil.sys
[17/10/2014 - 20:00:27 | ASH | 3314860 Ko] - C:\pagefile.sys
[18/06/2012 - 11:56:33 | A | 0 Ko] - C:\mini-agent.log
[08/08/2014 - 00:24:30 | A | 0 Ko] - C:\FileRecovery.log
[30/12/2013 - 17:11:37 | SHD] - C:\$Recycle.Bin
[15/01/2013 - 15:05:05 | A | 0 Ko] - C:\AUTOEXEC.BAT
[14/07/2009 - 08:22:05 | D] - C:\PerfLogs
[14/07/2009 - 10:38:55 | SHD] - C:\Documents and Settings
[18/06/2012 - 11:42:06 | SHD] - C:\Recovery
[18/06/2012 - 11:46:06 | RHD] - C:\MSOCache
[18/06/2012 - 11:53:03 | D] - C:\dell
[18/06/2012 - 11:58:24 | D] - C:\Intel
[18/06/2012 - 11:58:50 | D] - C:\NVIDIA
[22/10/2012 - 08:23:10 | D] - C:\Autodesk
[11/01/2013 - 16:10:12 | D] - C:\Dev-Cpp
[28/12/2013 - 11:18:39 | D] - C:\temp
[30/12/2013 - 17:10:56 | RD] - C:\Users
[14/03/2014 - 02:32:55 | D] - C:\Xilinx
[25/08/2014 - 13:54:11 | D] - C:\Windows
[09/10/2014 - 23:40:30 | HD] - C:\ProgramData
[10/10/2014 - 20:10:55 | D] - C:\Program Files
[16/10/2014 - 12:18:28 | SHD] - C:\System Volume Information
[17/10/2014 - 20:25:45 | D] - C:\UsbFix

[b]################## | D:\ - Fixed drive (NTFS) |[/b]

[11/06/2009 - 03:27:20 | A | 0 Ko] - D:\config.sys
[26/03/2012 - 10:21:40 | RASH | 0 Ko] - D:\MSDOS.SYS
[26/03/2012 - 10:21:40 | RASH | 0 Ko] - D:\IO.SYS
[16/06/2012 - 04:06:03 | | 2486144 Ko] - D:\hiberfil.sys
[30/12/2013 - 17:11:37 | SHD] - D:\$Recycle.Bin
[11/06/2009 - 03:27:20 | A | 0 Ko] - D:\autoexec.bat
[14/07/2009 - 10:38:55 | SHD] - D:\Documents and Settings
[31/12/2011 - 08:17:02 | SHD] - D:\Recovery
[09/01/2012 - 10:23:30 | HD] - D:\ProgramData
[06/10/2012 - 06:17:44 | SHD] - D:\System Volume Information
[14/10/2013 - 22:56:42 | RADC] - D:\Program Files
[28/11/2013 - 18:27:40 | D] - D:\GD topics
[14/03/2014 - 00:57:11 | D] - D:\Xilinx_installation_and_programs
[08/08/2014 - 01:11:23 | D] - D:\Devdassub_scn
[08/08/2014 - 22:41:16 | D] - D:\English Movies
[08/08/2014 - 23:20:41 | D] - D:\given by avinav at NTC
[09/08/2014 - 00:09:06 | D] - D:\Calibre Library
[30/09/2014 - 13:41:47 | D] - D:\Previous Downloads
[01/10/2014 - 20:05:08 | D] - D:\Windows
[04/10/2014 - 21:47:02 | D] - D:\dc new
[12/10/2014 - 13:01:33 | D] - D:\Allaboutdotcom
[12/10/2014 - 13:02:33 | D] - D:\downloads

[b]################## | E:\ - Fixed drive (NTFS) |[/b]

[21/04/2014 - 12:18:52 | A | 11893 Ko] - E:\Real Resumes for Students.PDF
[30/12/2013 - 17:11:37 | SHD] - E:\$RECYCLE.BIN
[24/08/2011 - 11:52:54 | SHD] - E:\System Volume Information
[03/02/2013 - 11:31:20 | D] - E:\lmg
[13/11/2013 - 10:25:41 | D] - E:\Osho Special
[25/04/2014 - 21:37:35 | D] - E:\Rapidex
[10/05/2014 - 16:44:56 | D] - E:\Matlab programs
[11/09/2014 - 23:07:37 | D] - E:\Race songs
[11/09/2014 - 23:08:16 | D] - E:\Study Materials
[11/09/2014 - 23:08:18 | D] - E:\Earth songs
[04/10/2014 - 11:50:52 | D] - E:\Videos and Shortcuts
[04/10/2014 - 11:51:10 | D] - E:\ramdev
[04/10/2014 - 11:51:57 | D] - E:\Movies in recent times

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]
Ambucias 55106 Posts Monday February 1, 2010Registration dateModeratorStatus September 24, 2018 Last seen - Oct 17, 2014 at 05:31 PM
@Hespeaks

You must feel relieved ?
i have the same problem and here is mine
[b]############################## | UsbFix V 7.806 | [Clean][/b]

User: mahmoud (Administrator) # AHMED
Updated 30/11/2014 by El Desaparecido - SosVirus
Started at 22:32:55 | 14/12/2014

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Live detection : [url=http://how-to-remove.us/]http://how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

MB: ASRock (Z87 OC Formula)
CPU: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
GC: AMD Radeon R9 200 Series
GC: NVIDIA GeForce GTX 970
RAM -> [Total : 8119 Mo | Free : 4546 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft? Windows 8.1 Pro (6.3.9600 64-Bit)
WB: Internet Explorer : 11.00.9600.16384
WB: Mozilla Firefox : 34.0.5

[b]################## | Security Information |[/b]

AV: Windows Defender [[b](!) Disabled[/b] |Updated]
AS: Windows Defender [[b](!) Disabled[/b] |Updated]
AS: Spybot - Search and Destroy [Enabled |[b](!) Outdated[/b]]
FW: Windows Firewall [[b](!) Disabled[/b]]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |[/b]

B:\ -> Fixed disk # 464 Gb (11 Gb free - 2%) [New Volume] # NTFS
C:\ (%SystemDrive%) -> Fixed disk # 98 Gb (39 Gb free - 40%) [] # NTFS
D:\ -> Fixed disk # 49 Gb (7 Gb free - 14%) [] # NTFS
E:\ -> Fixed disk # 468 Gb (11 Gb free - 2%) [New Volume] # NTFS
F:\ -> Fixed disk # 86 Gb (410 Mb free - 0%) [] # NTFS
I:\ -> Removable disk # 4 Gb (3 Gb free - 78%) [] # FAT32

[b]################## | Generic Research |[/b]

Deleted! C:\Users\mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.vbs
Deleted! C:\Users\mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup[1].vbs
Deleted! B:\fixfolder.vbs
Deleted! I:\setup.vbs
Deleted! I:\iexplore.vbs
Deleted! C:\Users\mahmoud\AppData\Local\Temp\setup.vbs
Deleted! C:\Users\mahmoud\AppData\Local\Temp\setup[1].vbs
Deleted! I:\555 rivers.lnk
Deleted! I:\Human resources is essientia to sustaine competitive advantage in all the org.lnk
Deleted! I:\Doing Business in Egypt 2012LexMundi.lnk
Deleted! I:\SanDiskSecureAccess.lnk
Deleted! I:\System Volume Information.lnk
Deleted! I:\My Vaults.lnk
Deleted! I:\OFFICE 2013 PRO PLUS.lnk
Deleted! I:\Amending Theft Law.lnk
Deleted! I:\iexplore.lnk
Deleted! I:\me.lnk
Deleted! I:\?.lnk
Deleted! I:\Inland management.lnk
Deleted! I:\five5 straits.lnk
Deleted! F:\Fraps 3.4.0 Cracked\fraps340setup.exe
Deleted! F:\Fraps 3.4.0 Cracked

(!) Temporary files deleted. (224.985491752625 MB)

[b]################## | Registry |[/b]

Deleted! HKU\S-1-5-21-2912261659-4029687672-2991464628-1001\Software\Microsoft\Windows\CurrentVersion\Run|setup
Deleted! HKU\S-1-5-21-2912261659-4029687672-2991464628-1001\Software\Microsoft\Windows\CurrentVersion\Run|setup[1]

