Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.Trashes, $RECYCLE.BIN, thumbs.db, desktop.ini


  • Please log in to reply
14 replies to this topic

#1 Wisaam

Wisaam

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maldives
  • Local time:07:21 PM

Posted 12 October 2013 - 02:56 AM

I used a friends usb flash drive exchanging files in it & my personal external hard drive without knowing that my friends one was infected. When I reconnected back my hard drive it appeared all my folders were crashed(as shortcuts) & Its location showed as cmd.exe. I noticed my hard had extra folder named as ".Trashes". I used 'usbDriveFresher' to clean my hard and that folder was removed. Still my stuff were crashed. I ticked the 'show hidden items' & it showed all my stuff(folders) back but I cannot untck the hidden option of those folders. After that files namely "desktop.ini", "thumbs.db", "RecycleBin.bin"  and folders namely "$RECYCLE.BIN", "System Volume Information" started showing in my PC which I can't remove permanently. I'm in need of a recovery without losing my files.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16453
Run by Ahmed at 18:02:06 on 2013-10-11
Microsoft Windows 8 Pro  6.2.9200.0.1252.44.2057.18.2999.1099 [GMT 5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\System32\spoolsv.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
C:\ProgramData\WModem+\OnlineUpdate\ouc.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\WModem+\WModem+.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\USBDriveFresher\UsbDriveFresher.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{2368EF6F-1BD2-4CE9-882E-AD7555C7265E} : NameServer = 8.8.8.8 165.21.83.88
TCP: Interfaces\{39F0F7DC-2516-4945-BDA1-DA21AE27FA4E} : NameServer = 8.8.8.8 165.21.83.88
TCP: Interfaces\{6C07033D-3E8C-420F-9F3D-B1ECEEF3728A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A2530A2B-1A4E-4FEB-B86B-DFA1E818407F} : NameServer = 8.8.8.8 165.21.83.88
TCP: Interfaces\{CB497885-E8B3-48EA-B792-9BB10A9673D1} : NameServer = 8.8.8.8 165.21.83.88
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-13 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-13 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\bashdefs\20130924.001\BHDrvx86.sys [2013-9-24 1097304]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-13 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\ipsdefs\20131010.001\IDSvix86.sys [2013-10-11 392792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-13 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1404000.028\symnets.sys [2013-6-13 339544]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-3-22 100216]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2013-1-13 8192]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccsvchst.exe [2013-6-13 144368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2013\TuneUpUtilitiesService32.exe [2013-1-31 1724192]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-1-13 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-9-5 108120]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2013-1-18 353280]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-1-18 73216]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2013-1-13 132480]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\drivers\Rt630x86.sys [2012-7-26 495104]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2013\TuneUpUtilitiesDriver32.sys [2012-9-18 10088]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2012-7-26 155136]
S0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\n360\1404000.028\symelam.sys [2013-6-13 21400]
S2 WModem+. RunOuc;WModem+. OUC;c:\program files\wmodem+\updatedog\ouc.exe [2013-1-18 239968]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-1-18 102784]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-6-4 12400]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-1-18 90112]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-6-4 155824]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .chm: Free Zip Opener.CHM="c:\program files\free zip opener\FreeZipOpener.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-11 12:52:55 -------- d-----w- c:\program files\USBDriveFresher
.
==================== Find3M  ====================
.
.
============= FINISH: 18:02:58.39 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:21 AM

Posted 12 October 2013 - 03:32 PM

Wisaam,

  :welcome: to the BC Forums!!

Please do what follows. USBFix and the Farbar Recovery Scan Tool gather information about the computer and the USB drive(s), and from there will determine what needs removed.


 

:step1:  To stop the Autorun feature, please do the following:

Open Regedit in Windows 8, by doing the following:

Press the Windows key, and the R key on your keyboard.

This is done either while at Windows 8 Start menu/Metro screen, or on the Windows 8 Desktop.

At the dialog box that opens, type: regedit.exe  

Press: OK

 

Now, locate the following entry in the Registry:

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun

 

You can do this by clicking on the > symbol to the left of each of the following:

 

HKEY_CURRENT_USER

SOFTWARE

Microsoft

Windows

CurrentVersion

Policies

Explorer

 

To the right of Explorer, look for: NoDriveTypeAutorun

 

Right-click NoDriveTypeAutoRun, and then click: Modify

In the Value data box, type: 0xFF

(The code disables AutoRun on all kinds of drives.)

Click OK, and exit Registry Editor.

 

:step2: Reboot the system to apply the changes

 

:step3:  Open Folder Options:

http://www.eightforums.com/tutorials/4067-folder-options-open-windows-8-a.html

Click on the View tab in the Folder Options window.
 

In the Advanced settings: area, locate the Hidden files and folders category.

 

Check: Show hidden files, folders, and drives

Uncheck: Hide protected operating system files (Recommended)

Click Apply and OK at the bottom of the Folder Options window.

 

:step4:  Next, download UsbFix:

http://www.infospyware.com/utiles/usbfix/

It works with: Windows 8

It is a Spanish language website, but the program is in English.

To download. press the button that says: Descagar  (It means: Download)

Also save to the Desktop.

 

Next, right-click the downloaded USBFix file and select: Run as Administrator

Connect the USB drives!

 

Press: Research

 

When done, the program closes on its own, and a report appears.

(The report file is also found at C:\UsbFix.txt)

 

>> Please post the UsbFix.txt (Research) report in your reply.

 

:step5: Once again, run USBFix as Administrator, but, this time, press: Listing

 

>> Also post the UsbFix.txt (Listing) report in your reply.  

 

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:

Instructions:

http://www.bleepingcomputer.com/tutorials/start-windows-8-in-safe-mode/

 

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:

 

Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

When done with USBFix, re-enable your AV!

 

:step6:  Last, please download the Farbar Recovery Scan Tool

Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

It works with: Windows 8

Select the version that applies to your system.

Save it to your Desktop.

 

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

 

Press the Scan button.

 

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

>> Please provide the FRST.txt in your reply.

 

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.

 


Edited by Aaflac, 12 October 2013 - 03:48 PM.

Old duck...


#3 Wisaam

Wisaam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maldives
  • Local time:07:21 PM

Posted 14 October 2013 - 03:47 AM

ThankYou for the quick response, I have pasted all 4 reports here in this reply.

 

-RESEARCH report-

############################## | UsbFix V 7.144 | [Research]
 
User: Ahmed (Administrator) # WISAAM_PC
Updated 08/10/2013 by El Desaparecido - Team SosVirus
Started at 13:22:48 | 14/10/2013
 
 
PC: Dell Inc. (0WXY9J)
CPU: Intel® Core™ i3 CPU       M 370  @ 2.40GHz
RAM -> [Total : 2999 | Free : 1590]
Bios: Dell Inc.
Boot: Normal boot
 
