How to remove folder shortcut virus ??

Solved/Closed
alavudeenstudio
Posts
4
Registration date
Thursday October 17, 2013
Status
Member
Last seen
January 25, 2014
- Oct 17, 2013 at 10:27 AM
 gjhjgj - Apr 4, 2015 at 04:41 PM
i inserted any external usb or memmory card in my computer , when I opened the external sd card, useb, memmory card....... the folders going to shortcut...

please help me how to fix that one

10 replies

Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,255
Oct 17, 2013 at 04:11 PM
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.

Here is a tool to remove the virus and vaccinate your USB against further viruses.


Download UsbFix (created by El Desaparecido) on your desktop.

http://www.en.usbfix.net/download/usbfix/

If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.

Click on deletion
.
Let the tool work.

Ambucias
Moderator/virus security contributor

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).

You can also vaccinate against any virus.
23
Johnsonkeletsane
Posts
1
Registration date
Monday December 9, 2013
Status
Member
Last seen
December 9, 2013

Dec 9, 2013 at 12:29 AM
It totally works, and it is perfect.
0
the shortcuts in my laptop is still there :(
0
2011N2
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Jan 4, 2014 at 09:52 AM
0
2011N2
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Jan 9, 2014 at 01:04 AM
Nuel, open a new topic also.
Thanks.
0
Hespeaks
Posts
1
Registration date
Friday October 17, 2014
Status
Member
Last seen
October 17, 2014

Oct 17, 2014 at 11:42 AM
[b]############################## | UsbFix V 7.183 | [Clean][/b]

User: admin (Administrator) # ADMIN-PC
Updated 30/09/2014 by El Desaparecido - SosVirus
Started at 20:26:37 | 17/10/2014

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

MB: Dell Inc. (0FXK2Y)
CPU: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
RAM -> [Total : 3237 Mo | Free : 291 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft(TM) Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 37.0.2062.124
WB: Mozilla Firefox : 12.0

[b]################## | Security Information |[/b]

AV: avast! Antivirus [Enabled |[b](!) Outdated[/b]]
AS: avast! Antivirus [Enabled |[b](!) Outdated[/b]]
AS: Windows Defender [Enabled |[b](!) Outdated[/b]]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Fixed disk # 98 Gb (30 Gb free - 30%) [] # NTFS
D:\ -> Fixed disk # 179 Gb (99 Gb free - 56%) [d:] # NTFS
E:\ -> Fixed disk # 188 Gb (116 Gb free - 61%) [E] # NTFS
F:\ -> CD-ROM # 1 Gb (0 Mb free - 0%) [Test Engine] # UDF
G:\ -> Removable disk # 7 Gb (7 Gb free - 94%) [] # FAT32

[b]################## | Generic Research |[/b]

Deleted! C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\File.vbs
Deleted! C:\Users\admin\AppData\Local\Temp\File.vbs

(!) Temporary files deleted. (3064.62548160553 MB)

[b]################## | Registry |[/b]

Deleted! HKU\S-1-5-21-679191476-2898784560-2428728078-1000\Software\Microsoft\Windows\CurrentVersion\Run|File

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] EXPLORER.EXE
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Slick Savings] "C:\Users\admin\AppData\Roaming\Slick Savings\CouponsHelper.exe"
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
04 - HKLM\..\Run : [AtherosBtStack] "C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe"
04 - HKLM\..\Run : [AthBtTray] "C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [boinctray] "C:\Program Files\BOINC\boinctray.exe"
04 - HKLM\..\Run : [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [Slick Savings] "C:\Users\admin\AppData\Roaming\Slick Savings\CouponsHelper.exe"
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-679191476-2898784560-2428728078-1000\..\Run : [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://support.microsoft.com/en-us/windows/install-windows-7-service-pack-1-sp1-b3da2c0f-cdb6-0572-8596-bab972897f61" /build:7601

[b]################## | UsbFix - Information |[/b]

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]

[b]################## | Hijack |[/b]