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
04 - HKCU\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [Spotify] "C:\Users\mahmoud\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\mahmoud\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
04 - HKLM\..\Run : [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\..\Run : [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
04 - HKLM\..\Run : [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKU\S-1-5-21-2912261659-4029687672-2991464628-1001\..\Run : [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
04 - HKU\S-1-5-21-2912261659-4029687672-2991464628-1001\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2912261659-4029687672-2991464628-1001\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2912261659-4029687672-2991464628-1001\..\Run : [Spotify] "C:\Users\mahmoud\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-2912261659-4029687672-2991464628-1001\..\Run : [Spotify Web Helper] "C:\Users\mahmoud\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-2912261659-4029687672-2991464628-1001\..\Run : [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
04GS - GIGABYTE OC_GURU.lnk : C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe

[b]################## | UsbFix - Information |[/b]

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]
Live detection : [url=http://how-to-remove.us/]http://how-to-remove.us/[/url]

[b]################## | Hijack |[/b]

Restored! [D] I:\SanDiskSecureAccess
Restored! [N] I:\?. ???? ????? ???? ???? 7-9.pdf
Restored! [N] I:\?. ???? ????? ???? ???? 7-9.doc
Restored! [D] I:\My Vaults
Restored! [N] I:\Amending Theft Law.pptx
Restored! [D] I:\me
Restored! [D] I:\OFFICE 2013 PRO PLUS
Restored! [N] I:\Human resources is essientia to sustaine competitive advantage in all the org.doc
Restored! [N] I:\Inland management.docx
Restored! [N] I:\Doing Business in Egypt 2012LexMundi.rtf
Restored! [N] I:\five5 straits.pdf
Restored! [N] I:\555 rivers.pdf

[b]################## | B:\ - Fixed drive (NTFS) |[/b]

[18/04/2014 - 16:44:32 | ASH | 8388608 Ko] - B:\pagefile.sys
[11/02/2014 - 12:43:06 | A | 153302 Ko] - B:\RAVE-02-3asq.com_MejaowUpload.rar
[07/04/2013 - 15:43:31 | A | 153336 Ko] - B:\RAVE-01-3asq.com_MejaowUpload.mp4
[18/07/2013 - 10:22:38 | A | 31474 Ko] - [[url=https://www.virustotal.com/file/fc21808ed4bb5f93fef27bc941aa6f68fba94ac576b34defed21575589a4f45b/analysis/1418582500/]VirusTotal[/url] - (0/56)] - B:\LeagueofLegends_NA_Installer_05_07_13.exe
[02/05/2014 - 11:44:06 | A | 0 Ko] - B:\WorkerOutput.bin
[15/07/2014 - 16:08:18 | SHD] - B:\$RECYCLE.BIN
[18/04/2014 - 05:17:29 | A | 21 Ko] - B:\Trojorm Removal Tool v1.5.bat.bat
[17/08/2014 - 00:39:35 | RASH | 8 Ko] - B:\BOOTSECT.BAK
[02/01/2014 - 06:22:08 | D] - B:\KMSAuto Net v1.0.6 Portable EN
[21/12/2012 - 04:43:18 | D] - B:\Quran
[18/06/2013 - 14:18:29 | N | 0 Ko] - B:\BOOTNXT
[19/09/2013 - 23:28:24 | D] - B:\Mozilla Plugins
[30/09/2013 - 06:17:59 | RASH | 389 Ko] - B:\bootmgr
[02/01/2014 - 02:12:50 | D] - B:\sasuke vs itachi
[15/01/2014 - 09:31:16 | D] - B:\Program files
[18/04/2014 - 03:46:58 | D] - B:\Anime festival and random pictures
[04/05/2014 - 17:15:48 | D] - B:\Animes
[17/08/2014 - 00:39:32 | SHD] - B:\Boot
[24/08/2014 - 20:42:56 | D] - B:\SteamLibrary
[16/11/2014 - 18:21:02 | D] - B:\Middle Earth
[16/11/2014 - 18:26:58 | D] - B:\The Evil Within
[30/11/2014 - 22:39:07 | RD] - B:\Games
[02/12/2014 - 18:21:01 | D] - B:\Cod AW

[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

[20/04/2014 - 05:24:30 | A | 5 Ko] - C:\IFRToolLog.txt
[15/08/2014 - 15:39:31 | A | 1 Ko] - C:\bdlog.txt
[14/12/2014 - 15:32:58 | ASH | 8388608 Ko] - C:\pagefile.sys
[14/12/2014 - 15:32:58 | ASH | 262144 Ko] - C:\swapfile.sys
[24/08/2014 - 00:06:31 | D] - C:\Windows.old
[15/08/2014 - 13:22:26 | N | 9 Ko] - C:\bdr-ld01.mbr
[11/05/2014 - 01:40:59 | A | 0 Ko] - [[url=https://www.virustotal.com/file/6249ddd9d8c806c82d84fa4432836e828f759ed9b50752028c4eae3d8fedd9c9/analysis/1418323579/]VirusTotal[/url] - (0/56)] - C:\AVScanner.ini
[04/07/2014 - 17:49:36 | N | 48401 Ko] - C:\bdr-im01.gz
[16/01/2014 - 02:42:40 | A | 594 Ko] - [[url=https://www.virustotal.com/file/fdd525dbcc1a3cef4fd02220b0b8b2d1113e9663ccadda1ef5fbc073ef2209b2/analysis/1418168617/]VirusTotal[/url] - (0/56)] - C:\SecurityScanner.dll
[05/09/2014 - 17:48:07 | SHD] - C:\$Recycle.Bin
[26/10/2014 - 21:20:22 | A | 33730 Ko] - C:\sro_client 2014-10-26 21-20-20-50.avi
[15/08/2014 - 03:11:55 | D] - C:\The.Hunger.Games.Catching.Fire.2013.I.E.720p.BDRip.XviD.AC3-RARBG
[24/11/2014 - 02:53:07 | D] - C:\$WINDOWS.~BT
[18/06/2013 - 14:18:29 | N | 0 Ko] - C:\BOOTNXT
[13/08/2013 - 13:38:37 | N | 3195 Ko] - C:\bdr-bz01
[22/08/2013 - 16:45:52 | SHD] - C:\Documents and Settings
[22/08/2013 - 17:22:35 | D] - C:\PerfLogs
[30/09/2013 - 06:17:59 | RASH | 389 Ko] - C:\bootmgr
[20/04/2014 - 01:31:47 | D] - C:\GvTemp
[27/04/2014 - 19:36:40 | RHD] - C:\MSOCache
[15/08/2014 - 13:22:26 | N | 247 Ko] - C:\bdr-ld01
[15/08/2014 - 13:22:26 | N | 1 Ko] - C:\bdr-cf01
[16/08/2014 - 14:43:29 | RD] - C:\Users
[16/08/2014 - 15:52:27 | D] - C:\$SysReset
[17/08/2014 - 00:39:45 | SHD] - C:\Recovery
[30/11/2014 - 22:11:18 | D] - C:\$360Section
[04/12/2014 - 01:39:42 | D] - C:\360SANDBOX
[04/12/2014 - 03:49:43 | RD] - C:\Program Files
[10/12/2014 - 01:00:22 | D] - C:\Windows
[10/12/2014 - 01:03:15 | RD] - C:\Program Files (x86)
[12/12/2014 - 02:15:36 | HD] - C:\ProgramData
[12/12/2014 - 02:39:09 | D] - C:\MSI
[14/12/2014 - 22:31:29 | D] - C:\UsbFix

[b]################## | D:\ - Fixed drive (NTFS) |[/b]

[19/10/2014 - 14:34:17 | A | 1 Ko] - D:\unionmark.bmp
[19/10/2014 - 14:34:23 | A | 1 Ko] - D:\guildmark.bmp
[15/07/2014 - 16:08:18 | SHD] - D:\$RECYCLE.BIN
[03/01/2014 - 07:36:29 | D] - D:\Screen shots velesti
[03/01/2014 - 07:36:36 | D] - D:\ScreenShot
[03/01/2014 - 07:36:38 | D] - D:\scrn shots velestia
[03/01/2014 - 07:41:05 | D] - D:\creddy avengers screen shots
[03/01/2014 - 07:41:06 | D] - D:\DemonRoad
[03/01/2014 - 07:45:05 | D] - D:\old pics
[03/01/2014 - 07:50:51 | D] - D:\Music
[16/01/2014 - 11:35:07 | D] - D:\Mass Effect 3
[19/01/2014 - 01:43:35 | D] - D:\league of legends
[27/01/2014 - 01:36:58 | D] - D:\new dubstep
[10/04/2014 - 21:42:41 | D] - D:\Chrome Shield regios
[19/04/2014 - 06:32:46 | D] - D:\Dubstep
[05/06/2014 - 04:54:50 | D] - D:\new music
[30/06/2014 - 18:06:04 | D] - D:\Program files
[04/08/2014 - 15:05:30 | A | 0 Ko] - D:\{28C329BF-8D2A-4553-AA35-1849FC97E540}
[18/11/2014 - 17:08:42 | D] - D:\silkroad pservers