OS: Microsoft Windows 8 Pro (6.2.9200 32-Bit) # 
WB: Windows Internet Explorer 10.0.9200.16466
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 150 Gb (114 Mb free - 76%) [System] # NTFS
D:\ -> Fixed drive # 133 Gb (133 Mb free - 100%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
I:\ -> Fixed drive # 466 Gb (179 Mb free - 38%) [WISY_STORE] # FAT32
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID 460 |ParentID 448)
C:\Windows\system32\wininit.exe (ID 516 |ParentID 448)
C:\Windows\system32\csrss.exe (ID 544 |ParentID 508)
C:\Windows\system32\winlogon.exe (ID 640 |ParentID 508)
C:\Windows\system32\services.exe (ID 684 |ParentID 516)
C:\Windows\system32\lsass.exe (ID 692 |ParentID 516)
C:\Windows\system32\svchost.exe (ID 796 |ParentID 684)
C:\Windows\system32\svchost.exe (ID 852 |ParentID 684)
C:\Windows\System32\svchost.exe (ID 904 |ParentID 684)
C:\Windows\system32\dwm.exe (ID 932 |ParentID 640)
C:\Windows\system32\svchost.exe (ID 980 |ParentID 684)
C:\Windows\system32\svchost.exe (ID 1052 |ParentID 684)
C:\Windows\System32\svchost.exe (ID 1136 |ParentID 684)
C:\Windows\system32\svchost.exe (ID 1280 |ParentID 684)
C:\Windows\system32\svchost.exe (ID 1308 |ParentID 684)
C:\Windows\System32\spoolsv.exe (ID 1496 |ParentID 684)
C:\ProgramData\DatacardService\HWDeviceService.exe (ID 1684 |ParentID 684)
C:\Windows\system32\dashost.exe (ID 1720 |ParentID 1136)
C:\Windows\system32\srvany.exe (ID 1812 |ParentID 684)
C:\Windows\KMService.exe (ID 1832 |ParentID 1812)
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID 1856 |ParentID 684)
C:\Windows\system32\conhost.exe (ID 1888 |ParentID 1832)
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (ID 1896 |ParentID 684)
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (ID 1948 |ParentID 684)
C:\Windows\system32\svchost.exe (ID 1988 |ParentID 684)
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (ID 2020 |ParentID 684)
C:\ProgramData\WModem+\OnlineUpdate\ouc.exe (ID 2044 |ParentID 380)
C:\Windows\system32\SearchIndexer.exe (ID 2160 |ParentID 684)
C:\Windows\system32\wbem\wmiprvse.exe (ID 2268 |ParentID 796)
C:\Windows\system32\svchost.exe (ID 2388 |ParentID 684)
C:\Windows\system32\svchost.exe (ID 2448 |ParentID 684)
C:\Windows\System32\WUDFHost.exe (ID 2516 |ParentID 1136)
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (ID 2804 |ParentID 2020)
C:\Windows\system32\taskhostex.exe (ID 2816 |ParentID 684)
C:\Windows\system32\taskeng.exe (ID 2824 |ParentID 980)
C:\Windows\Explorer.EXE (ID 3020 |ParentID 2980)
C:\Windows\System32\WUDFHost.exe (ID 3156 |ParentID 1136)
C:\Windows\System32\rundll32.exe (ID 3196 |ParentID 796)
C:\ProgramData\DatacardService\DCSHelper.exe (ID 3308 |ParentID 1684)
C:\ProgramData\DatacardService\DCSHelper.exe (ID 3416 |ParentID 1684)
C:\Program Files\WModem+\WModem+.exe (ID 3456 |ParentID 3416)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe (ID 3572 |ParentID 796)
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (ID 3588 |ParentID 1896)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 3320 |ParentID 2840)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 3132 |ParentID 3320)
C:\Windows\System32\igfxtray.exe (ID 3692 |ParentID 3020)
C:\Windows\System32\hkcmd.exe (ID 2876 |ParentID 3020)
C:\Windows\System32\igfxpers.exe (ID 2340 |ParentID 3020)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4120 |ParentID 3320)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4172 |ParentID 3320)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4184 |ParentID 3320)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4196 |ParentID 3320)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4208 |ParentID 3320)
C:\Program Files\Internet Download Manager\IDMan.exe (ID 4248 |ParentID 3020)
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (ID 4364 |ParentID 3020)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4804 |ParentID 3320)
C:\Windows\System32\RuntimeBroker.exe (ID 4872 |ParentID 796)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID 4944 |ParentID 4248)
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (ID 4952 |ParentID 4364)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 5452 |ParentID 3320)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 5464 |ParentID 3320)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 5936 |ParentID 3320)
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID 6136 |ParentID 684)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 972 |ParentID 684)
C:\Windows\system32\wuauclt.exe (ID 4460 |ParentID 980)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID 3492 |ParentID 3320)
C:\Program Files\Internet Explorer\IELowutil.exe (ID 3364 |ParentID 4248)
C:\Windows\explorer.exe (ID 1272 |ParentID 796)
C:\Windows\system32\wbem\wmiprvse.exe (ID 5864 |ParentID 796)
C:\UsbFix\Go.exe (ID 2720 |ParentID 3224)
 
################## | Regedit Run |
 
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-21-3315385509-1532506984-3949795062-1001\SOFTWARE | Run : [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3315385509-1532506984-3949795062-1001\SOFTWARE | Run : [Sony PC Companion] - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
HKU\S-1-5-19\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-20\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-18\SOFTWARE | RunOnce : [] - 
 
################## | Files # Infected Folders |
 
Found ! I:\images.lnk
Found ! I:\$RECYCLE.BIN.lnk
Found ! I:\skin.lnk
Found ! I:\Backup.lnk
Found ! I:\Games.lnk
Found ! I:\test.lnk
Found ! I:\softwares.lnk
Found ! I:\Songs.lnk
Found ! I:\Utility.lnk
Found ! I:\Windows_8.lnk
Found ! I:\fIlms.lnk
Found ! F:\AutoRun.exe
Found ! F:\AUTORUN.INF
Found ! F:\SysConfig.dat
 
################## | Registry |
 
Found ! HKU\S-1-5-21-3315385509-1532506984-3949795062-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig
Found ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR
HKCU\.\.\.\.\Explorer\MountPoints2\{038e41ab-5daf-11e2-afa0-b101f378c5bf}
Shell\AutoRun\Command = "F:\AutoRun.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{038e41d3-5daf-11e2-afa0-b101f378c5bf}
Shell\AutoRun\Command = "F:\AutoRun.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{12c82fe6-60b9-11e2-afa1-b9a9ea868bba}
Shell\AutoRun\Command = "F:\AutoRun.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{12c83030-60b9-11e2-afa1-f04da2a13856}
Shell\AutoRun\Command = "F:\AutoRun.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{3a75c1e2-721f-11e2-afa4-001e101fb5b2}
Shell\AutoRun\Command = "F:\AutoRun.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{91130a25-5d96-11e2-af9b-806e6f6e6963}
Shell\AutoRun\Command = "E:\autoRcd.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{9ecfff07-6574-11e2-afa2-e67bedbffbbc}
Shell\AutoRun\Command = "H:\Startme.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{9ed0028e-6574-11e2-afa2-e67bedbffbbc}
Shell\AutoRun\Command = "F:\AutoRun.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{9ed0096b-6574-11e2-afa2-f04da2a13856}
Shell\AutoRun\Command = "F:\AutoRun.exe" 
 
HKCU\.\.\.\.\Explorer\MountPoints2\{9ed009fa-6574-11e2-afa2-f04da2a13856}
Shell\AutoRun\Command = "F:\AutoRun.exe" 
 
 
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 
-LISTING report-
############################## | UsbFix V 7.144 | [Listing]
 
User: Ahmed (Administrator) # WISAAM_PC
Updated 08/10/2013 by El Desaparecido - Team SosVirus
Started at 13:31:18 | 14/10/2013
 
 
PC: Dell Inc. (0WXY9J)
CPU: Intel® Core™ i3 CPU       M 370  @ 2.40GHz
RAM -> [Total : 2999 | Free : 1516]
Bios: Dell Inc.
Boot: Normal boot
 
OS: Microsoft Windows 8 Pro (6.2.9200 32-Bit) # 
WB: Windows Internet Explorer 10.0.9200.16466
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 150 Gb (114 Mb free - 76%) [System] # NTFS
D:\ -> Fixed drive # 133 Gb (133 Mb free - 100%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
I:\ -> Fixed drive # 466 Gb (179 Mb free - 38%) [WISY_STORE] # FAT32
 