[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

[14/03/2014 - 00:39:51 | D] - C:\.Xilinx
[18/06/2012 - 11:56:33 | A | 0 Ko] - C:\mini-agent.txt
[11/06/2009 - 03:27:20 | A | 0 Ko] - C:\config.sys
[17/10/2014 - 20:00:23 | ASH | 2486144 Ko] - C:\hiberfil.sys
[17/10/2014 - 20:00:27 | ASH | 3314860 Ko] - C:\pagefile.sys
[18/06/2012 - 11:56:33 | A | 0 Ko] - C:\mini-agent.log
[08/08/2014 - 00:24:30 | A | 0 Ko] - C:\FileRecovery.log
[30/12/2013 - 17:11:37 | SHD] - C:\$Recycle.Bin
[15/01/2013 - 15:05:05 | A | 0 Ko] - C:\AUTOEXEC.BAT
[14/07/2009 - 08:22:05 | D] - C:\PerfLogs
[14/07/2009 - 10:38:55 | SHD] - C:\Documents and Settings
[18/06/2012 - 11:42:06 | SHD] - C:\Recovery
[18/06/2012 - 11:46:06 | RHD] - C:\MSOCache
[18/06/2012 - 11:53:03 | D] - C:\dell
[18/06/2012 - 11:58:24 | D] - C:\Intel
[18/06/2012 - 11:58:50 | D] - C:\NVIDIA
[22/10/2012 - 08:23:10 | D] - C:\Autodesk
[11/01/2013 - 16:10:12 | D] - C:\Dev-Cpp
[28/12/2013 - 11:18:39 | D] - C:\temp
[30/12/2013 - 17:10:56 | RD] - C:\Users
[14/03/2014 - 02:32:55 | D] - C:\Xilinx
[25/08/2014 - 13:54:11 | D] - C:\Windows
[09/10/2014 - 23:40:30 | HD] - C:\ProgramData
[10/10/2014 - 20:10:55 | D] - C:\Program Files
[16/10/2014 - 12:18:28 | SHD] - C:\System Volume Information
[17/10/2014 - 20:25:45 | D] - C:\UsbFix

[b]################## | D:\ - Fixed drive (NTFS) |[/b]

[11/06/2009 - 03:27:20 | A | 0 Ko] - D:\config.sys
[26/03/2012 - 10:21:40 | RASH | 0 Ko] - D:\MSDOS.SYS
[26/03/2012 - 10:21:40 | RASH | 0 Ko] - D:\IO.SYS
[16/06/2012 - 04:06:03 | | 2486144 Ko] - D:\hiberfil.sys
[30/12/2013 - 17:11:37 | SHD] - D:\$Recycle.Bin
[11/06/2009 - 03:27:20 | A | 0 Ko] - D:\autoexec.bat
[14/07/2009 - 10:38:55 | SHD] - D:\Documents and Settings
[31/12/2011 - 08:17:02 | SHD] - D:\Recovery
[09/01/2012 - 10:23:30 | HD] - D:\ProgramData
[06/10/2012 - 06:17:44 | SHD] - D:\System Volume Information
[14/10/2013 - 22:56:42 | RADC] - D:\Program Files
[28/11/2013 - 18:27:40 | D] - D:\GD topics
[14/03/2014 - 00:57:11 | D] - D:\Xilinx_installation_and_programs
[08/08/2014 - 01:11:23 | D] - D:\Devdassub_scn
[08/08/2014 - 22:41:16 | D] - D:\English Movies
[08/08/2014 - 23:20:41 | D] - D:\given by avinav at NTC
[09/08/2014 - 00:09:06 | D] - D:\Calibre Library
[30/09/2014 - 13:41:47 | D] - D:\Previous Downloads
[01/10/2014 - 20:05:08 | D] - D:\Windows
[04/10/2014 - 21:47:02 | D] - D:\dc new
[12/10/2014 - 13:01:33 | D] - D:\Allaboutdotcom
[12/10/2014 - 13:02:33 | D] - D:\downloads

[b]################## | E:\ - Fixed drive (NTFS) |[/b]

[21/04/2014 - 12:18:52 | A | 11893 Ko] - E:\Real Resumes for Students.PDF
[30/12/2013 - 17:11:37 | SHD] - E:\$RECYCLE.BIN
[24/08/2011 - 11:52:54 | SHD] - E:\System Volume Information
[03/02/2013 - 11:31:20 | D] - E:\lmg
[13/11/2013 - 10:25:41 | D] - E:\Osho Special
[25/04/2014 - 21:37:35 | D] - E:\Rapidex
[10/05/2014 - 16:44:56 | D] - E:\Matlab programs
[11/09/2014 - 23:07:37 | D] - E:\Race songs
[11/09/2014 - 23:08:16 | D] - E:\Study Materials
[11/09/2014 - 23:08:18 | D] - E:\Earth songs
[04/10/2014 - 11:50:52 | D] - E:\Videos and Shortcuts
[04/10/2014 - 11:51:10 | D] - E:\ramdev
[04/10/2014 - 11:51:57 | D] - E:\Movies in recent times

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]
0
yes the solution above is really awesome it save me from format my laptop
2
alavudeenstudio
Posts
4
Registration date
Thursday October 17, 2013
Status
Member
Last seen
January 25, 2014

Oct 18, 2013 at 09:51 AM
############################## | UsbFix V 7.145 | [Deletion]

User: Main System (Administrator) # MAINSYSTEM-PC
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 17:18:26 | 18/10/2013