[b]################## | E:\ - Fixed drive (NTFS) |[/b]

[01/01/2014 - 06:32:07 | A | 344 Ko] - E:\cru-1.1.zip
[04/03/2014 - 19:14:29 | A | 3132 Ko] - E:\mBot_vSRO110_1.12b.zip
[08/09/2014 - 11:32:28 | A | 2781 Ko] - E:\svf.zip
[30/08/2014 - 16:02:49 | A | 4193280 Ko] - E:\dota 2 beta1.z01
[02/01/2014 - 14:03:51 | A | 0 Ko] - E:\UnlockCode.txt
[02/12/2014 - 18:57:38 | D] - E:\msdownld.tmp
[13/04/2013 - 12:31:27 | A | 22805 Ko] - E:\MyEgY.com.K-Lite Mega Codec Pack 9.8.0.By.FOUADY.rar
[25/07/2014 - 08:16:42 | A | 240 Ko] - E:\111.rar
[25/05/2013 - 02:57:26 | A | 1939 Ko] - E:\Screen01.png
[20/11/2012 - 20:07:56 | A | 402 Ko] - E:\Rail way and pipeline research.pdf
[27/11/2012 - 18:53:24 | A | 125 Ko] - E:\study skills.pdf
[27/11/2012 - 18:57:16 | A | 121 Ko] - E:\study skills2.pdf
[27/11/2012 - 19:01:15 | A | 119 Ko] - E:\study skills3.pdf
[29/04/2013 - 00:38:43 | A | 150 Ko] - E:\???? ????? ???? ????.doc.pdf
[02/08/2013 - 07:26:56 | A | 405 Ko] - E:\fatawa_siam_ma_yfsd_As-Sum.pdf
[19/09/2013 - 17:42:23 | A | 90 Ko] - E:\B2A.pdf
[21/11/2014 - 02:57:42 | A | 344550 Ko] - E:\BigTitCreamPie - Creampie For The Emo Girl - Christy Mack.mp4
[23/12/2013 - 20:37:41 | A | 8784 Ko] - E:\Waste Management-Fat Bo$$ Rollin' Up.mp3
[23/11/2013 - 19:03:52 | A | 37 Ko] - E:\url.jpg
[27/11/2013 - 01:29:18 | A | 941 Ko] - E:\Fantasy HD wallpaper 1920x1080 (99).jpg
[01/12/2013 - 17:06:26 | A | 10 Ko] - E:\62341_552674818150251_1484578736_n.jpg
[03/01/2014 - 20:49:18 | N | 2 Ko] - E:\AlbumArt_{C41660B8-6199-4145-ADB7-36BC819552C5}_Small.jpg
[03/01/2014 - 20:49:18 | N | 8 Ko] - E:\AlbumArt_{C41660B8-6199-4145-ADB7-36BC819552C5}_Large.jpg
[14/01/2014 - 18:13:07 | N | 8 Ko] - E:\AlbumArtSmall.jpg
[14/01/2014 - 18:13:07 | N | 39 Ko] - E:\Folder.jpg
[23/11/2013 - 19:04:37 | A | 129 Ko] - E:\54124-amd-reveals-the-radeon-r9-290x-alongside-new-r7-and-r9-gpu-lines.html
[11/04/2013 - 11:36:02 | A | 17567 Ko] - [[url=https://www.virustotal.com/file/ffdcfcdc6937937789ecf06ee611686b0f27498fbd111ca7209792f23840a1f2/analysis/1413336780/]VirusTotal[/url] - (0/54)] - E:\AdobeAIRInstaller.exe
[03/06/2013 - 17:12:13 | A | 5809 Ko] - E:\hss-2.88-install-zdnetcom-5-conduit.exe
[10/12/2013 - 00:43:21 | A | 16555 Ko] - E:\OriginThinSetup.exe
[02/01/2014 - 14:25:09 | A | 3548 Ko] - E:\svf.exe
[08/09/2014 - 11:31:39 | A | 683 Ko] - E:\cbsidlm-cbsi213-Shortcut_Virus_Fixer-SEO-76079801.exe
[21/11/2013 - 01:41:21 | A | 23 Ko] - E:\Coca cola.docx
[30/08/2014 - 12:22:21 | A | 1 Ko] - E:\guildmark.bmp
[30/08/2014 - 12:22:25 | A | 1 Ko] - E:\unionmark.bmp
[15/07/2014 - 16:08:18 | SHD] - E:\$RECYCLE.BIN
[04/03/2014 - 19:17:43 | D] - E:\mBot_vSRO110_1.12b
[15/11/2014 - 04:10:45 | SHD] - E:\found.000
[22/12/2013 - 00:44:31 | D] - E:\new shitz
[02/01/2014 - 02:23:23 | D] - E:\Guilty Crown OST
[02/01/2014 - 02:49:21 | D] - E:\Orbit
[09/01/2014 - 06:21:59 | D] - E:\txts
[12/04/2014 - 18:43:05 | D] - E:\PES2012
[03/05/2014 - 13:46:47 | D] - E:\Programs
[05/06/2014 - 04:46:13 | D] - E:\Tracing Back Roots
[27/06/2014 - 23:28:29 | D] - E:\SHIT
[15/08/2014 - 14:12:39 | D] - E:\Theta Online
[15/08/2014 - 14:15:42 | D] - E:\New folder (2)
[16/08/2014 - 15:08:48 | D] - E:\new progs
[18/09/2014 - 02:39:30 | D] - E:\111
[18/09/2014 - 03:00:09 | D] - E:\emblem
[21/09/2014 - 21:19:11 | D] - E:\fraps
[26/10/2014 - 17:20:48 | D] - E:\mbot
[10/11/2014 - 08:32:36 | D] - E:\ScreenShot
[17/11/2014 - 01:21:41 | D] - E:\Games sources
[21/11/2014 - 02:13:23 | D] - E:\[ZZSeries] Bonnie Rotten (American Whore Story Part Five) -={SPARROW}=-
[09/12/2014 - 18:30:47 | D] - E:\Games

[b]################## | F:\ - Fixed drive (NTFS) |[/b]

[13/12/2013 - 05:23:33 | SD] - F:\MyEgY.CoM.Kaspersky Internet Security 2013 13.0.0.3370 Final.By.vibration
[05/04/2012 - 07:40:56 | A | 3158 Ko] - F:\Hero.mp3
[03/09/2013 - 01:44:54 | A | 750502 Ko] - F:\FF6.mkv
[03/01/2014 - 01:53:43 | N | 3 Ko] - F:\AlbumArt_{11A5F0CE-9F03-43A0-84E5-1FE723B486EC}_Small.jpg
[03/01/2014 - 01:53:43 | N | 3 Ko] - F:\AlbumArtSmall.jpg
[03/01/2014 - 01:53:44 | N | 12 Ko] - F:\Folder.jpg
[03/01/2014 - 01:53:44 | N | 12 Ko] - F:\AlbumArt_{11A5F0CE-9F03-43A0-84E5-1FE723B486EC}_Large.jpg
[28/04/2013 - 17:26:30 | A | 120 Ko] - F:\???? ????? ???? ????.doc
[15/07/2014 - 16:08:18 | SHD] - F:\$RECYCLE.BIN
[02/06/2013 - 15:35:42 | A | 205867 Ko] - F:\01.avi
[12/04/2012 - 10:59:02 | D] - F:\MyEgy.Com.Ultras.Ahlawy.2011
[03/09/2013 - 01:49:40 | D] - F:\VirtualDub-1.9.11-AMD64
[03/10/2014 - 19:18:17 | D] - F:\Win8.1
[30/07/2012 - 18:31:49 | D] - F:\LOLPBE
[23/08/2012 - 10:14:25 | D] - F:\BOI
[11/04/2013 - 11:45:27 | D] - F:\Screenshots
[09/07/2013 - 05:39:40 | D] - F:\el sa7el
[09/07/2013 - 06:10:44 | D] - F:\diffrences
[23/08/2013 - 18:51:34 | D] - F:\MSIAfterburnerSetup231
[13/12/2013 - 05:22:23 | D] - F:\Lacuna Coil - 2012 - Dark Adrenaline
[02/01/2014 - 03:44:43 | D] - F:\fraps
[18/04/2014 - 05:02:23 | D] - F:\SAvedaTAA
[18/04/2014 - 19:44:17 | D] - F:\Guild Wars 2
[19/04/2014 - 07:49:34 | D] - F:\PACK
[19/04/2014 - 20:12:52 | D] - F:\newest pics
[02/06/2014 - 18:59:55 | D] - F:\guildwars2markoahmed123
[29/06/2014 - 04:30:37 | D] - F:\Lost Planet 3
[29/06/2014 - 04:55:59 | D] - F:\Battle of the Immortals
[31/08/2014 - 15:21:47 | D] - F:\Gamer programs
[08/09/2014 - 11:35:22 | D] - F:\Adel
[30/09/2014 - 18:02:13 | D] - F:\My good rock new albums

