Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

USB HDD files turn into shortcuts, original files hidden

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

USB HDD files turn into shortcuts, original files hidden

Unread postby handakof » October 31st, 2014, 11:12 am

Hi there,

well, after a trip to a local copy store, my 1TB HDD got infected with this extremely annoying maleware, it hides everything in the ".trashes" folder and then puts shortcuts instead wich points to "system32" folder when i hover the mouse at them but they still open my original folders.
the original folders are hidden in the .trashes folder on myUSB HDD, unhiding them and moving them to root folder works but only to happen again after a little while!
i noticed that it also disabled my Avira antivirus real time protection and it can't be enabled again, it blocked malewarebytes anti-malware installation with this stupid message, too !
Image
it doesn't kill the process of installation immediately,though.. the installation window is present but it's hidden behind this stupid pop-up window, if i move it i can complete the installation by clicking quick enough!
Mbam couldn't find a threat after a full system scan,though...and when i try o scan my hard drive alone it mostly hangs and can't be completed, but i mostly think it's because my HDD was having some "head stuck on a platter" issues the other day. it infected my mobile when i connected it,too..so i think it's present at my system by now, not only the flash drive, but still mbam couldn't find anything.
it also blocks the opening of both mbam (after installation) and dds, and i couldn't run them until i changed their names to something else.
please guys, i need some help with this..thanks a million.

Code: Select all
voDDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207
Run by MOI at 6:16:41 on 2014-10-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.8159.5570 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
E:\GAMES\Sources\PS3 controller\SCP-DS-Driver-Package-1.2.0.160\ScpServer\bin\ScpService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
E:\Programs\CPU-Z\Core Temp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\MOI\AppData\Roaming\wusofuvir\dllmonitor32.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Users\MOI\AppData\Roaming\wusofuvir\tcpmgr.exe
C:\Users\MOI\AppData\Roaming\wusofuvir\amdupdater64.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
uRun: [OscarEditor] "C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe" Minimum
uRun: [OscarKeyboard] "C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe" Minimum
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
dRun: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
StartupFolder: C:\Users\MOI\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Users\MOI\AppData\Roaming\wusofuvir\tcpmgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Users\MOI\AppData\Roaming\wusofuvir\tcpmgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: mtxk_hidefastuserswitching = dword:1
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
TCP: Interfaces\{24492637-1787-4670-B1DC-F75E4DB6DB82} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{961F65A3-8AA1-4202-8669-69DA03F45BC1} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EC1FBBDC-2BFE-4529-B414-69C0E3C8C95D} : DHCPNameServer = 10.211.254.254 8.8.8.8
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MOI\AppData\Roaming\Mozilla\Firefox\Profiles\sgambccf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com 
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2014-8-7 14464]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-8-31 28600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-8-31 431920]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2014-8-7 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-8-31 119272]
R2 Ds3Service;SCP DS3 Service;E:\GAMES\Sources\PS3 controller\SCP-DS-Driver-Package-1.2.0.160\ScpServer\bin\ScpService.exe [2014-9-12 381952]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-8-28 180136]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2014-8-30 133800]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-7 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-7 18956064]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-8-7 2656280]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2014-9-5 36328]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\System32\drivers\ASUSstpt.sys [2014-8-7 24648]
R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\System32\drivers\ASUSumsc.sys [2014-8-7 141896]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-7 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-7 40392]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2014-9-12 39168]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2014-9-5 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2014-9-5 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2014-9-5 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2014-9-5 145384]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2014-9-25 31232]
RUnknown mbamchameleon;mbamchameleon; [x]
S2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-8-31 431920]
S2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-9-23 160560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-9-5 82112]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-10 111616]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-9-8 121416]
S3 MUTENX_SERVICE;MUTENX_SERVICE;C:\Windows\System32\drivers\mutenx.sys [2014-9-26 67728]
S3 MUTESV_SERVICE;MUTESV_SERVICE;C:\Program Files\ASTER-V7\mutesv.exe [2010-9-1 8704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-8 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-9-27 31800]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-9-5 202560]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-8 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2014-9-25 758224]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-8 1255736]
.
=============== Created Last 30 ================
.
2014-10-31 03:46:13 -------- d-----w- C:\Users\MOI\AppData\Roaming\Malwarebytes
2014-10-31 03:45:35 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-31 03:45:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-30 14:02:40 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-10-26 22:43:16 -------- d--h--w- C:\Users\MOI\AppData\Roaming\wusofuvir
2014-10-24 17:18:03 -------- d-----w- C:\Program Files (x86)\abgx360
2014-10-19 07:54:03 -------- d-----w- C:\Users\MOI\AppData\Local\Daring_Development_Inc
2014-10-19 07:53:57 -------- d-----w- C:\Program Files (x86)\Horizon
2014-10-12 16:49:48 -------- d-----w- C:\ProgramData\Oberon Media
2014-10-10 16:23:48 -------- d-----w- C:\Users\MOI\AppData\Local\Game Launcher
2014-10-09 21:50:06 -------- d-----w- C:\Program Files\LinkShellExtension
2014-10-09 17:18:57 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2014-10-09 17:11:39 -------- d-----w- C:\Users\MOI\AppData\Local\CAPCOM
2014-10-09 16:59:01 462864 ----a-w- C:\Windows\SysWow64\d3dx10_37.dll
2014-10-09 16:59:01 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll
2014-10-09 16:59:01 1420824 ----a-w- C:\Windows\SysWow64\D3DCompiler_37.dll
2014-10-09 16:58:39 -------- d-----w- C:\Windows\SysWow64\xlive
2014-10-09 16:58:39 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-10-08 05:36:17 -------- d-----w- C:\Users\MOI\Movies
.
==================== Find3M ====================
.
2014-10-23 08:36:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-23 08:36:24 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-14 11:57:07 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-10-14 11:57:03 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-10-07 14:32:34 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-10-07 14:32:34 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-10-05 12:58:07 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-09-18 03:15:41 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-08-15 08:30:05 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2014-08-10 12:50:14 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-08-10 12:50:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-08-10 12:50:14 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-08-10 12:50:13 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-08-10 12:50:13 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-08-10 12:50:13 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-08-10 12:48:06 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-08-10 12:48:06 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-08-08 12:59:02 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-08-08 12:59:01 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-08-08 10:58:04 97504 ----a-w- C:\ProgramData\1407495366.bdinstall.bin
2014-08-08 10:56:11 37634 ----a-w- C:\ProgramData\1407495365.bdinstall.bin
2014-08-08 04:31:41 40445 ----a-w- C:\Users\MOI\uninstall.exe
2014-08-08 03:49:18 300981 ----a-w- C:\ProgramData\1407469293.bdinstall.bin
2014-08-08 03:37:16 48455 ----a-w- C:\ProgramData\1407469028.bdinstall.bin
2014-08-08 03:12:13 47340 ----a-w- C:\ProgramData\1407467490.bdinstall.bin
2014-08-07 19:43:53 16896 ----a-w- C:\Windows\AsTaskSched.dll
2014-08-07 18:42:39 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-08-05 07:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 6:17:00.54 ===============