Website: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/

PC: Gigabyte Technology Co., Ltd. (P35-DS3L)
CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
RAM -> [Total : 2046 | Free : 985]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AV: Norton AntiVirus [Enabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 73 Gb (57 Mb free - 78%) [] # NTFS
D:\ -> Fixed drive # 38 Gb (11 Mb free - 30%) [data] # NTFS
E:\ -> Fixed drive # 38 Gb (12 Mb free - 32%) [data1] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
L:\ -> CD-ROM

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [autodetect] - C:\Program Files\du Mobile Broadband\AutoDect.exe
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Main System\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [1b47] - C:\Users\Main System\AppData\Roaming\0d510\1b47.js
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Stopped processes |

Stopped! C:\Windows\System32\spoolsv.exe (ID 1364 |ParentID 532)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1520 |ParentID 532)
Stopped! C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (ID 1568 |ParentID 532)
Stopped! C:\Windows\system32\taskhost.exe (ID 1748 |ParentID 532)
Stopped! C:\Windows\Explorer.EXE (ID 1812 |ParentID 1696)
Stopped! C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (ID 1984 |ParentID 532)
Stopped! C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (ID 296 |ParentID 1568)
Stopped! C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID 328 |ParentID 532)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID 2088 |ParentID 532)
Stopped! C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (ID 2120 |ParentID 1984)
Stopped! C:\Windows\system32\WUDFHost.exe (ID 2256 |ParentID 916)
Stopped! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID 2528 |ParentID 1812)
Stopped! C:\Program Files\Real\RealPlayer\Update\realsched.exe (ID 2604 |ParentID 1812)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID 2612 |ParentID 1812)
Stopped! C:\Program Files\du Mobile Broadband\AutoDect.exe (ID 2676 |ParentID 1812)
Stopped! C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (ID 2696 |ParentID 1812)
Stopped! C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (ID 2704 |ParentID 1812)
Stopped! C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (ID 2732 |ParentID 1812)
Stopped! C:\Windows\System32\WScript.exe (ID 2804 |ParentID 1812)
Stopped! C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (ID 3028 |ParentID 716)
Stopped! C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (ID 3168 |ParentID 532)
Stopped! C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe (ID 3564 |ParentID 1812)
Stopped! C:\Users\MAINSY~1\AppData\Local\Temp\Adobelm_Cleanup.0001 (ID 988 |ParentID 3564)
Stopped! C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (ID 4060 |ParentID 532)
Stopped! C:\Users\MAINSY~1\AppData\Local\Temp\Adobelm_Cleanup.0001 (ID 2000 |ParentID 3564)
Stopped! C:\Program Files\du Mobile Broadband\UIMain.exe (ID 2540 |ParentID 2676)
Stopped! C:\Program Files\du Mobile Broadband\CMUpdater.exe (ID 5336 |ParentID 2540)
Stopped! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID 4924 |ParentID 944)

################## | Files # Infected Folders |

Deleted ! C:\Users\Main System\AppData\Roaming\0d510\1b47.js
Deleted ! C:\Users\Main System\AppData\Roaming\0d510
Deleted ! C:\Users\Main System\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4905.js

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\Software\Microsoft\Windows\CurrentVersion\Run|1b47
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\K
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{cc0c3714-36e2-11e3-a342-00a0c6000000}