[b]################## | I:\ - Removable drive (FAT32) |[/b]

[04/11/2014 - 18:32:52 | N | 206 Ko] - I:\Doing Business in Egypt 2012LexMundi.rtf
[13/12/2014 - 00:45:46 | N | 105 Ko] - I:\Amending Theft Law.pptx
[07/09/2014 - 20:53:38 | N | 367 Ko] - I:\?. ???? ????? ???? ???? 7-9.pdf
[09/12/2014 - 02:38:42 | N | 689 Ko] - I:\555 rivers.pdf
[09/12/2014 - 02:43:00 | N | 287 Ko] - I:\five5 straits.pdf
[04/11/2014 - 11:34:00 | N | 1452 Ko] - I:\Inland management.docx
[07/09/2014 - 20:54:58 | N | 120 Ko] - I:\?. ???? ????? ???? ???? 7-9.doc
[20/10/2014 - 19:03:34 | N | 31 Ko] - I:\Human resources is essientia to sustaine competitive advantage in all the org.doc
[27/11/2012 - 15:38:26 | D] - I:\SanDiskSecureAccess
[19/04/2014 - 07:49:36 | D] - I:\OFFICE 2013 PRO PLUS
[08/09/2014 - 11:29:34 | D] - I:\My Vaults
[13/12/2014 - 02:26:56 | D] - I:\me

[b]################## | Vaccin |[/b]

B:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]

Displaying 1a1df503417f455465c41dca205a17dbf4dcf2d3.txt.
[b]############################## | UsbFix V 7.811 | [Clean][/b]

User: Raffy (Administrator) # PERSONAL-PC
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 01:31:52 | 01/02/2015

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net/[/url]
Live detection : [url=http://how-to-remove.us/]http://how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

MB: Acer (Aspire 4750)
CPU: Intel(R) Pentium(R) CPU B940 @ 2.00GHz
GC: Intel(R) HD Graphics
RAM -> [Total : 1892 Mo | Free : 208 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft(TM) Windows 8 Pro (6.2.9200 32-Bit)
WB: Internet Explorer : 10.00.9200.16384
WB: Opera : 26.0.1656.60

[b]################## | Security Information |[/b]

AV: Windows Defender [[b](!) Disabled[/b] |Updated]
AV: avast! Antivirus [Enabled |Updated]
AS: Windows Defender [[b](!) Disabled[/b] |Updated]
AS: avast! Antivirus [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Fixed disk # 293 Gb (137 Gb free - 47%) [] # NTFS
D:\ -> Fixed disk # 210 Gb (207 Gb free - 99%) [] # NTFS
E:\ -> Fixed disk # 195 Gb (21 Gb free - 11%) [] # NTFS
G:\ -> Removable disk # 15 Gb (15 Gb free - 100%) [2011333571] # FAT32

[b]################## | Generic Research |[/b]

Deleted! C:\Users\Raffy\AppData\Roaming\Internet Explorer\iexplore.vbs
Deleted! G:\iexplore.vbs
Deleted! C:\Users\Raffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk
Deleted! G:\recommendation letter.lnk
Deleted! G:\Thematic essay rizal.lnk
Deleted! G:\Thematic essay.lnk
Deleted! G:\domz_maintenance.lnk
Deleted! G:\Autorun.lnk
Deleted! G:\FRONT PAGE.lnk
Deleted! G:\HEADTINGY.lnk

(!) Temporary files deleted. (115.774264335632 MB)

[b]################## | Registry |[/b]

Deleted! HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\Software\Microsoft\Windows\CurrentVersion\Run|iexplore
Deleted! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iexplore

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Google Update] "C:\Users\Raffy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [L09AXLRD_1416370093] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
04 - HKCU\..\Run : [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKCU\..\Run : [BitTorrent Sync] "C:\Program Files\BitTorrent Sync\BTSync.exe" /MINIMIZED
04 - HKCU\..\Run : [SpeedUpMyComputer] C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
04 - HKCU\..\Run : [UpdateChecker] C:\Program Files\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe
04 - HKCU\..\Run : [PriceMeterW] "C:\Users\Raffy\AppData\Local\PriceMeter\pricemeterw.exe"
04 - HKCU\..\Run : [Only-search] C:\Users\Raffy\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [Alcatel Limo ModemListener] C:\Program Files\INet\BackgroundService\ModemListener.exe start
04 - HKLM\..\Run : [autodetect] C:\Windows\system32\SupportAppXL\AutoDect.exe
04 - HKLM\..\Run : [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\..\Run : [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe" /FORPCEE4
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [Google Update] "C:\Users\Raffy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [L09AXLRD_1416370093] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [BitTorrent Sync] "C:\Program Files\BitTorrent Sync\BTSync.exe" /MINIMIZED
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [SpeedUpMyComputer] C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [UpdateChecker] C:\Program Files\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [PriceMeterW] "C:\Users\Raffy\AppData\Local\PriceMeter\pricemeterw.exe"
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [Only-search] C:\Users\Raffy\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe
04 - HKU\S-1-5-21-1734547676-1661865824-2636818342-1001\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04GS - Dropbox.lnk : C:\Users\Raffy\AppData\Roaming\Dropbox\bin\Dropbox.exe

[b]################## | UsbFix - Information |[/b]

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]
Live detection : [url=http://how-to-remove.us/]http://how-to-remove.us/[/url]

[b]################## | Hijack |[/b]

Restored! [N] G:\recommendation letter.doc
Restored! [N] G:\Thematic essay rizal.docx
Restored! [N] G:\Thematic essay.docx
Restored! [N] G:\FRONT PAGE.pdf
Restored! [N] G:\HEADTINGY.pdf
Restored! [N] G:\HEADTINGY.docx

[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

[04/11/2013 - 11:49:43 | A | 4 Ko] - C:\0101.txt
[25/07/2012 - 22:52:25 | A | 0 Ko] - C:\config.sys
[31/01/2015 - 22:55:41 | ASH | 1550064 Ko] - C:\hiberfil.sys
[31/01/2015 - 22:55:43 | ASH | 3014656 Ko] - C:\pagefile.sys
[31/01/2015 - 22:55:44 | ASH | 262144 Ko] - C:\swapfile.sys
[24/11/2013 - 21:34:43 | A | 0 Ko] - C:\extensions.sqlite
[14/05/2014 - 20:32:27 | A | 0 Ko] - C:\extensions.ini
[02/03/2014 - 20:14:22 | SHD] - C:\$Recycle.Bin
[25/07/2012 - 22:52:25 | A | 0 Ko] - C:\autoexec.bat
[07/03/2014 - 03:04:25 | D] - C:\found.002
[07/03/2014 - 03:04:25 | D] - C:\found.001
[07/03/2014 - 03:04:25 | SHD] - C:\found.000
[14/11/2014 - 21:48:13 | D] - C:\$Windows.~BT
[02/06/2012 - 06:30:55 | N | 0 Ko] - C:\BOOTNXT
[25/07/2012 - 19:44:30 | RASH | 389 Ko] - C:\bootmgr
[25/07/2012 - 22:04:44 | SHD] - C:\Documents and Settings
[25/07/2012 - 22:29:57 | D] - C:\PerfLogs
[21/10/2013 - 22:06:37 | D] - C:\Drivers
[21/10/2013 - 22:09:17 | D] - C:\Intel
[21/10/2013 - 22:14:58 | RHD] - C:\MSOCache
[15/02/2014 - 13:43:58 | D] - C:\The KMPlayer
[09/07/2014 - 21:28:15 | D] - C:\AutoKMS
[04/08/2014 - 11:36:17 | RD] - C:\Users
[24/09/2014 - 15:45:17 | D] - C:\Games
[26/12/2014 - 21:12:54 | D] - C:\Windows
[23/01/2015 - 00:54:57 | HD] - C:\ProgramData
[28/01/2015 - 16:10:01 | RD] - C:\Program Files
[28/01/2015 - 22:47:52 | D] - C:\Team Fortress 2
[01/02/2015 - 01:31:10 | D] - C:\UsbFix