################## | Listing |
 
[26/04/2013 - 11:53:39 | SHD ] C:\$Recycle.Bin
[26/07/2012 - 11:52:25 | A | 24] C:\autoexec.bat
[26/07/2012 - 08:44:30 | RASH | 398156] C:\bootmgr
[02/06/2012 - 19:30:55 | ASH | 1] C:\BOOTNXT
[26/07/2012 - 11:52:25 | A | 10] C:\config.sys
[13/01/2013 - 22:22:18 | D ] C:\dell
[26/07/2012 - 11:04:44 | SHD ] C:\Documents and Settings
[30/07/2013 - 21:41:58 | D ] C:\Game Of Thrones
[14/10/2013 - 13:15:24 | ASH | 2515476480] C:\hiberfil.sys
[13/01/2013 - 19:57:27 | RHD ] C:\MSOCache
[14/10/2013 - 13:15:28 | ASH | 536870912] C:\pagefile.sys
[26/07/2012 - 11:29:57 | D ] C:\PerfLogs
[12/10/2013 - 16:09:37 | D ] C:\Program Files
[12/10/2013 - 16:10:37 | HD ] C:\ProgramData
[14/10/2013 - 13:15:28 | ASH | 268435456] C:\swapfile.sys
[14/10/2013 - 13:15:19 | SHD ] C:\System Volume Information
[14/10/2013 - 13:31:19 | D ] C:\UsbFix
[14/10/2013 - 13:31:19 | A | 1933] C:\UsbFix [Listing 1 ] WISAAM_PC.txt
[14/10/2013 - 13:29:30 | A | 8805] C:\UsbFix [Scan 1] WISAAM_PC.txt
[26/04/2013 - 11:51:31 | RD ] C:\Users
[20/08/2013 - 11:37:43 | D ] C:\Windows
[06/08/2013 - 21:51:57 | SHD ] D:\$RECYCLE.BIN
[11/10/2013 - 18:14:38 | D ] D:\Arrow
[30/01/2013 - 12:44:00 | D ] D:\Certificate
[28/07/2006 - 08:32:44 | A | 7005] D:\Eula.txt
[15/10/2012 - 13:23:38 | A | 72154] D:\procexp.chm
[04/02/2013 - 22:46:38 | A | 2738264] D:\procexp.exe
[10/08/2013 - 15:13:07 | D ] D:\skin
[14/10/2013 - 13:15:22 | SHD ] D:\System Volume Information
[23/08/2009 - 07:42:34 | R | 143360] F:\AutoRun.exe
[10/03/2010 - 03:01:58 | R | 47] F:\AUTORUN.INF
[23/08/2009 - 07:42:34 | R | 143360] F:\DataCard_Setup.exe
[23/08/2009 - 07:43:46 | R | 206336] F:\DataCard_Setup64.exe
[21/02/2008 - 02:16:48 | R | 7168] F:\ResetDevice.exe
[10/03/2010 - 03:00:12 | R | 122726] F:\Startup.ico
[10/03/2010 - 03:01:56 | R | 1359] F:\SysConfig.dat
[19/03/2010 - 12:46:06 | D ] F:\WModem+
[30/04/2012 - 08:52:18 | SHD ] I:\images
[11/10/2013 - 19:19:36 | SHD ] I:\$RECYCLE.BIN
[10/08/2013 - 15:13:08 | SHD ] I:\skin
[10/08/2013 - 08:24:38 | A | 184906] I:\cleo3.rar
[13/01/2013 - 14:51:58 | SHD ] I:\Backup
[20/12/2012 - 13:23:56 | SHD ] I:\Games
[10/07/2013 - 21:59:48 | SHD ] I:\test
[08/09/2013 - 17:22:30 | A | 4401848] I:\DSC_3272.JPG
[17/12/2012 - 23:13:10 | SHD ] I:\softwares
[08/09/2013 - 17:18:42 | A | 3176604] I:\DSC_3261.JPG
[08/09/2013 - 17:21:44 | A | 4926635] I:\DSC_3268.JPG
[10/10/2013 - 21:21:32 | A | 1735] I:\images.lnk
[25/01/2013 - 17:32:20 | SHD ] I:\Songs
[30/04/2012 - 08:52:02 | SHD ] I:\Utility
[13/01/2013 - 15:06:58 | SHD ] I:\Windows_8
[17/08/2011 - 09:52:24 | A | 3594] I:\Activate Warranty.html
[02/09/2011 - 15:51:00 | A | 5013504] I:\ActivateWarranty.exe
[17/08/2011 - 09:51:08 | A | 3394] I:\Free Software.html
[20/12/2012 - 13:29:30 | SHD ] I:\fIlms
[10/10/2013 - 21:21:32 | A | 1747] I:\$RECYCLE.BIN.lnk
[10/10/2013 - 21:21:32 | A | 1731] I:\skin.lnk
[10/10/2013 - 21:21:32 | A | 1735] I:\Backup.lnk
[10/10/2013 - 21:21:32 | A | 1733] I:\Games.lnk
[10/10/2013 - 21:21:32 | A | 1731] I:\test.lnk
[10/10/2013 - 21:21:32 | A | 1741] I:\softwares.lnk
[10/10/2013 - 21:21:32 | A | 1733] I:\Songs.lnk
[10/10/2013 - 21:21:32 | A | 1737] I:\Utility.lnk
[10/10/2013 - 21:21:32 | A | 1741] I:\Windows_8.lnk
[10/10/2013 - 21:21:32 | A | 1733] I:\fIlms.lnk
[07/10/2013 - 04:13:16 | A | 356189766] I:\Beauty and the Beast (2012) S02E01 clubinfinity.mv.avi
[03/10/2013 - 05:06:16 | A | 347312522] I:\Arrow Special Year One (Season 1 Recap) clubinfinity.mv.avi
[10/10/2013 - 03:42:50 | A | 355489488] I:\Arrow S02E01 clubinfinity.mv.avi
[30/09/2013 - 05:05:16 | A | 369380696] I:\Revenge S03E01 clubinfinity.mv.avi
[07/10/2013 - 05:36:42 | A | 372736660] I:\Revenge S03E02 clubinfinity.mv.avi
 
################## | E.O.F |
 
-FRST report-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Ahmed (administrator) on WISAAM_PC on 14-10-2013 13:34:23
Running from C:\Users\Ahmed\Downloads\Programs
Microsoft Windows 8 Pro (X86) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Windows\system32\srvany.exe
() C:\Windows\KMService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\ProgramData\WModem+\OnlineUpdate\ouc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\WModem+\WModem+.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Runonce: [] - [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3573624 2013-03-22] (Tonec Inc.)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKCU\...\Policies\Explorer: [NofolderOptions] 0
MountPoints2: {038e41ab-5daf-11e2-afa0-b101f378c5bf} - "F:\AutoRun.exe" 
MountPoints2: {038e41d3-5daf-11e2-afa0-b101f378c5bf} - "F:\AutoRun.exe" 
MountPoints2: {12c82fe6-60b9-11e2-afa1-b9a9ea868bba} - "F:\AutoRun.exe" 
MountPoints2: {12c83030-60b9-11e2-afa1-f04da2a13856} - "F:\AutoRun.exe" 
MountPoints2: {3a75c1e2-721f-11e2-afa4-001e101fb5b2} - "F:\AutoRun.exe" 
MountPoints2: {91130a25-5d96-11e2-af9b-806e6f6e6963} - "E:\autoRcd.exe" 
MountPoints2: {9ecfff07-6574-11e2-afa2-e67bedbffbbc} - "H:\Startme.exe" 
MountPoints2: {9ed0028e-6574-11e2-afa2-e67bedbffbbc} - "F:\AutoRun.exe" 
MountPoints2: {9ed0096b-6574-11e2-afa2-f04da2a13856} - "F:\AutoRun.exe" 
MountPoints2: {9ed009fa-6574-11e2-afa2-f04da2a13856} - "F:\AutoRun.exe" 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFAE2829DC0F7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{2368EF6F-1BD2-4CE9-882E-AD7555C7265E}: [NameServer]8.8.8.8 165.21.83.88
Tcpip\..\Interfaces\{39F0F7DC-2516-4945-BDA1-DA21AE27FA4E}: [NameServer]8.8.8.8 165.21.83.88
Tcpip\..\Interfaces\{A2530A2B-1A4E-4FEB-B86B-DFA1E818407F}: [NameServer]8.8.8.8 165.21.83.88
Tcpip\..\Interfaces\{CB497885-E8B3-48EA-B792-9BB10A9673D1}: [NameServer]8.8.8.8 165.21.83.88
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Facebook for Chrome) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.3.1_0
CHR Extension: (IDM Integration) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0
CHR Extension: (FlashControl) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.3.15_0
CHR Extension: (Norton Identity Protection) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (FastestFox for Chrome) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.4_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Facebook Chat Fix) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojeeafjafadjmbpojlogpipohgkpplkk\2.0_0
CHR Extension: (Gmail) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files\Internet Download Manager\IDMGCExt.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx
 