################## | Listing |

[13/10/2013 - 20:47:08 | SHD ] C:\$Recycle.Bin
[14/10/2013 - 21:10:56 | D ] C:\0c8bf
[17/10/2013 - 18:33:35 | D ] C:\32788R22FWJFW
[11/06/2009 - 01:42:20 | N | 24] C:\autoexec.bat
[17/10/2013 - 16:44:20 | HD ] C:\Config.Msi
[11/06/2009 - 01:42:20 | N | 10] C:\config.sys
[14/07/2009 - 08:53:55 | SHD ] C:\Documents and Settings
[14/10/2013 - 12:15:53 | N | 136] C:\GPEapSim.log
[18/10/2013 - 16:36:18 | ASH | 1609424896] C:\hiberfil.sys
[13/10/2013 - 21:32:15 | RHD ] C:\MSOCache
[18/10/2013 - 16:36:23 | ASH | 2145902592] C:\pagefile.sys
[14/07/2009 - 06:37:05 | D ] C:\PerfLogs
[17/10/2013 - 16:36:08 | D ] C:\Program Files
[17/10/2013 - 16:38:34 | HD ] C:\ProgramData
[13/10/2013 - 20:44:44 | SHD ] C:\Recovery
[18/10/2013 - 16:55:51 | SHD ] C:\System Volume Information
[18/10/2013 - 17:19:16 | D ] C:\UsbFix
[18/10/2013 - 17:21:19 | A | 6688] C:\UsbFix [Clean 1] MAINSYSTEM-PC.txt
[18/10/2013 - 17:05:41 | N | 7110] C:\UsbFix [Scan 1] MAINSYSTEM-PC.txt
[13/10/2013 - 20:46:49 | RD ] C:\Users
[17/10/2013 - 18:33:18 | D ] C:\Windows
[13/10/2013 - 20:47:08 | SHD ] D:\$RECYCLE.BIN
[05/06/2012 - 23:22:15 | N | 4988] D:\24b0a92e-aba5-4c2a-bd89-0806fce5be15.jpg
[01/09/2011 - 20:09:32 | N | 98907519] D:\3.psd
[01/02/2013 - 17:47:28 | N | 1547495] D:\6 inch endura.JPG
[19/05/2013 - 18:06:04 | D ] D:\April 222378 to 23012
[12/09/2013 - 09:10:08 | D ] D:\araaic
[13/09/2013 - 16:30:39 | D ] D:\August 24709 to 24944
[01/10/2013 - 11:51:17 | D ] D:\Favorites
[25/06/2013 - 18:24:34 | N | 16136440] D:\Ferari ps star.psd
[03/09/2013 - 10:19:47 | D ] D:\First Security
[17/08/2013 - 16:39:33 | D ] D:\July 24488 to 24708
[02/10/2013 - 19:13:57 | D ] D:\June 24215 to 24487
[17/10/2013 - 08:45:09 | D ] D:\Kodak
[02/10/2013 - 14:07:40 | D ] D:\March 22377 to22720
[01/06/2013 - 10:25:17 | D ] D:\May 23013 to 24215
[18/04/2013 - 12:22:35 | D ] D:\najda palace
[09/10/2013 - 18:06:15 | D ] D:\nas pass visa
[30/09/2013 - 08:27:37 | D ] D:\nas work
[08/06/2013 - 10:57:43 | D ] D:\pp
[01/11/2012 - 17:07:12 | N | 162581] D:\proti.jpg
[23/02/2012 - 21:30:11 | SHD ] D:\RECYCLER
[30/09/2013 - 22:09:45 | D ] D:\Sep. 24945 to 25295
[16/05/2011 - 07:13:34 | N | 8591629] D:\studio Calendar 2011 copy.psd
[17/12/2012 - 12:30:07 | N | 5003396] D:\studio Calendar 2013 copy.psd
[22/12/2012 - 11:28:02 | N | 19136913] D:\studio Calendar 2013 copyccc.psd
[19/10/2010 - 10:02:07 | N | 7578101] D:\studio Calendar.psd
[06/09/2011 - 09:13:00 | N | 15918727] D:\Studio callender 2012c.psd
[24/12/2012 - 19:31:45 | N | 1314661] D:\studio Receipt.psd
[02/09/2013 - 10:02:44 | N | 9942742] D:\Studio Small Card..psd
[18/10/2013 - 16:38:38 | SHD ] D:\System Volume Information
[23/01/2012 - 17:27:50 | RASH | 45568] D:\Thumbs.db
[15/09/2013 - 08:40:04 | D ] D:\Vijay
[17/10/2013 - 20:53:44 | D ] D:\_October 25296 to
[19/03/2011 - 04:17:19 | | 165] D:\~$Alavudeen 2011.xlsx
[13/10/2013 - 20:47:08 | SHD ] E:\$RECYCLE.BIN
[13/01/2011 - 12:15:06 | N | 1320013] E:\01.jpg