[b]################## | D:\ - Fixed drive (NTFS) |[/b]

[18/06/2014 - 09:10:16 | RA | 2350329 Ko] - D:\Team Fortress 2.exe
[21/10/2013 - 22:07:20 | SHD] - D:\$RECYCLE.BIN
[27/07/2013 - 12:39:36 | D] - D:\fixtap
[15/01/2014 - 19:23:22 | D] - D:\NENEN KO ^_^

[b]################## | E:\ - Fixed drive (NTFS) |[/b]

[22/10/2013 - 20:35:53 | D] - E:\MSIcf451.tmp
[22/10/2013 - 20:39:30 | D] - E:\MSIcf457.tmp
[17/11/2013 - 22:28:14 | D] - E:\MSI589ea.tmp
[17/11/2013 - 22:32:45 | D] - E:\MSI589f0.tmp
[17/11/2013 - 22:32:47 | D] - E:\MSI589f5.tmp
[17/11/2013 - 22:35:12 | D] - E:\MSI589f9.tmp
[17/11/2013 - 22:37:38 | D] - E:\MSI589fe.tmp
[24/11/2013 - 18:44:21 | D] - E:\MSI67a8a.tmp
[29/12/2013 - 15:32:41 | D] - E:\MSI970ca.tmp
[02/01/2014 - 18:00:50 | D] - E:\MSIab177.tmp
[15/02/2014 - 13:53:27 | D] - E:\MSIcf369.tmp
[27/02/2014 - 08:21:32 | D] - E:\MSIfa05f.tmp
[27/02/2014 - 08:21:39 | D] - E:\MSIfa062.tmp
[02/03/2014 - 20:15:59 | D] - E:\MSIeb32.tmp
[02/03/2014 - 20:16:27 | D] - E:\MSIeb42.tmp
[06/04/2014 - 08:20:07 | D] - E:\MSIe01ee.tmp
[06/04/2014 - 08:20:28 | D] - E:\MSIe01fe.tmp
[14/04/2014 - 13:04:11 | D] - E:\MSIf8e4a.tmp
[14/04/2014 - 13:05:13 | D] - E:\MSIf8e51.tmp
[29/08/2013 - 09:56:28 | A | 328 Ko] - E:\EXPERIMENT 5 - CARBOHYDRATES.pdf
[06/10/2013 - 20:18:20 | A | 1838 Ko] - E:\ANTIMICROBIAL EFFICACY OF Brugeria cylindrica ETHANOLIC LEAF EXTRACT AGAINST Staphylococcus aureus AND Escherichia coli.pdf
[21/10/2013 - 22:11:44 | SHD] - E:\$RECYCLE.BIN
[22/10/2013 - 00:07:33 | D] - E:\Nenen ko
[26/10/2013 - 15:26:19 | D] - E:\_485953_
[28/10/2013 - 05:35:54 | D] - E:\_860312_
[08/11/2013 - 22:38:51 | D] - E:\_748328_
[16/11/2013 - 21:36:48 | D] - E:\_083000_
[17/11/2013 - 22:28:07 | D] - E:\_561875_
[17/11/2013 - 22:37:37 | D] - E:\_132171_
[26/11/2013 - 20:38:21 | D] - E:\_917406_
[26/11/2013 - 20:39:41 | D] - E:\_997281_
[19/12/2013 - 09:08:38 | D] - E:\_152890_
[19/01/2014 - 21:22:28 | D] - E:\_502421_
[19/01/2014 - 21:23:24 | D] - E:\_557750_
[28/01/2014 - 21:54:59 | D] - E:\_053312_
[15/02/2014 - 17:42:04 | D] - E:\_584109_
[26/02/2014 - 21:28:38 | D] - E:\_831500_
[26/02/2014 - 21:30:22 | D] - E:\_936343_
[15/03/2014 - 00:14:53 | D] - E:\_565031_
[15/03/2014 - 00:15:51 | D] - E:\_623578_
[19/03/2014 - 08:43:36 | D] - E:\_785937_
[11/04/2014 - 08:35:03 | D] - E:\_473109_
[24/09/2014 - 16:17:21 | D] - E:\NARUTO SHIPPUDEN ULTIMATE NINJA STORM REVOLUTION
[27/09/2014 - 17:33:15 | RD] - E:\Desktop
[28/09/2014 - 17:28:52 | D] - E:\Family pictures
[06/10/2014 - 15:50:15 | D] - E:\Movies

[b]################## | G:\ - Removable drive (FAT32) |[/b]

[31/01/2015 - 16:50:54 | N | 130 Ko] - G:\FRONT PAGE.pdf
[31/01/2015 - 17:51:00 | N | 130 Ko] - G:\HEADTINGY.pdf
[31/01/2015 - 14:48:16 | N | 15 Ko] - G:\Thematic essay rizal.docx
[31/01/2015 - 14:50:10 | N | 16 Ko] - G:\Thematic essay.docx
[31/01/2015 - 17:51:40 | N | 46 Ko] - G:\HEADTINGY.docx
[28/01/2015 - 17:39:22 | N | 33 Ko] - G:\recommendation letter.doc

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]
Ambucias 55106 Posts Monday February 1, 2010Registration dateModeratorStatus September 24, 2018 Last seen > Raffy - Jan 31, 2015 at 04:49 PM
Is it repaired?
2
Thank you
yes the solution above is really awesome it save me from format my laptop
alavudeenstudio 4 Posts Thursday October 17, 2013Registration date January 25, 2014 Last seen - Oct 18, 2013 at 09:51 AM
2
Thank you
############################## | UsbFix V 7.145 | [Deletion]

User: Main System (Administrator) # MAINSYSTEM-PC
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 17:18:26 | 18/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Gigabyte Technology Co., Ltd. (P35-DS3L)
CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
RAM -> [Total : 2046 | Free : 985]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AV: Norton AntiVirus [Enabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 73 Gb (57 Mb free - 78%) [] # NTFS
D:\ -> Fixed drive # 38 Gb (11 Mb free - 30%) [data] # NTFS
E:\ -> Fixed drive # 38 Gb (12 Mb free - 32%) [data1] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
L:\ -> CD-ROM

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [autodetect] - C:\Program Files\du Mobile Broadband\AutoDect.exe
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Main System\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [1b47] - C:\Users\Main System\AppData\Roaming\0d510\1b47.js
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Stopped processes |

Stopped! C:\Windows\System32\spoolsv.exe (ID 1364 |ParentID 532)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1520 |ParentID 532)
Stopped! C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (ID 1568 |ParentID 532)
Stopped! C:\Windows\system32\taskhost.exe (ID 1748 |ParentID 532)
Stopped! C:\Windows\Explorer.EXE (ID 1812 |ParentID 1696)
Stopped! C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (ID 1984 |ParentID 532)
Stopped! C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (ID 296 |ParentID 1568)
Stopped! C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID 328 |ParentID 532)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID 2088 |ParentID 532)
Stopped! C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (ID 2120 |ParentID 1984)
Stopped! C:\Windows\system32\WUDFHost.exe (ID 2256 |ParentID 916)
Stopped! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID 2528 |ParentID 1812)
Stopped! C:\Program Files\Real\RealPlayer\Update\realsched.exe (ID 2604 |ParentID 1812)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID 2612 |ParentID 1812)
Stopped! C:\Program Files\du Mobile Broadband\AutoDect.exe (ID 2676 |ParentID 1812)
Stopped! C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (ID 2696 |ParentID 1812)
Stopped! C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (ID 2704 |ParentID 1812)
Stopped! C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (ID 2732 |ParentID 1812)
Stopped! C:\Windows\System32\WScript.exe (ID 2804 |ParentID 1812)
Stopped! C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (ID 3028 |ParentID 716)
Stopped! C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (ID 3168 |ParentID 532)
Stopped! C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe (ID 3564 |ParentID 1812)
Stopped! C:\Users\MAINSY~1\AppData\Local\Temp\Adobelm_Cleanup.0001 (ID 988 |ParentID 3564)
Stopped! C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (ID 4060 |ParentID 532)
Stopped! C:\Users\MAINSY~1\AppData\Local\Temp\Adobelm_Cleanup.0001 (ID 2000 |ParentID 3564)
Stopped! C:\Program Files\du Mobile Broadband\UIMain.exe (ID 2540 |ParentID 2676)
Stopped! C:\Program Files\du Mobile Broadband\CMUpdater.exe (ID 5336 |ParentID 2540)
Stopped! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID 4924 |ParentID 944)