========================== Services (Whitelisted) =================
 
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 KMService; C:\Windows\system32\srvany.exe [8192 2013-01-13] ()
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-31] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13344 2013-01-29] (Microsoft Corporation)
S2 WModem+. RunOuc; C:\Program Files\WModem+\UpdateDog\ouc.exe [239968 2013-01-18] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63.sys [4704256 2012-06-02] (Broadcom Corporation)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-01] (Symantec Corporation)
S3 huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [90112 2013-01-18] (Huawei Technologies Co., Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20131011.001\IDSvix86.sys [392792 2013-10-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131013.002\NAVENG.SYS [93272 2013-09-01] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131013.002\NAVEX15.SYS [1612376 2013-09-01] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360\1404000.028\SYMELAM.SYS [21400 2012-11-16] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-18] (TuneUp Software)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [x]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-14 13:34 - 2013-10-14 13:34 - 00000000 ____D C:\FRST
2013-10-14 13:31 - 2013-10-14 13:31 - 00004914 _____ C:\Users\Ahmed\Desktop\UsbFix [Listing 1 ] WISAAM_PC.txt
2013-10-14 13:31 - 2013-10-14 13:31 - 00004914 _____ C:\UsbFix [Listing 1 ] WISAAM_PC.txt
2013-10-14 13:30 - 2013-10-14 13:30 - 00008805 _____ C:\Users\Ahmed\Desktop\UsbFix [Scan 1] WISAAM_PC.txt
2013-10-14 13:29 - 2013-10-14 13:29 - 00002038 _____ C:\Users\Ahmed\Desktop\SosVirus On Facebook.lnk
2013-10-14 13:29 - 2013-10-14 13:29 - 00002030 _____ C:\Users\Ahmed\Desktop\UsbFix Faire un Don.lnk
2013-10-14 13:29 - 2013-10-14 13:29 - 00002014 _____ C:\Users\Ahmed\Desktop\SosVirus Forum.lnk
2013-10-14 13:22 - 2013-10-14 13:29 - 00008805 _____ C:\UsbFix [Scan 1] WISAAM_PC.txt
2013-10-14 13:21 - 2013-10-14 13:31 - 00000000 ____D C:\UsbFix
2013-10-14 13:19 - 2013-10-14 13:20 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Ahmed\Desktop\UsbFix.exe
2013-10-12 16:21 - 2013-10-12 16:22 - 06879429 _____ C:\Users\Ahmed\Documents\#tharahQeegaimu Running mate Debate (ehen beyfulhunnai huri thafaatrhu).flv
2013-10-12 16:17 - 2013-10-12 16:20 - 19036611 _____ C:\Users\Ahmed\Documents\Qasim ge thasavvurugai tharahQee dhivehi rajje.mp4
2013-10-12 16:14 - 2013-10-12 16:16 - 19421130 _____ C:\Users\Ahmed\Documents\Tharahqeegaimu (Campaign song).flv
2013-10-12 16:10 - 2013-10-12 16:10 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-10-12 16:09 - 2013-10-12 16:09 - 00001217 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-10-12 16:09 - 2013-10-12 16:09 - 00000000 ____D C:\Program Files\GreenTree Applications
2013-10-12 16:09 - 2013-10-12 16:09 - 00000000 _____ C:\Users\Ahmed\Documents\winziprosetup.exe
2013-10-12 16:09 - 2013-10-12 16:09 - 00000000 _____ C:\Users\Ahmed\Documents\APNSetup.exe
2013-10-11 18:03 - 2013-10-11 18:05 - 00010993 _____ C:\Users\Ahmed\Desktop\dds.txt
2013-10-11 18:03 - 2013-10-11 18:05 - 00004449 _____ C:\Users\Ahmed\Desktop\attach.txt
2013-10-11 18:00 - 2013-10-11 18:01 - 00688992 ____R (Swearware) C:\Users\Ahmed\Downloads\dds.com
2013-10-11 17:52 - 2013-10-11 17:52 - 00000000 ____D C:\Program Files\USBDriveFresher
2013-10-11 16:57 - 2013-09-24 05:59 - 365979648 _____ C:\Users\Ahmed\Desktop\The Blacklist S01E01 clubinfinity.mv.avi
2013-10-11 16:56 - 2013-10-08 05:46 - 355954368 _____ C:\Users\Ahmed\Desktop\The Blacklist S01E03 clubinfinity.mv.avi
2013-10-11 16:56 - 2013-10-01 05:53 - 342604188 _____ C:\Users\Ahmed\Desktop\The Blacklist S01E02 clubinfinity.mv.avi
2013-09-16 22:58 - 2013-09-16 22:58 - 01444376 _____ C:\Users\Ahmed\Documents\MTCC.cdr
 
==================== One Month Modified Files and Folders =======
 
2013-10-14 13:34 - 2013-10-14 13:34 - 00000000 ____D C:\FRST
2013-10-14 13:31 - 2013-10-14 13:31 - 00004914 _____ C:\Users\Ahmed\Desktop\UsbFix [Listing 1 ] WISAAM_PC.txt
2013-10-14 13:31 - 2013-10-14 13:31 - 00004914 _____ C:\UsbFix [Listing 1 ] WISAAM_PC.txt
2013-10-14 13:31 - 2013-10-14 13:21 - 00000000 ____D C:\UsbFix
2013-10-14 13:30 - 2013-10-14 13:30 - 00008805 _____ C:\Users\Ahmed\Desktop\UsbFix [Scan 1] WISAAM_PC.txt
2013-10-14 13:29 - 2013-10-14 13:29 - 00002038 _____ C:\Users\Ahmed\Desktop\SosVirus On Facebook.lnk
2013-10-14 13:29 - 2013-10-14 13:29 - 00002030 _____ C:\Users\Ahmed\Desktop\UsbFix Faire un Don.lnk
2013-10-14 13:29 - 2013-10-14 13:29 - 00002014 _____ C:\Users\Ahmed\Desktop\SosVirus Forum.lnk
2013-10-14 13:29 - 2013-10-14 13:22 - 00008805 _____ C:\UsbFix [Scan 1] WISAAM_PC.txt
2013-10-14 13:22 - 2013-01-13 15:44 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-14 13:20 - 2013-10-14 13:19 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Ahmed\Desktop\UsbFix.exe
2013-10-14 13:19 - 2013-01-13 15:59 - 01446148 _____ C:\Windows\WindowsUpdate.log
2013-10-14 13:18 - 2013-01-13 22:48 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-14 13:16 - 2013-01-13 22:48 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-14 13:15 - 2013-01-13 20:33 - 00071820 _____ C:\Windows\PFRO.log
2013-10-14 13:15 - 2012-07-26 11:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 13:14 - 2013-01-14 09:48 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\DMCache
2013-10-14 13:14 - 2012-07-26 09:17 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-14 13:00 - 2012-07-26 11:53 - 00000000 ____D C:\Windows\system32\sru
2013-10-12 16:22 - 2013-10-12 16:21 - 06879429 _____ C:\Users\Ahmed\Documents\#tharahQeegaimu Running mate Debate (ehen beyfulhunnai huri thafaatrhu).flv
2013-10-12 16:20 - 2013-10-12 16:17 - 19036611 _____ C:\Users\Ahmed\Documents\Qasim ge thasavvurugai tharahQee dhivehi rajje.mp4
2013-10-12 16:17 - 2013-01-13 19:53 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\vlc
2013-10-12 16:16 - 2013-10-12 16:14 - 19421130 _____ C:\Users\Ahmed\Documents\Tharahqeegaimu (Campaign song).flv
2013-10-12 16:10 - 2013-10-12 16:10 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-10-12 16:09 - 2013-10-12 16:09 - 00001217 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-10-12 16:09 - 2013-10-12 16:09 - 00000000 ____D C:\Program Files\GreenTree Applications
2013-10-12 16:09 - 2013-10-12 16:09 - 00000000 _____ C:\Users\Ahmed\Documents\winziprosetup.exe
2013-10-12 16:09 - 2013-10-12 16:09 - 00000000 _____ C:\Users\Ahmed\Documents\APNSetup.exe
2013-10-12 12:20 - 2013-01-14 09:48 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\IDM
2013-10-11 19:14 - 2013-01-14 15:28 - 00000000 ____D C:\Program Files\WModem+
2013-10-11 19:14 - 2013-01-14 09:48 - 00000000 ____D C:\Users\Ahmed\Downloads\Video
2013-10-11 18:05 - 2013-10-11 18:03 - 00010993 _____ C:\Users\Ahmed\Desktop\dds.txt
2013-10-11 18:05 - 2013-10-11 18:03 - 00004449 _____ C:\Users\Ahmed\Desktop\attach.txt
2013-10-11 18:01 - 2013-10-11 18:00 - 00688992 ____R (Swearware) C:\Users\Ahmed\Downloads\dds.com
2013-10-11 17:52 - 2013-10-11 17:52 - 00000000 ____D C:\Program Files\USBDriveFresher
2013-10-11 17:50 - 2012-07-26 09:43 - 00000000 ___RD C:\Users\Public
2013-10-08 21:01 - 2012-07-26 11:53 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-08 17:23 - 2012-07-26 09:17 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-08 05:46 - 2013-10-11 16:56 - 355954368 _____ C:\Users\Ahmed\Desktop\The Blacklist S01E03 clubinfinity.mv.avi
2013-10-04 22:30 - 2013-09-06 00:12 - 00000000 ____D C:\Users\Ahmed\Desktop\shafaz
2013-10-01 05:53 - 2013-10-11 16:56 - 342604188 _____ C:\Users\Ahmed\Desktop\The Blacklist S01E02 clubinfinity.mv.avi
2013-09-26 21:55 - 2013-05-17 21:13 - 00000000 ____D C:\Users\Ahmed\AppData\Local\CrashDumps
2013-09-24 05:59 - 2013-10-11 16:57 - 365979648 _____ C:\Users\Ahmed\Desktop\The Blacklist S01E01 clubinfinity.mv.avi
2013-09-19 20:13 - 2013-09-11 23:34 - 00001938 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-19 20:13 - 2013-06-04 17:29 - 00203818 _____ C:\Windows\DPINST.LOG
2013-09-19 20:13 - 2013-01-13 22:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-16 22:58 - 2013-09-16 22:58 - 01444376 _____ C:\Users\Ahmed\Documents\MTCC.cdr
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-05 21:11
 
==================== End Of Log ============================
 
-ADDITION report-
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Ahmed at 2013-10-14 13:35:28
Running from C:\Users\Ahmed\Downloads\Programs
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier Edition (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Corel Graphics - Windows Shell Extension (Version: 16.0.0.707)
Corel Graphics - Windows Shell Extension (Version: 16.0.707)
CorelDRAW Graphics Suite X6 - Capture (Version: 16.0)
CorelDRAW Graphics Suite X6 - Common (Version: 16.0)
CorelDRAW Graphics Suite X6 - Connect (Version: 16.0)
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0)
CorelDRAW Graphics Suite X6 - Draw (Version: 16.0)
CorelDRAW Graphics Suite X6 - EN (Version: 16.0)
CorelDRAW Graphics Suite X6 - Filters (Version: 16.0)
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0)
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0)
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0)
CorelDRAW Graphics Suite X6 - VBA (Version: 16.0)
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0)
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0)
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0)
CorelDRAW Graphics Suite X6 (Version: 16.0)
CorelDRAW Graphics Suite X6 (Version: 16.0.0.707)
Dell Resource CD (Version: 1.00.0000)
Free Zip Opener (Version: 1.0)
Game of Thrones version 1.0.0.0 (Version: 1.0.0.0)
Google Chrome (Version: 30.0.1599.69)
Google Update Helper (Version: 1.3.21.165)
iLivid (Version: 4.0.0.3451)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.6.1001)
Intel® Turbo Boost Technology Driver (Version: 01.02.00.1002)
Internet Download Manager
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.0.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Norton 360 Premier Edition (Version: 20.4.0.40)
Sony Ericsson Update Engine (Version: 2.13.7.201306141231)
Sony PC Companion 2.10.174 (Version: 2.10.174)
TuneUp Utilities 2013 (Version: 13.0.3020.7)
TuneUp Utilities Language Pack (en-US) (Version: 13.0.3020.7)
USBDriveFresher 1.0 (Version: 1.0)
UsbFix By El Desaparecido
VLC media player 2.0.5 (Version: 2.0.5)
WinZip 16.0 (Version: 16.0.9715)
WModem+ (Version: 21.005.15.00.293)
YTD Video Downloader 4.5.1 (Version: 4.5.1)
 
==================== Restore Points  =========================
 
19-09-2013 16:52:29 Scheduled Checkpoint
03-10-2013 18:11:14 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2012-07-26 09:17 - 2012-07-26 09:17 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0D4DF7D3-8182-4090-8A84-ED48CDAA245B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-13] (Google Inc.)
Task: {26C5E6BB-8517-416F-A003-E6763F33083B} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {3E4C9E63-796C-4BEC-B744-9286565B69DA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {777152F5-B23E-4C28-8AE2-0F6D3521C45C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {B9ADA005-AEF4-4108-9ACA-64287AE0ED57} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {CCFECC5D-A47F-42B8-94CD-512F171A6215} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2013-01-31] (TuneUp Software)
Task: {E93AFA01-2E95-4345-A3E4-E6FFD3153F00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-13] (Google Inc.)
Task: {EAF6FD2A-95F1-404D-B438-F255756429C7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-10 01:18 - 2010-01-10 01:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 06:34 - 2010-01-21 06:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-14 23:31 - 2010-12-29 16:24 - 00439296 _____ () C:\Program Files\Free Zip Opener\contmenu.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00427008 _____ () C:\Program Files\WModem+\core.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00264192 _____ () C:\Program Files\WModem+\sdk.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00011362 _____ () C:\Program Files\WModem+\mingwm10.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00043008 _____ () C:\Program Files\WModem+\libgcc_s_dw2-1.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 02415104 _____ () C:\Program Files\WModem+\QtCore4.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 09515520 _____ () C:\Program Files\WModem+\QtGui4.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00382464 _____ () C:\Program Files\WModem+\Proxy.DLL
2013-01-18 12:12 - 2013-01-18 12:12 - 00218112 _____ () C:\Program Files\WModem+\Common.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00135168 _____ () C:\Program Files\WModem+\Trace.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00545280 _____ () C:\Program Files\WModem+\PluginContainer.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00238080 _____ () C:\Program Files\WModem+\AtCodec.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00301056 _____ () C:\Program Files\WModem+\DeviceSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00237568 _____ () C:\Program Files\WModem+\NetSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00133120 _____ () C:\Program Files\WModem+\OSDialup.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00159744 _____ () C:\Program Files\WModem+\XCodec.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00157184 _____ () C:\Program Files\WModem+\DataServicePlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00176128 _____ () C:\Program Files\WModem+\CallSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00264704 _____ () C:\Program Files\WModem+\AddrBookSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00217600 _____ () C:\Program Files\WModem+\SmsSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00142336 _____ () C:\Program Files\WModem+\USSDSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00156672 _____ () C:\Program Files\WModem+\STKSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00338432 _____ () C:\Program Files\WModem+\DeviceAppPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00065536 _____ () C:\Program Files\WModem+\OSPowerMgr.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00114688 _____ () C:\Program Files\WModem+\Win7Support.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 01078272 _____ () C:\Program Files\WModem+\AddrBookPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00670720 _____ () C:\Program Files\WModem+\SmsAppPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00550400 _____ () C:\Program Files\WModem+\CallAppPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00547840 _____ () C:\Program Files\WModem+\CallLogSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00158720 _____ () C:\Program Files\WModem+\NetConnectSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00211968 _____ () C:\Program Files\WModem+\DialUpPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00101376 _____ () C:\Program Files\WModem+\OSAdapt.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00180224 _____ () C:\Program Files\WModem+\NDISPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00131072 _____ () C:\Program Files\WModem+\OSNDIS.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 01101824 _____ () C:\Program Files\WModem+\NDISAPI.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00278528 _____ () C:\Program Files\WModem+\NetInfoSrvPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00062976 _____ () C:\Program Files\WModem+\OSCall.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00538624 _____ () C:\Program Files\WModem+\DeviceMgrUIPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00398336 _____ () C:\Program Files\WModem+\QtXml4.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00184832 _____ () C:\Program Files\WModem+\XFramePlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00123392 _____ () C:\Program Files\WModem+\ATR2SMgr.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00307200 _____ () C:\Program Files\WModem+\StatusBarMgrPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00117760 _____ () C:\Program Files\WModem+\LayoutPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00441856 _____ () C:\Program Files\WModem+\DialupUIPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00093184 _____ () C:\Program Files\WModem+\NotifyServicePlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00246784 _____ () C:\Program Files\WModem+\DeviceInfoExPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 01148416 _____ () C:\Program Files\WModem+\QtNetwork4.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00333824 _____ () C:\Program Files\WModem+\NetConnectPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00295424 _____ () C:\Program Files\WModem+\MenuMgrPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00385024 _____ () C:\Program Files\WModem+\USSDUIPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00484352 _____ () C:\Program Files\WModem+\NetInfoUIExPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00823808 _____ () C:\Program Files\WModem+\SMSUIPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00771072 _____ () C:\Program Files\WModem+\AddrBookUIPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00209408 _____ () C:\Program Files\WModem+\ToolBarMgrPlugin.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00263168 _____ () C:\Program Files\WModem+\LiveUpdateInterface.DLL
2013-01-18 12:12 - 2013-01-18 12:12 - 00082944 _____ () C:\Program Files\WModem+\plugins\imageformats\qgif4.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00081920 _____ () C:\Program Files\WModem+\plugins\imageformats\qico4.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00192000 _____ () C:\Program Files\WModem+\plugins\imageformats\qjpeg4.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00350720 _____ () C:\Program Files\WModem+\plugins\imageformats\qmng4.dll
2013-01-18 12:12 - 2013-01-18 12:12 - 00370176 _____ () C:\Program Files\WModem+\plugins\imageformats\qtiff4.dll
2012-07-26 13:31 - 2012-07-26 13:28 - 00143216 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-13 23:33 - 2012-05-30 19:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
2013-10-09 20:21 - 2013-10-03 11:02 - 00698832 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-09 20:21 - 2013-10-03 11:02 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\libegl.dll
2012-09-15 03:40 - 2012-09-15 03:40 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-10-09 20:21 - 2013-10-03 11:03 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-09 20:21 - 2013-10-03 11:03 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-09 20:21 - 2013-10-03 11:02 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-06-04 17:28 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2013-06-04 17:28 - 2013-05-17 10:51 - 00207872 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-06-04 17:28 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2013-06-13 23:33 - 2012-05-30 19:51 - 00699280 ____R () C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
2013-10-09 20:21 - 2013-10-03 11:03 - 13611984 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/13/2013 10:07:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WISAAM_PC)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.
 
Error: (10/13/2013 10:06:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WISAAM_PC)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.
 
Error: (10/13/2013 09:54:39 PM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (10/12/2013 04:03:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WISAAM_PC)
Description: App Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic did not launch within its allotted time.
 
Error: (10/11/2013 01:15:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: WISAAM_PC)
Description: App Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic did not launch within its allotted time.
 
Error: (10/09/2013 07:44:06 PM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (10/04/2013 02:01:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: WISAAM_PC)
Description: App Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader did not launch within its allotted time.
 