[30/07/2011 - 18:44:31 | N | 55335159] E:\01c.psd
[13/01/2011 - 12:14:12 | N | 1118974] E:\02.jpg
[13/01/2011 - 12:12:38 | N | 1196606] E:\03.jpg
[16/08/2012 - 12:01:23 | N | 0] E:\10931598_MVM_2.tmp
[01/05/2012 - 11:50:37 | N | 9741762] E:\24 x 20 with matt lamination mounting.jpg
[01/12/2012 - 19:52:32 | N | 309660] E:\63371_425147500872246_2088977559_n.jpg
[12/10/2013 - 19:55:23 | D ] E:\816_Songs
[07/01/2012 - 20:04:54 | N | 1955650] E:\999935_324 copy.JPG
[23/09/2013 - 20:57:41 | D ] E:\B g
[28/06/2013 - 17:22:48 | D ] E:\bank
[02/09/2012 - 16:53:32 | N | 142716] E:\bas.psd
[25/04/2011 - 06:41:22 | N | 3656916] E:\Bg 01.jpg
[11/05/2011 - 09:23:19 | N | 1118004] E:\Bg 02.jpg
[22/09/2013 - 10:03:42 | N | 6900103] E:\CD Sticker.psd
[14/10/2013 - 20:47:23 | N | 7225947] E:\CD Stickercccc.psd
[21/03/2012 - 23:43:34 | N | 9743427] E:\Copy of Picture.jpg
[20/06/2012 - 12:27:15 | N | 27241103] E:\Cover Cd pisco.psd
[11/06/2012 - 21:29:52 | N | 35627233] E:\Cover Cd.psd
[24/02/2012 - 19:13:50 | D ] E:\CPAK
[02/07/2012 - 11:31:59 | N | 7403449] E:\Dadi JAnaki New 1c.psd
[13/12/2012 - 13:40:29 | N | 17508003] E:\Dadi JAnaki New 1ccccc.psd
[13/09/2013 - 18:16:21 | N | 502434276] E:\danaaaa.psd
[22/08/2013 - 20:46:46 | D ] E:\Eid 2013
[25/10/2012 - 13:13:59 | N | 3534814] E:\Eid Mubarak_Banner_b.psd
[14/06/2011 - 12:24:30 | N | 9800139] E:\Embassy.psd
[25/05/2013 - 11:20:38 | N | 35797405] E:\Emirates palce.psd
[18/09/2013 - 21:41:48 | D ] E:\eshal pic
[02/02/2013 - 09:42:37 | N | 13672] E:\ggggg.docx
[17/10/2013 - 21:13:07 | D ] E:\manananna
[22/09/2013 - 10:33:48 | D ] E:\Medical
[03/04/2013 - 10:27:48 | N | 62382] E:\MOHAMED ANCHU KANDAN 01111.docx
[18/08/2013 - 16:34:47 | D ] E:\New folder
[29/09/2013 - 13:18:20 | D ] E:\New folder (2)
[03/10/2013 - 21:05:18 | D ] E:\New folder (3)
[17/10/2013 - 08:53:21 | D ] E:\New folder (4)
[14/10/2013 - 13:45:05 | D ] E:\New folder (5)
[15/08/2012 - 12:50:36 | N | 22] E:\New WinRAR ZIP archive.zip
[23/02/2012 - 18:57:59 | N | 2145386496] E:\pagefile.sys
[28/06/2013 - 17:11:01 | D ] E:\photo
[15/09/2012 - 13:49:26 | N | 365429] E:\Protivity.jpg
[15/09/2012 - 13:52:55 | N | 580231] E:\Protivityss.jpg
[20/07/2012 - 16:38:18 | D ] E:\quran
[23/02/2012 - 21:30:14 | SHD ] E:\RECYCLER
[17/05/2011 - 06:01:20 | N | 1851763] E:\reflectionsofthepillarsc.jpg
[14/08/2012 - 13:57:19 | N | 192371] E:\sallll sighn.psd
[07/08/2013 - 22:31:07 | D ] E:\Shk Zayed Masjid
[02/06/2013 - 12:53:36 | N | 4236111] E:\Showw.psd
[14/10/2013 - 11:15:38 | D ] E:\Studio
[22/04/2011 - 08:30:13 | N | 1815884] E:\Studio.psd
[18/10/2013 - 16:38:38 | SHD ] E:\System Volume Information
[20/12/2012 - 11:11:51 | D ] E:\TATTOO AND PIC
[10/12/2012 - 11:50:34 | N | 10614] E:\The Administration officer.docx
[08/01/2012 - 10:36:50 | RASH | 44032] E:\Thumbs.db
[13/09/2013 - 16:35:11 | D ] E:\Total Video Converter HD 7.1
[02/07/2012 - 15:33:46 | N | 15729130] E:\Total Video Converter HD 7.1.rar
[13/10/2013 - 19:35:02 | D ] E:\Vijay