################## | Files # Infected Folders |

Deleted ! C:\Users\Main System\AppData\Roaming\0d510\1b47.js
Deleted ! C:\Users\Main System\AppData\Roaming\0d510
Deleted ! C:\Users\Main System\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4905.js

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\Software\Microsoft\Windows\CurrentVersion\Run|1b47
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\K
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{cc0c3714-36e2-11e3-a342-00a0c6000000}

################## | Listing |

[13/10/2013 - 20:47:08 | SHD ] C:\$Recycle.Bin
[14/10/2013 - 21:10:56 | D ] C:\0c8bf
[17/10/2013 - 18:33:35 | D ] C:\32788R22FWJFW
[11/06/2009 - 01:42:20 | N | 24] C:\autoexec.bat
[17/10/2013 - 16:44:20 | HD ] C:\Config.Msi
[11/06/2009 - 01:42:20 | N | 10] C:\config.sys
[14/07/2009 - 08:53:55 | SHD ] C:\Documents and Settings
[14/10/2013 - 12:15:53 | N | 136] C:\GPEapSim.log
[18/10/2013 - 16:36:18 | ASH | 1609424896] C:\hiberfil.sys
[13/10/2013 - 21:32:15 | RHD ] C:\MSOCache
[18/10/2013 - 16:36:23 | ASH | 2145902592] C:\pagefile.sys
[14/07/2009 - 06:37:05 | D ] C:\PerfLogs
[17/10/2013 - 16:36:08 | D ] C:\Program Files
[17/10/2013 - 16:38:34 | HD ] C:\ProgramData
[13/10/2013 - 20:44:44 | SHD ] C:\Recovery
[18/10/2013 - 16:55:51 | SHD ] C:\System Volume Information
[18/10/2013 - 17:19:16 | D ] C:\UsbFix
[18/10/2013 - 17:21:19 | A | 6688] C:\UsbFix [Clean 1] MAINSYSTEM-PC.txt
[18/10/2013 - 17:05:41 | N | 7110] C:\UsbFix [Scan 1] MAINSYSTEM-PC.txt
[13/10/2013 - 20:46:49 | RD ] C:\Users
[17/10/2013 - 18:33:18 | D ] C:\Windows
[13/10/2013 - 20:47:08 | SHD ] D:\$RECYCLE.BIN
[05/06/2012 - 23:22:15 | N | 4988] D:\24b0a92e-aba5-4c2a-bd89-0806fce5be15.jpg
[01/09/2011 - 20:09:32 | N | 98907519] D:\3.psd
[01/02/2013 - 17:47:28 | N | 1547495] D:\6 inch endura.JPG
[19/05/2013 - 18:06:04 | D ] D:\April 222378 to 23012
[12/09/2013 - 09:10:08 | D ] D:\araaic
[13/09/2013 - 16:30:39 | D ] D:\August 24709 to 24944
[01/10/2013 - 11:51:17 | D ] D:\Favorites
[25/06/2013 - 18:24:34 | N | 16136440] D:\Ferari ps star.psd
[03/09/2013 - 10:19:47 | D ] D:\First Security
[17/08/2013 - 16:39:33 | D ] D:\July 24488 to 24708
[02/10/2013 - 19:13:57 | D ] D:\June 24215 to 24487
[17/10/2013 - 08:45:09 | D ] D:\Kodak
[02/10/2013 - 14:07:40 | D ] D:\March 22377 to22720
[01/06/2013 - 10:25:17 | D ] D:\May 23013 to 24215
[18/04/2013 - 12:22:35 | D ] D:\najda palace
[09/10/2013 - 18:06:15 | D ] D:\nas pass visa
[30/09/2013 - 08:27:37 | D ] D:\nas work
[08/06/2013 - 10:57:43 | D ] D:\pp
[01/11/2012 - 17:07:12 | N | 162581] D:\proti.jpg
[23/02/2012 - 21:30:11 | SHD ] D:\RECYCLER
[30/09/2013 - 22:09:45 | D ] D:\Sep. 24945 to 25295
[16/05/2011 - 07:13:34 | N | 8591629] D:\studio Calendar 2011 copy.psd
[17/12/2012 - 12:30:07 | N | 5003396] D:\studio Calendar 2013 copy.psd
[22/12/2012 - 11:28:02 | N | 19136913] D:\studio Calendar 2013 copyccc.psd
[19/10/2010 - 10:02:07 | N | 7578101] D:\studio Calendar.psd
[06/09/2011 - 09:13:00 | N | 15918727] D:\Studio callender 2012c.psd
[24/12/2012 - 19:31:45 | N | 1314661] D:\studio Receipt.psd
[02/09/2013 - 10:02:44 | N | 9942742] D:\Studio Small Card..psd
[18/10/2013 - 16:38:38 | SHD ] D:\System Volume Information
[23/01/2012 - 17:27:50 | RASH | 45568] D:\Thumbs.db
[15/09/2013 - 08:40:04 | D ] D:\Vijay
[17/10/2013 - 20:53:44 | D ] D:\_October 25296 to
[19/03/2011 - 04:17:19 | | 165] D:\~$Alavudeen 2011.xlsx
[13/10/2013 - 20:47:08 | SHD ] E:\$RECYCLE.BIN
[13/01/2011 - 12:15:06 | N | 1320013] E:\01.jpg
[30/07/2011 - 18:44:31 | N | 55335159] E:\01c.psd
[13/01/2011 - 12:14:12 | N | 1118974] E:\02.jpg
[13/01/2011 - 12:12:38 | N | 1196606] E:\03.jpg
[16/08/2012 - 12:01:23 | N | 0] E:\10931598_MVM_2.tmp
[01/05/2012 - 11:50:37 | N | 9741762] E:\24 x 20 with matt lamination mounting.jpg
[01/12/2012 - 19:52:32 | N | 309660] E:\63371_425147500872246_2088977559_n.jpg
[12/10/2013 - 19:55:23 | D ] E:\816_Songs
[07/01/2012 - 20:04:54 | N | 1955650] E:\999935_324 copy.JPG
[23/09/2013 - 20:57:41 | D ] E:\B g
[28/06/2013 - 17:22:48 | D ] E:\bank
[02/09/2012 - 16:53:32 | N | 142716] E:\bas.psd
[25/04/2011 - 06:41:22 | N | 3656916] E:\Bg 01.jpg
[11/05/2011 - 09:23:19 | N | 1118004] E:\Bg 02.jpg
[22/09/2013 - 10:03:42 | N | 6900103] E:\CD Sticker.psd
[14/10/2013 - 20:47:23 | N | 7225947] E:\CD Stickercccc.psd
[21/03/2012 - 23:43:34 | N | 9743427] E:\Copy of Picture.jpg
[20/06/2012 - 12:27:15 | N | 27241103] E:\Cover Cd pisco.psd
[11/06/2012 - 21:29:52 | N | 35627233] E:\Cover Cd.psd
[24/02/2012 - 19:13:50 | D ] E:\CPAK
[02/07/2012 - 11:31:59 | N | 7403449] E:\Dadi JAnaki New 1c.psd
[13/12/2012 - 13:40:29 | N | 17508003] E:\Dadi JAnaki New 1ccccc.psd
[13/09/2013 - 18:16:21 | N | 502434276] E:\danaaaa.psd
[22/08/2013 - 20:46:46 | D ] E:\Eid 2013
[25/10/2012 - 13:13:59 | N | 3534814] E:\Eid Mubarak_Banner_b.psd
[14/06/2011 - 12:24:30 | N | 9800139] E:\Embassy.psd
[25/05/2013 - 11:20:38 | N | 35797405] E:\Emirates palce.psd
[18/09/2013 - 21:41:48 | D ] E:\eshal pic
[02/02/2013 - 09:42:37 | N | 13672] E:\ggggg.docx
[17/10/2013 - 21:13:07 | D ] E:\manananna
[22/09/2013 - 10:33:48 | D ] E:\Medical
[03/04/2013 - 10:27:48 | N | 62382] E:\MOHAMED ANCHU KANDAN 01111.docx
[18/08/2013 - 16:34:47 | D ] E:\New folder
[29/09/2013 - 13:18:20 | D ] E:\New folder (2)
[03/10/2013 - 21:05:18 | D ] E:\New folder (3)
[17/10/2013 - 08:53:21 | D ] E:\New folder (4)
[14/10/2013 - 13:45:05 | D ] E:\New folder (5)
[15/08/2012 - 12:50:36 | N | 22] E:\New WinRAR ZIP archive.zip
[23/02/2012 - 18:57:59 | N | 2145386496] E:\pagefile.sys
[28/06/2013 - 17:11:01 | D ] E:\photo
[15/09/2012 - 13:49:26 | N | 365429] E:\Protivity.jpg
[15/09/2012 - 13:52:55 | N | 580231] E:\Protivityss.jpg
[20/07/2012 - 16:38:18 | D ] E:\quran
[23/02/2012 - 21:30:14 | SHD ] E:\RECYCLER
[17/05/2011 - 06:01:20 | N | 1851763] E:\reflectionsofthepillarsc.jpg
[14/08/2012 - 13:57:19 | N | 192371] E:\sallll sighn.psd
[07/08/2013 - 22:31:07 | D ] E:\Shk Zayed Masjid
[02/06/2013 - 12:53:36 | N | 4236111] E:\Showw.psd
[14/10/2013 - 11:15:38 | D ] E:\Studio
[22/04/2011 - 08:30:13 | N | 1815884] E:\Studio.psd
[18/10/2013 - 16:38:38 | SHD ] E:\System Volume Information
[20/12/2012 - 11:11:51 | D ] E:\TATTOO AND PIC
[10/12/2012 - 11:50:34 | N | 10614] E:\The Administration officer.docx
[08/01/2012 - 10:36:50 | RASH | 44032] E:\Thumbs.db
[13/09/2013 - 16:35:11 | D ] E:\Total Video Converter HD 7.1
[02/07/2012 - 15:33:46 | N | 15729130] E:\Total Video Converter HD 7.1.rar
[13/10/2013 - 19:35:02 | D ] E:\Vijay