Error: (10/03/2013 11:15:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/03/2013 11:13:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/03/2013 10:41:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WISAAM_PC)
Description: App Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo did not launch within its allotted time.
 
 
System errors:
=============
Error: (10/14/2013 01:16:02 PM) (Source: Service Control Manager) (User: )
Description: The WModem+. OUC service failed to start due to the following error: 
%%1053
 
Error: (10/14/2013 01:16:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WModem+. OUC service to connect.
 
Error: (10/11/2013 07:10:59 PM) (Source: Service Control Manager) (User: )
Description: The WModem+. OUC service failed to start due to the following error: 
%%1053
 
Error: (10/11/2013 07:10:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WModem+. OUC service to connect.
 
Error: (10/08/2013 08:13:18 PM) (Source: Service Control Manager) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
%%1
 
Error: (10/08/2013 05:23:02 PM) (Source: Service Control Manager) (User: )
Description: The WModem+. OUC service failed to start due to the following error: 
%%1053
 
Error: (10/08/2013 05:23:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WModem+. OUC service to connect.
 
Error: (10/08/2013 05:22:43 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 00:47:53 on ‎08/‎10/‎2013 was unexpected.
 
Error: (10/04/2013 01:40:39 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on G: cannot be read.
 
Error: (09/28/2013 07:39:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on G: cannot be read.
 
 
Microsoft Office Sessions:
=========================
Error: (10/13/2013 10:07:02 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WISAAM_PC)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos
 
Error: (10/13/2013 10:06:11 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WISAAM_PC)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos
 
Error: (10/13/2013 09:54:39 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (10/12/2013 04:03:16 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WISAAM_PC)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
 
Error: (10/11/2013 01:15:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: WISAAM_PC)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
 
Error: (10/09/2013 07:44:06 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (10/04/2013 02:01:05 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: WISAAM_PC)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader
 
Error: (10/03/2013 11:15:20 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe
 
Error: (10/03/2013 11:13:20 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe
 
Error: (10/03/2013 10:41:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WISAAM_PC)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 52%
Total physical RAM: 2998.68 MB
Available physical RAM: 1409.61 MB
Total Pagefile: 3510.68 MB
Available Pagefile: 1775.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1852.01 MB
 
==================== Drives ================================
 
Drive c: (System) (Fixed) (Total:149.85 GB) (Free:113.78 GB) NTFS
Drive d: (Data) (Fixed) (Total:133.5 GB) (Free:133.38 GB) NTFS
Drive f: (WModem+) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive i: (WISY_STORE) (Fixed) (Total:465.65 GB) (Free:178.61 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7F0F58CD)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=133 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 4210D353)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)
 
==================== End Of Log ============================


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:21 AM

Posted 14 October 2013 - 05:43 PM

Wisaam,

 

Thanks for the reports.

 

Let's press on with FRST...

 

Make sure the USB drive is connected in the same port as before, so the drive letter remains as: I

(As in upper case of i)

 

Otherwise, the last command of the list that follows will not work:

cmd attrib -h -s -r -a /s /d I:\*.*

 

 

:step1:  Please open Notepad (Start > All Programs > Accessories > Notepad)

Copy the entire contents of the code box below

Save it to the Desktop, and name it: fixlist.txt

start
HKCU\...\Winlogon: [Shell] Explorer.exe 
MountPoints2: {038e41ab-5daf-11e2-afa0-b101f378c5bf} - "F:\AutoRun.exe" 
MountPoints2: {038e41d3-5daf-11e2-afa0-b101f378c5bf} - "F:\AutoRun.exe" 
MountPoints2: {12c82fe6-60b9-11e2-afa1-b9a9ea868bba} - "F:\AutoRun.exe" 
MountPoints2: {12c83030-60b9-11e2-afa1-f04da2a13856} - "F:\AutoRun.exe" 
MountPoints2: {3a75c1e2-721f-11e2-afa4-001e101fb5b2} - "F:\AutoRun.exe" 
MountPoints2: {91130a25-5d96-11e2-af9b-806e6f6e6963} - "E:\autoRcd.exe" 
MountPoints2: {9ecfff07-6574-11e2-afa2-e67bedbffbbc} - "H:\Startme.exe" 
MountPoints2: {9ed0028e-6574-11e2-afa2-e67bedbffbbc} - "F:\AutoRun.exe" 
MountPoints2: {9ed0096b-6574-11e2-afa2-f04da2a13856} - "F:\AutoRun.exe" 
MountPoints2: {9ed009fa-6574-11e2-afa2-f04da2a13856} - "F:\AutoRun.exe" 
cmd: attrib -h -s -r -a /s /d I:\*.* 
end

Once again, double-click FRST to run it.

When the tool opens click Yes to disclaimer.

Press the Fix button once, and wait.

When done, FRST produces Fixlog.txt on the Desktop.

 

>>  Please provide the Fixlog.txt on your reply.

 

 

:step2:  Now, please run USBFix once again

Press: Deletion

When done, the program closes on its own, and a report appears.

The report file is also found at C:\UsbFix.txt

 

>>  Please post the UsbFix.txt (Deletion) report in your reply.

 

Note: As before, if your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program.

 

Also, please check the USB drive and post back whether the shortcuts are gone.

 

Thanks!

 


Edited by Aaflac, 14 October 2013 - 06:03 PM.

Old duck...


#5 Wisaam

Wisaam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maldives
  • Local time:07:21 PM

Posted 15 October 2013 - 12:19 AM

THANKS ALOT, my external hard drive is back to normal but it still have this file called "Recycle Bin"(type '.BIN'). Also my System (C:) drive has a folder "$Recycle.Bin"(type '.BIN') and a shortcut folder called "Documents and Settings", as well in Data (D:) drive has the same "$RECYCLE.BIN" folder and "System Volume Information". All of these files & folders can be hidden anyway. Just wanted to make sure I won't face any more problems regarding these. Following are the reports.

 

- FIX LOG report -

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Ahmed at 2013-10-15 09:59:41 Run:1
Running from C:\Users\Ahmed\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKCU\...\Winlogon: [Shell] Explorer.exe 
MountPoints2: {038e41ab-5daf-11e2-afa0-b101f378c5bf} - "F:\AutoRun.exe" 
MountPoints2: {038e41d3-5daf-11e2-afa0-b101f378c5bf} - "F:\AutoRun.exe" 
MountPoints2: {12c82fe6-60b9-11e2-afa1-b9a9ea868bba} - "F:\AutoRun.exe" 
MountPoints2: {12c83030-60b9-11e2-afa1-f04da2a13856} - "F:\AutoRun.exe" 
MountPoints2: {3a75c1e2-721f-11e2-afa4-001e101fb5b2} - "F:\AutoRun.exe" 
MountPoints2: {91130a25-5d96-11e2-af9b-806e6f6e6963} - "E:\autoRcd.exe" 
MountPoints2: {9ecfff07-6574-11e2-afa2-e67bedbffbbc} - "H:\Startme.exe" 
MountPoints2: {9ed0028e-6574-11e2-afa2-e67bedbffbbc} - "F:\AutoRun.exe" 
MountPoints2: {9ed0096b-6574-11e2-afa2-f04da2a13856} - "F:\AutoRun.exe" 
MountPoints2: {9ed009fa-6574-11e2-afa2-f04da2a13856} - "F:\AutoRun.exe" 
cmd: attrib -h -s -r -a /s /d I:\*.* 
end
*****************
 
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{038e41ab-5daf-11e2-afa0-b101f378c5bf} => Key deleted successfully.
HKCR\CLSID\{038e41ab-5daf-11e2-afa0-b101f378c5bf} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{038e41d3-5daf-11e2-afa0-b101f378c5bf} => Key deleted successfully.
HKCR\CLSID\{038e41d3-5daf-11e2-afa0-b101f378c5bf} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12c82fe6-60b9-11e2-afa1-b9a9ea868bba} => Key deleted successfully.
HKCR\CLSID\{12c82fe6-60b9-11e2-afa1-b9a9ea868bba} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12c83030-60b9-11e2-afa1-f04da2a13856} => Key deleted successfully.
HKCR\CLSID\{12c83030-60b9-11e2-afa1-f04da2a13856} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a75c1e2-721f-11e2-afa4-001e101fb5b2} => Key deleted successfully.
HKCR\CLSID\{3a75c1e2-721f-11e2-afa4-001e101fb5b2} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91130a25-5d96-11e2-af9b-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{91130a25-5d96-11e2-af9b-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ecfff07-6574-11e2-afa2-e67bedbffbbc} => Key deleted successfully.
HKCR\CLSID\{9ecfff07-6574-11e2-afa2-e67bedbffbbc} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ed0028e-6574-11e2-afa2-e67bedbffbbc} => Key deleted successfully.
HKCR\CLSID\{9ed0028e-6574-11e2-afa2-e67bedbffbbc} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ed0096b-6574-11e2-afa2-f04da2a13856} => Key deleted successfully.
HKCR\CLSID\{9ed0096b-6574-11e2-afa2-f04da2a13856} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ed009fa-6574-11e2-afa2-f04da2a13856} => Key deleted successfully.
HKCR\CLSID\{9ed009fa-6574-11e2-afa2-f04da2a13856} => Key not found.
 
=========  attrib -h -s -r -a /s /d I:\*.*  =========
 
 
========= End of CMD: =========
 
 
==== End of Fixlog ====
 
- USB Fix report -
############################## | UsbFix V 7.144 | [Deletion]
 
User: Ahmed (Administrator) # WISAAM_PC
Updated 08/10/2013 by El Desaparecido - Team SosVirus
Started at 10:00:57 | 15/10/2013
 
 
PC: Dell Inc. (0WXY9J)
CPU: Intel® Core™ i3 CPU       M 370  @ 2.40GHz
RAM -> [Total : 2999 | Free : 1433]
Bios: Dell Inc.
Boot: Normal boot
 
OS: Microsoft Windows 8 Pro (6.2.9200 32-Bit) # 
WB: Windows Internet Explorer 10.0.9200.16466
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 150 Gb (114 Mb free - 76%) [System] # NTFS
D:\ -> Fixed drive # 133 Gb (133 Mb free - 100%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
I:\ -> Fixed drive # 466 Gb (179 Mb free - 38%) [WISY_STORE] # FAT32
 
################## | Regedit Run |
 
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-21-3315385509-1532506984-3949795062-1001\SOFTWARE | Run : [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3315385509-1532506984-3949795062-1001\SOFTWARE | Run : [Sony PC Companion] - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
HKU\S-1-5-19\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-20\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-18\SOFTWARE | RunOnce : [] - 
 
################## | Stopped processes |
 
Stopped! C:\Windows\System32\spoolsv.exe (ID 1416 |ParentID 548)
Stopped! C:\ProgramData\DatacardService\HWDeviceService.exe (ID 1628 |ParentID 548)
Stopped! C:\Windows\system32\dashost.exe (ID 1728 |ParentID 1104)
Stopped! C:\Windows\system32\srvany.exe (ID 1800 |ParentID 548)
Stopped! C:\Windows\KMService.exe (ID 1832 |ParentID 1800)
Stopped! C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID 1840 |ParentID 548)
Stopped! C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (ID 1860 |ParentID 548)
Stopped! c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (ID 1940 |ParentID 548)
Stopped! C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (ID 2012 |ParentID 548)
Stopped! C:\ProgramData\WModem+\OnlineUpdate\ouc.exe (ID 868 |ParentID 364)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID 2116 |ParentID 548)
Stopped! C:\Windows\System32\WUDFHost.exe (ID 2368 |ParentID 1104)
Stopped! C:\Windows\System32\WUDFHost.exe (ID 2556 |ParentID 1104)
Stopped! C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (ID 3208 |ParentID 1860)
Stopped! C:\Windows\system32\taskhostex.exe (ID 3224 |ParentID 548)
Stopped! C:\ProgramData\DatacardService\DCSHelper.exe (ID 3660 |ParentID 1628)
Stopped! C:\ProgramData\DatacardService\DCSHelper.exe (ID 3752 |ParentID 1628)
Stopped! C:\Program Files\WModem+\WModem+.exe (ID 3788 |ParentID 3752)
Stopped! C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe (ID 3876 |ParentID 756)
Stopped! C:\Windows\System32\RuntimeBroker.exe (ID 436 |ParentID 756)
Stopped! C:\Windows\System32\igfxtray.exe (ID 2924 |ParentID 3480)
Stopped! C:\Windows\System32\hkcmd.exe (ID 2324 |ParentID 3480)
Stopped! C:\Windows\System32\igfxpers.exe (ID 3648 |ParentID 3480)
Stopped! C:\Program Files\Internet Download Manager\IDMan.exe (ID 2976 |ParentID 3480)
Stopped! C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (ID 3912 |ParentID 3480)
Stopped! C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (ID 3260 |ParentID 3912)
Stopped! C:\Program Files\Internet Download Manager\IEMonitor.exe (ID 2008 |ParentID 2976)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4108 |ParentID 4024)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4228 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4788 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4824 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4856 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4868 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4888 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 5420 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 5820 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 6120 |ParentID 4108)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2684 |ParentID 4108)
Stopped! C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID 5716 |ParentID 548)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 780 |ParentID 548)
Stopped! C:\Windows\system32\wuauclt.exe (ID 716 |ParentID 924)
Stopped! C:\Windows\system32\notepad.exe (ID 2652 |ParentID 3480)
Stopped! C:\Users\Ahmed\Desktop\FRST.exe (ID 792 |ParentID 3480)
Stopped! C:\Windows\SYSTEM32\notepad.exe (ID 2520 |ParentID 792)
 
################## | Files # Infected Folders |
 
Deleted ! I:\images.lnk
Deleted ! I:\$RECYCLE.BIN.lnk
Deleted ! I:\skin.lnk
Deleted ! I:\Backup.lnk
Deleted ! I:\Games.lnk
Deleted ! I:\test.lnk
Deleted ! I:\softwares.lnk
Deleted ! I:\Songs.lnk
Deleted ! I:\Utility.lnk
Deleted ! I:\Windows_8.lnk
Deleted ! I:\fIlms.lnk
Not deleted ! F:\AutoRun.exe
Not deleted ! F:\AUTORUN.INF
Not deleted ! F:\SysConfig.dat
 
(!) Temporary files deleted.
 
################## | Registry |
 
Deleted ! HKU\S-1-5-21-3315385509-1532506984-3949795062-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig
Deleted ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR
 
################## | Listing |
 
[26/04/2013 - 11:53:39 | SHD ] C:\$Recycle.Bin
[26/07/2012 - 11:52:25 | N | 24] C:\autoexec.bat
[26/07/2012 - 08:44:30 | RASH | 398156] C:\bootmgr
[02/06/2012 - 19:30:55 | N | 1] C:\BOOTNXT
[26/07/2012 - 11:52:25 | N | 10] C:\config.sys
[13/01/2013 - 22:22:18 | D ] C:\dell
[26/07/2012 - 11:04:44 | SHD ] C:\Documents and Settings
[14/10/2013 - 13:34:17 | D ] C:\FRST
[30/07/2013 - 21:41:58 | D ] C:\Game Of Thrones
[15/10/2013 - 09:40:38 | ASH | 2515476480] C:\hiberfil.sys
[13/01/2013 - 19:57:27 | RHD ] C:\MSOCache
[15/10/2013 - 09:40:42 | ASH | 536870912] C:\pagefile.sys
[26/07/2012 - 11:29:57 | D ] C:\PerfLogs
[12/10/2013 - 16:09:37 | D ] C:\Program Files
[12/10/2013 - 16:10:37 | HD ] C:\ProgramData
[15/10/2013 - 09:40:53 | ASH | 268435456] C:\swapfile.sys
[14/10/2013 - 13:15:19 | SHD ] C:\System Volume Information
[15/10/2013 - 10:06:51 | D ] C:\UsbFix
[15/10/2013 - 10:08:02 | A | 7251] C:\UsbFix [Clean 1] WISAAM_PC.txt
[14/10/2013 - 13:31:20 | N | 4914] C:\UsbFix [Listing 1 ] WISAAM_PC.txt
[14/10/2013 - 13:29:30 | N | 8805] C:\UsbFix [Scan 1] WISAAM_PC.txt
[26/04/2013 - 11:51:31 | RD ] C:\Users
[14/10/2013 - 13:34:19 | D ] C:\Windows
[06/08/2013 - 21:51:57 | SHD ] D:\$RECYCLE.BIN
[11/10/2013 - 18:14:38 | D ] D:\Arrow
[30/01/2013 - 12:44:00 | D ] D:\Certificate
[28/07/2006 - 08:32:44 | N | 7005] D:\Eula.txt
[15/10/2012 - 13:23:38 | N | 72154] D:\procexp.chm
[04/02/2013 - 22:46:38 | N | 2738264] D:\procexp.exe
[10/08/2013 - 15:13:07 | D ] D:\skin
[14/10/2013 - 13:15:22 | SHD ] D:\System Volume Information
[23/08/2009 - 07:42:34 | R | 143360] F:\AutoRun.exe
[10/03/2010 - 03:01:58 | R | 47] F:\AUTORUN.INF
[23/08/2009 - 07:42:34 | R | 143360] F:\DataCard_Setup.exe
[23/08/2009 - 07:43:46 | R | 206336] F:\DataCard_Setup64.exe
[21/02/2008 - 02:16:48 | R | 7168] F:\ResetDevice.exe
[10/03/2010 - 03:00:12 | R | 122726] F:\Startup.ico
[10/03/2010 - 03:01:56 | R | 1359] F:\SysConfig.dat
[19/03/2010 - 12:46:06 | D ] F:\WModem+
[30/04/2012 - 08:52:18 | D ] I:\images
[11/10/2013 - 19:19:36 | SHD ] I:\$RECYCLE.BIN
[10/08/2013 - 15:13:08 | D ] I:\skin
[10/08/2013 - 08:24:38 | N | 184906] I:\cleo3.rar
[13/01/2013 - 14:51:58 | D ] I:\Backup
[20/12/2012 - 13:23:56 | D ] I:\Games
[10/07/2013 - 21:59:48 | D ] I:\test
[08/09/2013 - 17:22:30 | N | 4401848] I:\DSC_3272.JPG
[17/12/2012 - 23:13:10 | D ] I:\softwares
[08/09/2013 - 17:18:42 | N | 3176604] I:\DSC_3261.JPG
[08/09/2013 - 17:21:44 | N | 4926635] I:\DSC_3268.JPG
[25/01/2013 - 17:32:20 | D ] I:\Songs
[30/04/2012 - 08:52:02 | D ] I:\Utility
[13/01/2013 - 15:06:58 | D ] I:\Windows_8
[17/08/2011 - 09:52:24 | N | 3594] I:\Activate Warranty.html
[02/09/2011 - 15:51:00 | N | 5013504] I:\ActivateWarranty.exe
[17/08/2011 - 09:51:08 | N | 3394] I:\Free Software.html
[20/12/2012 - 13:29:30 | D ] I:\fIlms
[07/10/2013 - 04:13:16 | N | 356189766] I:\Beauty and the Beast (2012) S02E01 clubinfinity.mv.avi
[03/10/2013 - 05:06:16 | N | 347312522] I:\Arrow Special Year One (Season 1 Recap) clubinfinity.mv.avi
[10/10/2013 - 03:42:50 | N | 355489488] I:\Arrow S02E01 clubinfinity.mv.avi
[30/09/2013 - 05:05:16 | N | 369380696] I:\Revenge S03E01 clubinfinity.mv.avi
[07/10/2013 - 05:36:42 | N | 372736660] I:\Revenge S03E02 clubinfinity.mv.avi
 