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
2
############################## | UsbFix V 7.159 | [Deletion]

User: bahay (Administrator) # BAHAY-PC
Updated 06/01/2014 by El Desaparecido - Team SosVirus
Started at 09:09:14 | 09/01/2014

Website : http://www.en.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Emaxx Technology.,Ltd (EMX-ANF82HD-PRO V3.0)
CPU: AMD Athlon(tm) II X3 440 Processor
RAM -> [Total : 1791 Mo| Free : 621 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7600 32-Bit)
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 146 Gb (70 Mb free - 48%) [] # NTFS
D:\ -> Fixed drive # 152 Gb (18 Mb free - 12%) [delta] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 7 Gb (3 Mb free - 38%) [G BAYLEN] # FAT32
G:\ -> Removable drive # 2 Gb (5 Mb free - 0%) [] # FAT32

################## | Stopped processes |

Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1356 |ParentID: 512)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 1500 |ParentID: 512)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1604 |ParentID: 512)
Stopped! C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (ID: 1680 |ParentID: 512)
Stopped! C:\Windows\system32\WUDFHost.exe (ID: 368 |ParentID: 908)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2788 |ParentID: 512)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 2924 |ParentID: 512)
Stopped! C:\Windows\system32\taskhost.exe (ID: 2592 |ParentID: 512)
Stopped! C:\Windows\system32\taskeng.exe (ID: 2828 |ParentID: 952)
Stopped! C:\Users\bahay\AppData\Local\Temp\Rar$EXa0.159\PCMeter\PCMeterV0.3.exe (ID: 1736 |ParentID: 2828)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3520 |ParentID: 1688)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 3992 |ParentID: 1688)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (ID: 1852 |ParentID: 1688)
Stopped! C:\Users\bahay\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 1332 |ParentID: 1688)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1896 |ParentID: 1688)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2496 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3736 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1784 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3508 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 564 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2936 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1900 |ParentID: 1896)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3584 |ParentID: 1896)

################## | Regedit Run |

04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1179224860-2076431250-2808751423-1001\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Deleted ! F:\proj.lnk
Deleted ! F:\franz.lnk
Deleted ! F:\.lnk
Deleted ! F:\Bon Jovi - Live in London At Wembley Stadium COMPLETO.lnk
Deleted ! F:\Raffy form.lnk
Deleted ! F:\Raffy form-2.lnk
Deleted ! F:\.Trashes.lnk
Deleted ! F:\.Spotlight-V100.lnk
Deleted ! F:\.fseventsd.lnk
Deleted ! F:\field trip.lnk
Deleted ! F:\my birthday pics.lnk
Deleted ! F:\saudi pics.lnk
Deleted ! F:\geraldine pics.lnk
Deleted ! F:\Bluetooth Folder.lnk
Deleted ! F:\~WRD0412.lnk
Deleted ! F:\~WRD0634.lnk

(!) Temporary files deleted.

################## | Registry |

Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Repaired ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 1
Deleted ! HKU\S-1-5-21-1179224860-2076431250-2808751423-1001\Software\.\.\.\.\Mountpoints2\{a36c22d0-3688-11e3-832d-806e6f6e6963}

################## | Listing |

[16/10/2013 - 15:49:31 | SHD] - C:\$Recycle.Bin
[11/06/2009 - 05:42:20 | A | 0 Ko] - C:\autoexec.bat
[17/10/2013 - 02:29:31 | SHD] - C:\Boot
[14/07/2009 - 09:38:58 | RASH | 375 Ko] - C:\bootmgr
[17/10/2013 - 02:29:32 | N | 8 Ko] - C:\BOOTSECT.BAK
[22/10/2013 - 16:11:00 | D] - C:\CFLog
[11/06/2009 - 05:42:20 | N | 0 Ko] - C:\config.sys
[14/07/2009 - 12:53:55 | SHD] - C:\Documents and Settings
[08/01/2014 - 22:34:40 | ASH | 1375624 Ko] - C:\hiberfil.sys
[16/10/2013 - 11:59:41 | RHD] - C:\MSOCache
[16/10/2013 - 10:35:56 | N | 201 Ko] - C:\NABTP
[08/01/2014 - 22:34:41 | ASH | 1834168 Ko] - C:\pagefile.sys
[14/07/2009 - 10:37:05 | D] - C:\PerfLogs
[02/01/2014 - 20:55:51 | D] - C:\Program Files
[02/01/2014 - 21:34:15 | HD] - C:\ProgramData
[16/10/2013 - 10:35:38 | SHD] - C:\Recovery
[02/01/2014 - 20:49:00 | SHD] - C:\System Volume Information
[09/01/2014 - 09:09:16 | D] - C:\UsbFix
[09/01/2014 - 09:09:35 | A | 6 Ko | 13865AE7111ADE53A0755EA66736A936] - C:\UsbFix [Clean 1] BAHAY-PC.txt
[16/10/2013 - 15:49:26 | D] - C:\Users
[16/10/2013 - 10:35:56 | N | 0 Ko] - C:\wedaolu
[02/01/2014 - 20:49:11 | D] - C:\Windows
[16/10/2013 - 15:49:31 | SHD] - D:\$RECYCLE.BIN
[22/08/2010 - 13:32:00 | N | 0 Ko | 70D01EA6F9A922AB8EC25C26549A496D] - D:\AMPED acc info..txt
[15/06/2010 - 20:49:13 | N | 0 Ko | 4ECF55BE6530D4F2FF5250CFE04631F9] - D:\australia apply.txt
[16/12/2013 - 16:39:10 | D] - D:\Crossfire PH
[16/10/2013 - 13:44:44 | D] - D:\DCIM
[30/11/2012 - 10:32:25 | D] - D:\Franz field trip Nov29 2012
[10/08/2013 - 10:58:42 | D] - D:\Galaxy tab 2 Pix
[12/04/2012 - 10:25:34 | D] - D:\ginablan
[19/09/2013 - 11:56:31 | D] - D:\installers
[02/01/2012 - 16:04:03 | D] - D:\JR's
[07/01/2014 - 17:04:56 | D] - D:\movies
[31/07/2013 - 08:34:01 | D] - D:\My Music
[23/09/2013 - 13:52:46 | D] - D:\My Pictures
[26/11/2012 - 17:07:08 | D] - D:\My Videos
[26/06/2012 - 21:02:43 | D] - D:\Not Mine
[03/05/2010 - 16:48:49 | SHD] - D:\RECYCLER
[16/07/2010 - 20:49:53 | N | 0 Ko | 15116D02E5E619D1228D56FE3DE6BC6D] - D:\roxasians.txt
[11/10/2013 - 10:52:42 | D] - D:\SteamLibrary
[17/10/2011 - 12:41:56 | SHD] - D:\System Volume Information
[15/10/2013 - 18:40:31 | D] - D:\USB
[05/01/2012 - 22:47:02 | D] - D:\usb files
[26/08/2012 - 00:14:38 | SH | 4 Ko] - F:\._.Trashes
[26/08/2012 - 00:14:38 | SHD] - F:\.Trashes
[26/08/2012 - 00:14:38 | SHD] - F:\.Spotlight-V100
[26/08/2012 - 00:14:38 | SHD] - F:\.fseventsd
[17/07/2013 - 16:43:04 | N | 273101 Ko] - F:\82a4fdc0827e41b5d4173fac7b1cc73c4fe43767 (1).mp4
[22/06/2013 - 00:00:00 | N | 467671 Ko] - F:\Bon Jovi - Live in London At Wembley Stadium COMPLETO.mp4
[07/01/2014 - 10:40:04 | N | 383 Ko] - F:\Raffy form.jpg
[07/01/2014 - 10:40:38 | N | 403 Ko] - F:\Raffy form-2.jpg
[26/12/2012 - 19:53:56 | D] - F:\field trip
[28/11/2012 - 17:30:16 | D] - F:\my birthday pics
[09/01/2014 - 08:30:26 | D] - F:\FOUND.000
[02/02/2013 - 19:36:02 | D] - F:\saudi pics
[04/02/2013 - 08:22:56 | D] - F:\geraldine pics
[04/11/2012 - 22:04:54 | D] - F:\Bluetooth Folder
[07/01/2014 - 15:23:50 | N | 219 Ko] - F:\proj.docx
[07/01/2014 - 15:18:58 | N | 324 Ko] - F:\franz.docx
[07/01/2014 - 16:04:48 | N | 388 Ko] - F:\~WRD0412.tmp
[07/01/2014 - 16:10:34 | N | 388 Ko] - F:\~WRD0634.tmp
[07/01/2014 - 16:27:16 | N | 1 Ko] - F:\GERALD~1.LN0
[07/01/2014 - 16:27:16 | N | 1 Ko] - F:\BLUETO~1.LN0
[07/01/2014 - 15:23:50 | N | 219 Ko] - F:\PROJ~1.DO0
[07/01/2014 - 15:18:58 | N | 324 Ko] - F:\FRANZ~1.DO0
[07/01/2014 - 16:04:48 | N | 388 Ko] - F:\~WRD0412.tm0
[07/01/2014 - 16:27:14 | N | 2 Ko] - F:\~WRD0412.ln0
[07/01/2014 - 16:10:34 | N | 388 Ko] - F:\~WRD0634.tm0
[07/01/2014 - 16:27:14 | N | 2 Ko] - F:\~WRD0634.ln0

################## | Vaccin |

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
2

Didn't find the answer you are looking for?

Ask a question
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,255
Oct 18, 2013 at 04:07 PM
Well that should have done the trick and the virus is removed.
1
works perfectly thanks.
1
Works great
1
it was awesome... it helped me alot... thanks alot for posting this...
1
alavudeenstudio
Posts
4
Registration date
Thursday October 17, 2013
Status
Member
Last seen
January 25, 2014

Oct 18, 2013 at 09:11 AM
############################## | UsbFix V 7.145 | [Research]

User: Main System (Administrator) # MAINSYSTEM-PC
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 17:02:30 | 18/10/2013

Website: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/

PC: Gigabyte Technology Co., Ltd. (P35-DS3L)
CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
RAM -> [Total : 2046 | Free : 1108]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AV: Norton AntiVirus [Enabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 73 Gb (57 Mb free - 78%) [] # NTFS
D:\ -> Fixed drive # 38 Gb (11 Mb free - 30%) [data] # NTFS
E:\ -> Fixed drive # 38 Gb (12 Mb free - 32%) [data1] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID 420 |ParentID 356)
C:\Windows\system32\wininit.exe (ID 484 |ParentID 356)
C:\Windows\system32\csrss.exe (ID 496 |ParentID 472)
C:\Windows\system32\services.exe (ID 532 |ParentID 484)
C:\Windows\system32\lsass.exe (ID 556 |ParentID 484)
C:\Windows\system32\lsm.exe (ID 564 |ParentID 484)
C:\Windows\system32\winlogon.exe (ID 624 |ParentID 472)
C:\Windows\system32\svchost.exe (ID 716 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 792 |ParentID 532)
C:\Windows\System32\svchost.exe (ID 884 |ParentID 532)
C:\Windows\System32\svchost.exe (ID 916 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 944 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 1124 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 1228 |ParentID 532)
C:\Windows\System32\spoolsv.exe (ID 1364 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 1400 |ParentID 532)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1520 |ParentID 532)
C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (ID 1568 |ParentID 532)
C:\Windows\system32\Dwm.exe (ID 1732 |ParentID 916)
C:\Windows\system32\taskhost.exe (ID 1748 |ParentID 532)
C:\Windows\Explorer.EXE (ID 1812 |ParentID 1696)
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (ID 1984 |ParentID 532)
C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (ID 296 |ParentID 1568)
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID 328 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 332 |ParentID 532)
C:\Windows\system32\SearchIndexer.exe (ID 2088 |ParentID 532)
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (ID 2120 |ParentID 1984)
C:\Windows\system32\WUDFHost.exe (ID 2256 |ParentID 916)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID 2528 |ParentID 1812)
C:\Program Files\Real\RealPlayer\Update\realsched.exe (ID 2604 |ParentID 1812)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID 2612 |ParentID 1812)
C:\Program Files\du Mobile Broadband\AutoDect.exe (ID 2676 |ParentID 1812)
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (ID 2696 |ParentID 1812)
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (ID 2704 |ParentID 1812)
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (ID 2732 |ParentID 1812)
C:\Windows\System32\WScript.exe (ID 2804 |ParentID 1812)
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (ID 3028 |ParentID 716)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (ID 3168 |ParentID 532)
C:\Windows\system32\wbem\wmiprvse.exe (ID 3240 |ParentID 716)
C:\Windows\system32\svchost.exe (ID 2020 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 2076 |ParentID 532)
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe (ID 3564 |ParentID 1812)
C:\Users\MAINSY~1\AppData\Local\Temp\Adobelm_Cleanup.0001 (ID 988 |ParentID 3564)
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (ID 4060 |ParentID 532)
C:\Users\MAINSY~1\AppData\Local\Temp\Adobelm_Cleanup.0001 (ID 2000 |ParentID 3564)
C:\Windows\system32\wbengine.exe (ID 5116 |ParentID 532)
C:\Windows\System32\vds.exe (ID 5224 |ParentID 532)
C:\Windows\system32\wbem\wmiprvse.exe (ID 5424 |ParentID 716)
C:\UsbFix\Go.exe (ID 2080 |ParentID 6040)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [autodetect] - C:\Program Files\du Mobile Broadband\AutoDect.exe
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Main System\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\SOFTWARE | Run : [1b47] - C:\Users\Main System\AppData\Roaming\0d510\1b47.js
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Files # Infected Folders |

Found ! C:\Users\Main System\AppData\Roaming\0d510\1b47.js
Found ! C:\Users\Main System\AppData\Roaming\0d510
Found ! C:\Users\Main System\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4905.js

################## | Registry |

Found ! HKU\S-1-5-21-4035957050-2817440372-2056575835-1000\Software\Microsoft\Windows\CurrentVersion\Run|1b47
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|1b47
HKCU\.\.\.\.\Explorer\MountPoints2\K
Shell\AutoRun\Command = K:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\L
Shell\AutoRun\Command = L:\Autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{1a7e6060-34a6-11e3-bdfe-001d7dad8260}
Shell\AutoRun\Command = L:\Autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cc0c3714-36e2-11e3-a342-00a0c6000000}
Shell\AutoRun\Command = K:\LaunchU3.exe -a



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
0
my computer is vaccinated it awsome
0
hmcreation
Posts
1
Registration date
Tuesday September 9, 2014
Status
Member
Last seen
September 9, 2014

Sep 9, 2014 at 03:34 AM
Well me 2 I was having z same prob. When I saw zat all my files became shortcut, I scanned my pendrive with Microsoft Security Essential. It detects some worms..thus by cleaning them all my files disappears. But when I right click on my pendrive icon n saw its properties it seems that my files r still zer but r hidden. I tried every steps that show up on z internet but it was in vain. I just try something simple n it works perfectly.that's y I wanna share with u friendz..
1. Ensure that win rar is installed on ur pc/laptop.
2. Insert ur pendrive and right click on ur pendrive icon, u'll c "Add to Archive(winrar)".
3.Click on Add to Archive and click OK.
4. When z Archive Process is completed, double click on z Archive folder, u'll c all ur recovered files zat were hidden on ur pendrive.
5. Next u create a New Folder on ur desktop, click and drag each files zat u wish to recover back from ur Archive winrar folder to ur New folder located on ur desktop. That's it.
Hope zis help u guyzz...:-)
0
Prakashenoy
Posts
1
Registration date
Tuesday October 28, 2014
Status
Member
Last seen
October 28, 2014

Oct 28, 2014 at 09:40 PM
true life saver indeed
0