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
2
Thank you
############################## | UsbFix V 7.159 | [Deletion]

User: bahay (Administrator) # BAHAY-PC
Updated 06/01/2014 by El Desaparecido - Team SosVirus
Started at 09:09:14 | 09/01/2014

Website : http://www.en.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Emaxx Technology.,Ltd (EMX-ANF82HD-PRO V3.0)
CPU: AMD Athlon(tm) II X3 440 Processor
RAM -> [Total : 1791 Mo| Free : 621 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7600 32-Bit)
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 146 Gb (70 Mb free - 48%) [] # NTFS
D:\ -> Fixed drive # 152 Gb (18 Mb free - 12%) [delta] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 7 Gb (3 Mb free - 38%) [G BAYLEN] # FAT32
G:\ -> Removable drive # 2 Gb (5 Mb free - 0%) [] # FAT32

################## | Stopped processes |

Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1356 |ParentID: 512)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 1500 |ParentID: 512)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1604 |ParentID: 512)
Stopped! C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (ID: 1680 |ParentID: 512)
Stopped! C:\Windows\system32\WUDFHost.exe (ID: 368 |ParentID: 908)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2788 |ParentID: 512)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 2924 |ParentID: 512)
Stopped! C:\Windows\system32\taskhost.exe (ID: 2592 |ParentID: 512)
Stopped! C:\Windows\system32\taskeng.exe (ID: 2828 |ParentID: 952)
Stopped! C:\Users\bahay\AppData\Local\Temp\Rar$EXa0.159\PCMeter\PCMeterV0.3.exe (ID: 1736 |ParentID: 2828)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3520 |ParentID: 1688)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 3992 |ParentID: 1688)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (ID: 1852 |ParentID: 1688)
Stopped! C:\Users\bahay\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 1332 |ParentID: 1688)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1896 |ParentID: 1688)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2496 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3736 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1784 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3508 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 564 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2936 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1900 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3584 |ParentID: 1896)

################## | Regedit Run |

04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1179224860-2076431250-2808751423-1001\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Deleted ! F:\proj.lnk
Deleted ! F:\franz.lnk
Deleted ! F:\.lnk
Deleted ! F:\Bon Jovi - Live in London At Wembley Stadium COMPLETO.lnk
Deleted ! F:\Raffy form.lnk
Deleted ! F:\Raffy form-2.lnk
Deleted ! F:\.Trashes.lnk
Deleted ! F:\.Spotlight-V100.lnk
Deleted ! F:\.fseventsd.lnk
Deleted ! F:\field trip.lnk
Deleted ! F:\my birthday pics.lnk
Deleted ! F:\saudi pics.lnk
Deleted ! F:\geraldine pics.lnk
Deleted ! F:\Bluetooth Folder.lnk
Deleted ! F:\~WRD0412.lnk
Deleted ! F:\~WRD0634.lnk

(!) Temporary files deleted.

################## | Registry |

Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Repaired ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 1
Deleted ! HKU\S-1-5-21-1179224860-2076431250-2808751423-1001\Software\.\.\.\.\Mountpoints2\{a36c22d0-3688-11e3-832d-806e6f6e6963}

################## | Listing |

[16/10/2013 - 15:49:31 | SHD] - C:\$Recycle.Bin
[11/06/2009 - 05:42:20 | A | 0 Ko] - C:\autoexec.bat
[17/10/2013 - 02:29:31 | SHD] - C:\Boot
[14/07/2009 - 09:38:58 | RASH | 375 Ko] - C:\bootmgr
[17/10/2013 - 02:29:32 | N | 8 Ko] - C:\BOOTSECT.BAK
[22/10/2013 - 16:11:00 | D] - C:\CFLog
[11/06/2009 - 05:42:20 | N | 0 Ko] - C:\config.sys
[14/07/2009 - 12:53:55 | SHD] - C:\Documents and Settings
[08/01/2014 - 22:34:40 | ASH | 1375624 Ko] - C:\hiberfil.sys
[16/10/2013 - 11:59:41 | RHD] - C:\MSOCache
[16/10/2013 - 10:35:56 | N | 201 Ko] - C:\NABTP
[08/01/2014 - 22:34:41 | ASH | 1834168 Ko] - C:\pagefile.sys
[14/07/2009 - 10:37:05 | D] - C:\PerfLogs
[02/01/2014 - 20:55:51 | D] - C:\Program Files
[02/01/2014 - 21:34:15 | HD] - C:\ProgramData
[16/10/2013 - 10:35:38 | SHD] - C:\Recovery
[02/01/2014 - 20:49:00 | SHD] - C:\System Volume Information
[09/01/2014 - 09:09:16 | D] - C:\UsbFix
[09/01/2014 - 09:09:35 | A | 6 Ko | 13865AE7111ADE53A0755EA66736A936] - C:\UsbFix [Clean 1] BAHAY-PC.txt
[16/10/2013 - 15:49:26 | D] - C:\Users
[16/10/2013 - 10:35:56 | N | 0 Ko] - C:\wedaolu
[02/01/2014 - 20:49:11 | D] - C:\Windows
[16/10/2013 - 15:49:31 | SHD] - D:\$RECYCLE.BIN
[22/08/2010 - 13:32:00 | N | 0 Ko | 70D01EA6F9A922AB8EC25C26549A496D] - D:\AMPED acc info..txt
[15/06/2010 - 20:49:13 | N | 0 Ko | 4ECF55BE6530D4F2FF5250CFE04631F9] - D:\australia apply.txt
[16/12/2013 - 16:39:10 | D] - D:\Crossfire PH
[16/10/2013 - 13:44:44 | D] - D:\DCIM
[30/11/2012 - 10:32:25 | D] - D:\Franz field trip Nov29 2012
[10/08/2013 - 10:58:42 | D] - D:\Galaxy tab 2 Pix
[12/04/2012 - 10:25:34 | D] - D:\ginablan
[19/09/2013 - 11:56:31 | D] - D:\installers
[02/01/2012 - 16:04:03 | D] - D:\JR's
[07/01/2014 - 17:04:56 | D] - D:\movies
[31/07/2013 - 08:34:01 | D] - D:\My Music
[23/09/2013 - 13:52:46 | D] - D:\My Pictures
[26/11/2012 - 17:07:08 | D] - D:\My Videos
[26/06/2012 - 21:02:43 | D] - D:\Not Mine
[03/05/2010 - 16:48:49 | SHD] - D:\RECYCLER
[16/07/2010 - 20:49:53 | N | 0 Ko | 15116D02E5E619D1228D56FE3DE6BC6D] - D:\roxasians.txt
[11/10/2013 - 10:52:42 | D] - D:\SteamLibrary
[17/10/2011 - 12:41:56 | SHD] - D:\System Volume Information
[15/10/2013 - 18:40:31 | D] - D:\USB
[05/01/2012 - 22:47:02 | D] - D:\usb files
[26/08/2012 - 00:14:38 | SH | 4 Ko] - F:\._.Trashes
[26/08/2012 - 00:14:38 | SHD] - F:\.Trashes
[26/08/2012 - 00:14:38 | SHD] - F:\.Spotlight-V100
[26/08/2012 - 00:14:38 | SHD] - F:\.fseventsd
[17/07/2013 - 16:43:04 | N | 273101 Ko] - F:\82a4fdc0827e41b5d4173fac7b1cc73c4fe43767 (1).mp4
[22/06/2013 - 00:00:00 | N | 467671 Ko] - F:\Bon Jovi - Live in London At Wembley Stadium COMPLETO.mp4
[07/01/2014 - 10:40:04 | N | 383 Ko] - F:\Raffy form.jpg
[07/01/2014 - 10:40:38 | N | 403 Ko] - F:\Raffy form-2.jpg
[26/12/2012 - 19:53:56 | D] - F:\field trip
[28/11/2012 - 17:30:16 | D] - F:\my birthday pics
[09/01/2014 - 08:30:26 | D] - F:\FOUND.000
[02/02/2013 - 19:36:02 | D] - F:\saudi pics
[04/02/2013 - 08:22:56 | D] - F:\geraldine pics
[04/11/2012 - 22:04:54 | D] - F:\Bluetooth Folder
[07/01/2014 - 15:23:50 | N | 219 Ko] - F:\proj.docx
[07/01/2014 - 15:18:58 | N | 324 Ko] - F:\franz.docx
[07/01/2014 - 16:04:48 | N | 388 Ko] - F:\~WRD0412.tmp
[07/01/2014 - 16:10:34 | N | 388 Ko] - F:\~WRD0634.tmp
[07/01/2014 - 16:27:16 | N | 1 Ko] - F:\GERALD~1.LN0
[07/01/2014 - 16:27:16 | N | 1 Ko] - F:\BLUETO~1.LN0
[07/01/2014 - 15:23:50 | N | 219 Ko] - F:\PROJ~1.DO0
[07/01/2014 - 15:18:58 | N | 324 Ko] - F:\FRANZ~1.DO0
[07/01/2014 - 16:04:48 | N | 388 Ko] - F:\~WRD0412.tm0
[07/01/2014 - 16:27:14 | N | 2 Ko] - F:\~WRD0412.ln0
[07/01/2014 - 16:10:34 | N | 388 Ko] - F:\~WRD0634.tm0
[07/01/2014 - 16:27:14 | N | 2 Ko] - F:\~WRD0634.ln0

################## | Vaccin |

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Ambucias 55106 Posts Monday February 1, 2010Registration dateModeratorStatus September 24, 2018 Last seen - Oct 18, 2013 at 04:07 PM
1
Thank you
Well that should have done the trick and the virus is removed.
1
Thank you
works perfectly thanks.
1
Thank you
Works great
1
Thank you
it was awesome... it helped me alot... thanks alot for posting this...
alavudeenstudio 4 Posts Thursday October 17, 2013Registration date January 25, 2014 Last seen - Oct 18, 2013 at 09:11 AM
0
Thank you
############################## | UsbFix V 7.145 | [Research]

User: Main System (Administrator) # MAINSYSTEM-PC
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 17:02:30 | 18/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Gigabyte Technology Co., Ltd. (P35-DS3L)
CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
RAM -> [Total : 2046 | Free : 1108]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AV: Norton AntiVirus [Enabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 73 Gb (57 Mb free - 78%) [] # NTFS
D:\ -> Fixed drive # 38 Gb (11 Mb free - 30%) [data] # NTFS
E:\ -> Fixed drive # 38 Gb (12 Mb free - 32%) [data1] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID 420 |ParentID 356)
C:\Windows\system32\wininit.exe (ID 484 |ParentID 356)
C:\Windows\system32\csrss.exe (ID 496 |ParentID 472)
C:\Windows\system32\services.exe (ID 532 |ParentID 484)
C:\Windows\system32\lsass.exe (ID 556 |ParentID 484)
C:\Windows\system32\lsm.exe (ID 564 |ParentID 484)
C:\Windows\system32\winlogon.exe (ID 624 |ParentID 472)
C:\Windows\system32\svchost.exe (ID 716 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 792 |ParentID 532)
C:\Windows\System32\svchost.exe (ID 884 |ParentID 532)
C:\Windows\System32\svchost.exe (ID 916 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 944 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 1124 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 1228 |ParentID 532)
C:\Windows\System32\spoolsv.exe (ID 1364 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 1400 |ParentID 532)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1520 |ParentID 532)
C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (ID 1568 |ParentID 532)
C:\Windows\system32\Dwm.exe (ID 1732 |ParentID 916)
C:\Windows\system32\taskhost.exe (ID 1748 |ParentID 532)
C:\Windows\Explorer.EXE (ID 1812 |ParentID 1696)
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (ID 1984 |ParentID 532)
C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (ID 296 |ParentID 1568)
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID 328 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 332 |ParentID 532)
C:\Windows\system32\SearchIndexer.exe (ID 2088 |ParentID 532)
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (ID 2120 |ParentID 1984)
C:\Windows\system32\WUDFHost.exe (ID 2256 |ParentID 916)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID 2528 |ParentID 1812)
C:\Program Files\Real\RealPlayer\Update\realsched.exe (ID 2604 |ParentID 1812)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID 2612 |ParentID 1812)
C:\Program Files\du Mobile Broadband\AutoDect.exe (ID 2676 |ParentID 1812)
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (ID 2696 |ParentID 1812)
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (ID 2704 |ParentID 1812)
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (ID 2732 |ParentID 1812)
C:\Windows\System32\WScript.exe (ID 2804 |ParentID 1812)
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (ID 3028 |ParentID 716)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (ID 3168 |ParentID 532)
C:\Windows\system32\wbem\wmiprvse.exe (ID 3240 |ParentID 716)
C:\Windows\system32\svchost.exe (ID 2020 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 2076 |ParentID 532)
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe (ID 3564 |ParentID 1812)
C:\Users\MAINSY~1\AppData\Local\Temp\Adobelm_Cleanup.0001 (ID 988 |ParentID 3564)
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (ID 4060 |ParentID 532)
C:\Users\MAINSY~1\AppData\Local\Temp\Adobelm_Cleanup.0001 (ID 2000 |ParentID 3564)
C:\Windows\system32\wbengine.exe (ID 5116 |ParentID 532)
C:\Windows\System32\vds.exe (ID 5224 |ParentID 532)
C:\Windows\system32\wbem\wmiprvse.exe (ID 5424 |ParentID 716)
C:\UsbFix\Go.exe (ID 2080 |ParentID 6040)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [autodetect] - C:\Program Files\du Mobile Broadband\AutoDect.exe
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Main System\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [1b47] - C:\Users\Main System\AppData\Roaming\0d510\1b47.js
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Files # Infected Folders |

Found ! C:\Users\Main System\AppData\Roaming\0d510\1b47.js
Found ! C:\Users\Main System\AppData\Roaming\0d510
Found ! C:\Users\Main System\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4905.js

################## | Registry |

Found ! HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\Software\Microsoft\Windows\CurrentVersion\Run|1b47
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|1b47
HKCU\.\.\.\.\Explorer\MountPoints2\K
Shell\AutoRun\Command = K:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\L
Shell\AutoRun\Command = L:\Autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{1a7e6060-34a6-11e3-bdfe-001d7dad8260}
Shell\AutoRun\Command = L:\Autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cc0c3714-36e2-11e3-a342-00a0c6000000}
Shell\AutoRun\Command = K:\LaunchU3.exe -a



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
my computer is vaccinated it awsome
hmcreation 1 Posts Tuesday September 9, 2014Registration date September 9, 2014 Last seen - Sep 9, 2014 at 03:34 AM
0
Thank you
Well me 2 I was having z same prob. When I saw zat all my files became shortcut, I scanned my pendrive with Microsoft Security Essential. It detects some worms..thus by cleaning them all my files disappears. But when I right click on my pendrive icon n saw its properties it seems that my files r still zer but r hidden. I tried every steps that show up on z internet but it was in vain. I just try something simple n it works perfectly.that's y I wanna share with u friendz..
1. Ensure that win rar is installed on ur pc/laptop.
2. Insert ur pendrive and right click on ur pendrive icon, u'll c "Add to Archive(winrar)".
3.Click on Add to Archive and click OK.
4. When z Archive Process is completed, double click on z Archive folder, u'll c all ur recovered files zat were hidden on ur pendrive.
5. Next u create a New Folder on ur desktop, click and drag each files zat u wish to recover back from ur Archive winrar folder to ur New folder located on ur desktop. That's it.
Hope zis help u guyzz...:-)
Prakashenoy 1 Posts Tuesday October 28, 2014Registration date October 28, 2014 Last seen - Oct 28, 2014 at 09:40 PM
true life saver indeed