################## | Vaccin |
 
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 

THANKS AGAIN -



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:21 AM

Posted 15 October 2013 - 06:20 PM

All of these files & folders can be hidden anyway.

 

 
 Exactly. You need to enable [Show hidden files and protected operating system files (Recommended)] settings in Control Panel/Folder Options for these files to become visible.
 
 The System Volume Information folder is created on every partition on your computer, including external  drives. It is the storage location for System Restore.
 
 Recycle.Bin and $Recycle.Bin
These folders are connected with the Windows Recycle Bin. When you delete a file in Windows Explorer or My Computer etc, the file is stored in the Recycle Bin and not completely deleted from the system.

 Unchecking: Hide protected operating system files (recommended) also gives you the answer.
 
 To my understanding, the preceding $ sign indicates Microsoft has it hidden by default.

 

 

Let’s press on and focus on both your computer and the pendrives...
 
:step1:   With the USB drive connected, please run Malwarebytes Anti-Malware:
Download: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Save to the Desktop
Double-click the downloaded MBAM file to run it.
 
When the installation begins, follow the prompts in the setup process.
Please do not make any changes to default settings, and when the program has finished installing, make sure only the following options are checked:
>Update Malwarebytes’ Anti-Malware
>Launch Malwarebytes’ Anti-Malware
Uncheck:
>Enable free trial of Malwarebytes Anti-Malware PRO
Click on the Finish button.
 
If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Full Scan
 
When the Select the Drives to scan prompt appears, make sure all drives (except: CD-Rom/DVD) are selected.
Next, click on the Scan button.
 
When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected
 
When removal is completed, a report opens in Notepad.
>> Please copy/paste the entire contents of the MBAM report in your reply.
 
Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

 

:step2:  Please run the following when you have the time, though, it may take a while...
The ESET Online Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

 

Next, download: http://www.eset.com/us/online-scanner/

On the ESET website, click on: Run ESET Online Scanner
Click: Start

 

When asked, allow the add-on to be installed
Click: Start, again

On the next prompt, Computer Scan Settings, check: Remove found threats

 

Next, click on: Advanced Settings

Make sure the following options are checked:
>Scan for potentially unwanted applications
>Scan for potentially unsafe applications
>Enable Anti-Stealth Technology

 

By Current Scan Targets, Operating memory, Local drives, press: Change

In selection of scan targets, Local drives, select the USB drive in question.
Clixk: OK

Click: Start

Follow the prompts.

 

When the scan completes, if threats are found, in the Scan Results prompt:
Click on: List of threats found
Click on: Export to text file
Save to the Desktop and name it:  ESET Scan Results
Click on: Back

Place a check on: Uninstall application on close
Click on: Finish, and close the program.

 

If anything is found, please provide the ESET report in your reply to determine what further action is necessary.


Old duck...


#7 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:21 AM

Posted 17 October 2013 - 07:15 PM

How is it going here?

 

If no time for ESET, press on with MBAM, and do ESET sometime later..


Old duck...


#8 Wisaam

Wisaam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maldives
  • Local time:07:21 PM

Posted 18 October 2013 - 03:55 AM

Will do ESET later, I hav 2 reports as I forgot to scan my external hard in 1st attempt. In 2nd report it's only that external hards report. Doing gr8 so far with u guys..

 

- MBAM report 1-

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.16.07
 
Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16466
Ahmed :: WISAAM_PC [administrator]
 
16/10/2013 20:45:22
mbam-log-2013-10-16 (20-45-22).txt
 
Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342425
Time elapsed: 1 hour(s), 2 minute(s), 43 second(s)
 
Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 4640 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 4
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.
C:\Users\Ahmed\Downloads\Programs\iLividSetup-r744-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\Downloads\Programs\SoftonicDownloader_for_usbdrivefresher.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Ahmed\Downloads\Programs\YTDSetup.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
 
(end)
 
- MBAM report 2-
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.16.07
 
Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16466
Ahmed :: WISAAM_PC [administrator]
 
18/10/2013 10:15:02
mbam-log-2013-10-18 (10-15-02).txt
 
Scan type: Full scan (I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216704
Time elapsed: 6 minute(s), 49 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
I:\Backup\Extras\jOb\Autocad_2009_32_ Bit\Crack\xf-acad9-32-BITS.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
 
(end)
 
THANKS AGAIN


#9 Wisaam

Wisaam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maldives
  • Local time:07:21 PM

Posted 18 October 2013 - 04:25 AM

ESET done too... No threats were found



#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:21 AM

Posted 18 October 2013 - 08:51 PM

Please download CKScanner:

http://downloads.malwareremoval.com/CKScanner.exe
Important: - Save it to the Desktop.

Right-click CKScanner.exe > select 'Run as administrator

Click: Search For Files
When the cursor hourglass disappears, click: Save List To File
A message box verifies the file saved.

 

>>   Please provide the contents of the CKFiles.txt in your reply.
 


Old duck...


#11 Wisaam

Wisaam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maldives
  • Local time:07:21 PM

Posted 19 October 2013 - 12:46 AM

As of my previous reply, Are there any Virus, Worm or Malware risks now?



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:21 AM

Posted 19 October 2013 - 10:53 PM

We'll know after you provide the info requested in Post #10


Old duck...


#13 Wisaam

Wisaam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maldives
  • Local time:07:21 PM

Posted 20 October 2013 - 07:41 AM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\windows\prefetch\kmservice.exe-64a12b74.pf
scanner sequence 3.CG.11.HTNABZ
 ----- EOF ----- 
 I hope we can come to a conclusion


#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:21 AM

Posted 20 October 2013 - 09:40 PM

I:\Backup\Extras\jOb\Autocad_2009_32_ Bit\Crack\xf-acad9-32-BITS.exe --->> Pirated activator for AutoCAD 2009.

c:\windows\prefetch\kmservice.exe-64a12b74.pf --->> Pirated activator for Microsoft Office.

As long as you keep engaging in such, your computer will always be in jeopardy.

My help is not for any User suspected of having obtained software illegally.

Support for your issues is withdrawn. I can no longer assist you with this particular system.

Old duck...


#15 Wisaam

Wisaam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maldives
  • Local time:07:21 PM

Posted 21 October 2013 - 09:35 AM

I will in future make sure my system's software are 100% legal. AutoCAD, I haven't used in my PC, just had that cracked version in my hard. I'm definitely going to buy MO original version near future.

Yet, you have helped recover my system immensely. I thank you for all the time and help you gave me. Thanks Alot.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users