PS: couldn't provide the logs because it exceeds the 100000 character limit, and i couldn't use pastebin for the same reason..i will try to post it seprately
PPS: here's a link to just "view" the "attach" log, since i can't really post it anywhere for being too long
http://www.heypasteit.com/clip/1M10

EDIT: forgot to mention that none of these manfistations appear insafe mode, i can actually download, install, and scan with any antivirus i have (except bitdefender, couldn't install that) during safe mode, the problem still persist though as none of them can find anything.
handakof
Active Member
 
Posts: 5
Joined: October 31st, 2014, 12:05 am
Advertisement
Register to Remove

Re: USB HDD files turn into shortcuts, original files hidden

Unread postby handakof » November 1st, 2014, 12:32 pm

just to be clear, i found a solution on my own, downloaded and ran a program called "USBfix" which is affiliated with "SOSvirus.net" forums, it's a removal tool designed for this particular virus..when i tried to run it, the virus closed it first and even removed it completely! then i had to redownload it, went offline, but when it was about to work, windows just shutdown!!
my solution for this last virus defense mechanism was running a prevent shuttdown shortcut "shutdown.exe /a" just before the virus tried to shutdown, and it worked!!
oh, and
@cypher
it was kind of a dick move from you, closing my first thread, i clearly stated why i had to post the log in a separate post (being too long for a single post and all" but you clearly didn't read that!!
handakof
Active Member
 
Posts: 5
Joined: October 31st, 2014, 12:05 am

Re: USB HDD files turn into shortcuts, original files hidden

Unread postby handakof » November 1st, 2014, 12:43 pm

nope! didn't work, restarted to find the same issue! i am at loss here :/
handakof
Active Member
 
Posts: 5
Joined: October 31st, 2014, 12:05 am

Re: USB HDD files turn into shortcuts, original files hidden

Unread postby Gary R » November 1st, 2014, 1:15 pm

Bumping or Replying to Your Own Topic

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why you should not reply to or try to bump your topic.
Please submit a new log and wait for a helper to reply. Thank you for your understanding.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware