############################## | UsbFix V 7.145 | [Deletion] User: Administrator (Administrator) # COMPUTER Updated 17/10/2013 by El Desaparecido - Team SosVirus Started at 12:48:22 | 18/10/2013 Website: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: Dell Inc. (038C0K) CPU: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz RAM -> [Total : 3977 | Free : 1165] Bios: Dell Inc. Boot: Normal boot OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16721 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Norton Internet Security [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 282 Gb (215 Mb free - 76%) [OS] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Fixed drive # 931 Gb (526 Mb free - 56%) [My Passport] # NTFS G:\ -> Removable drive # 2 Gb (2 Mb free - 100%) [] # FAT32 ################## | Regedit Run | HKLM\SOFTWARE | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" HKLM\SOFTWARE | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" HKLM\SOFTWARE | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" HKLM\SOFTWARE | Run : [RoxWatchTray] - "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE | Run : [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKLM\SOFTWARE | Run : [Athan] - C:\Program Files (x86)\Athan\Athan.exe HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE\wow6432Node | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" HKLM\SOFTWARE\wow6432Node | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE\wow6432Node | Run : [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKLM\SOFTWARE\wow6432Node | Run : [Athan] - C:\Program Files (x86)\Athan\Athan.exe HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKLM\SOFTWARE | Policies\Explorer\run : [] - 1 HKU\S-1-5-21-4051628422-3525690287-1979791056-1000\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [Connectify] - C:\Program Files (x86)\Connectify\Connectify.exe HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [Lync] - "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [dtlswbgexu] - wscript.exe //B "C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs" HKU\S-1-5-19\SOFTWARE | RunOnce : [] - HKU\S-1-5-20\SOFTWARE | RunOnce : [] - HKU\S-1-5-21-4051628422-3525690287-1979791056-1000\SOFTWARE | RunOnce : [] - HKU\S-1-5-18\SOFTWARE | RunOnce : [] - ################## | Stopped processes | Stopped! C:\Windows\system32\nvvsvc.exe (ID 836 |ParentID 652) Stopped! C:\Program Files\IDT\WDM\STacSV64.exe (ID 344 |ParentID 652) Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1420 |ParentID 836) Stopped! C:\Windows\system32\nvvsvc.exe (ID 1428 |ParentID 836) Stopped! C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (ID 1476 |ParentID 652) Stopped! C:\Windows\system32\WLANExt.exe (ID 1484 |ParentID 996) Stopped! C:\Windows\system32\conhost.exe (ID 1492 |ParentID 440) Stopped! C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (ID 1532 |ParentID 1476) Stopped! C:\Windows\System32\spoolsv.exe (ID 1664 |ParentID 652) Stopped! C:\Program Files\Common Files\SPBA\upeksvr.exe (ID 1748 |ParentID 952) Stopped! C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (ID 1816 |ParentID 652) Stopped! C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (ID 1840 |ParentID 652) Stopped! C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (ID 1948 |ParentID 652) Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 2016 |ParentID 652) Stopped! C:\Program Files\IDT\WDM\AESTSr64.exe (ID 436 |ParentID 652) Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 2044 |ParentID 652) Stopped! C:\Windows\system32\taskhost.exe (ID 2204 |ParentID 652) Stopped! C:\Windows\system32\taskeng.exe (ID 2232 |ParentID 1020) Stopped! C:\Windows\Explorer.EXE (ID 2336 |ParentID 2280) Stopped! C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (ID 2440 |ParentID 2232) Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (ID 2504 |ParentID 652) Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID 2552 |ParentID 652) Stopped! C:\Program Files\DellTPad\Apoint.exe (ID 2772 |ParentID 2336) Stopped! C:\Program Files\IDT\WDM\sttray64.exe (ID 2780 |ParentID 2336) Stopped! C:\Windows\System32\hkcmd.exe (ID 2848 |ParentID 2336) Stopped! C:\Windows\System32\igfxpers.exe (ID 2872 |ParentID 2336) Stopped! C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (ID 2924 |ParentID 2336) Stopped! C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (ID 2956 |ParentID 2336) Stopped! C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (ID 2980 |ParentID 2336) Stopped! C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (ID 2996 |ParentID 2336) Stopped! C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (ID 2184 |ParentID 2336) Stopped! C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (ID 956 |ParentID 2336) Stopped! C:\Windows\System32\wscript.exe (ID 3104 |ParentID 2336) Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID 3216 |ParentID 2336) Stopped! C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (ID 3332 |ParentID 652) Stopped! C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (ID 3360 |ParentID 3180) Stopped! C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ID 3488 |ParentID 3180) Stopped! C:\Program Files (x86)\Athan\Athan.exe (ID 3648 |ParentID 3180) Stopped! C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 3844 |ParentID 3180) Stopped! C:\Windows\system32\IProsetMonitor.exe (ID 4044 |ParentID 652) Stopped! C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (ID 704 |ParentID 652) Stopped! C:\Program Files\ma-config.com\MaConfigAgent.exe (ID 3284 |ParentID 652) Stopped! C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID 468 |ParentID 652) Stopped! C:\Program Files (x86)\Norton Zone\Engine\1.0.12.6\ccSvcHst.exe (ID 3448 |ParentID 652) Stopped! C:\Windows\system32\DRIVERS\o2flash.exe (ID 1064 |ParentID 652) Stopped! c:\Windows\SysWOW64\srvany.exe (ID 4060 |ParentID 652) Stopped! c:\Windows\sysWOW64\SDIOAssist.exe (ID 2088 |ParentID 4060) Stopped! C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (ID 1932 |ParentID 652) Stopped! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 2180 |ParentID 652) Stopped! C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (ID 4184 |ParentID 652) Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 4256 |ParentID 652) Stopped! c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe (ID 4336 |ParentID 652) Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 4352 |ParentID 4256) Stopped! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID 4396 |ParentID 3028) Stopped! C:\Program Files (x86)\Norton Zone\Engine\1.0.12.6\ccSvcHst.exe (ID 4912 |ParentID 3448) Stopped! C:\Program Files\iPod\bin\iPodService.exe (ID 5008 |ParentID 652) Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (ID 5096 |ParentID 3344) Stopped! C:\Windows\system32\SearchIndexer.exe (ID 4532 |ParentID 652) Stopped! C:\Program Files\DellTPad\ApMsgFwd.exe (ID 5736 |ParentID 2772) Stopped! C:\Windows\System32\WUDFHost.exe (ID 5804 |ParentID 996) Stopped! C:\Program Files\DellTPad\Apntex.exe (ID 6124 |ParentID 6112) Stopped! C:\Windows\system32\conhost.exe (ID 2548 |ParentID 548) Stopped! C:\Windows\SysWOW64\RunDll32.exe (ID 5164 |ParentID 3216) Stopped! C:\Program Files\DellTPad\HidFind.exe (ID 3536 |ParentID 2772) Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID 5240 |ParentID 768) Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ID 784 |ParentID 5240) Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 3672 |ParentID 652) Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 4144 |ParentID 652) Stopped! C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID 6512 |ParentID 468) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7164 |ParentID 2336) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2116 |ParentID 7164) Stopped! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID 5324 |ParentID 652) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4816 |ParentID 7164) Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID 7244 |ParentID 652) Stopped! C:\Program Files (x86)\Connectify\ConnectifyService.exe (ID 4428 |ParentID 652) Stopped! C:\Program Files (x86)\Connectify\Connectifyd.exe (ID 8028 |ParentID 4428) Stopped! C:\Windows\system32\conhost.exe (ID 4580 |ParentID 440) Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3952 |ParentID 652) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1696 |ParentID 7164) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7992 |ParentID 7164) Stopped! C:\Program Files (x86)\iTunes\iTunes.exe (ID 7352 |ParentID 3844) Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (ID 2640 |ParentID 7352) Stopped! C:\Windows\system32\conhost.exe (ID 8908 |ParentID 548) Stopped! C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (ID 3628 |ParentID 2640) Stopped! C:\Windows\system32\conhost.exe (ID 5792 |ParentID 548) Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe (ID 4484 |ParentID 7352) Stopped! C:\Windows\system32\conhost.exe (ID 4672 |ParentID 548) Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (ID 8632 |ParentID 2640) Stopped! C:\Windows\system32\conhost.exe (ID 7252 |ParentID 548) Stopped! C:\Program Files (x86)\Connectify\Connectify.exe (ID 7452 |ParentID 2336) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6476 |ParentID 7164) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 9596 |ParentID 7164) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 10692 |ParentID 7164) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 10516 |ParentID 7164) Stopped! C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (ID 11272 |ParentID 3736) Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8488 |ParentID 7164) Stopped! C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (ID 10352 |ParentID 8028) Stopped! C:\Windows\system32\conhost.exe (ID 10188 |ParentID 440) Stopped! C:\Windows\System32\WUDFHost.exe (ID 11204 |ParentID 996) Stopped! C:\Windows\system32\taskeng.exe (ID 10332 |ParentID 1020) ################## | Files # Infected Folders | Deleted ! G:\dtlswbgexu..vbs Deleted ! C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs Deleted ! C:\Users\Administrator.COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlswbgexu..vbs Deleted ! G:\Ru-423z_DMLR_066_131016.lnk Deleted ! G:\Ru-423z_GMLR_067_131017.lnk Not deleted ! E:\autorun.inf (!) Temporary files deleted. ################## | Registry | Deleted ! HKU\S-1-5-21-4051628422-3525690287-1979791056-500\Software\Microsoft\Windows\CurrentVersion\Run|dtlswbgexu Deleted ! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Deleted ! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr ################## | Listing | [05/10/2013 - 18:41:06 | D ] C:\$RECYCLE.BIN [29/03/2012 - 00:34:18 | D ] C:\Apps [21/07/2013 - 19:22:39 | N | 1001] C:\DelFix.txt [26/06/2012 - 15:54:48 | D ] C:\dell [29/03/2012 - 01:59:53 | N | 39329] C:\dell.sdr [14/07/2009 - 08:08:56 | SHD ] C:\Documents and Settings [29/03/2012 - 01:46:52 | D ] C:\Drivers [16/10/2013 - 20:54:18 | D ] C:\FFOutput [21/07/2013 - 19:26:22 | D ] C:\FRST [17/10/2013 - 12:02:39 | ASH | 3127558144] C:\hiberfil.sys [29/03/2012 - 02:03:37 | D ] C:\Intel [06/07/2013 - 21:19:07 | D ] C:\Logs [13/06/2012 - 20:30:16 | RD ] C:\MSOCache [17/10/2013 - 12:02:48 | ASH | 4170080256] C:\pagefile.sys [14/07/2009 - 06:20:08 | D ] C:\PerfLogs [17/10/2013 - 13:22:46 | N | 512] C:\PhysicalDisk0_MBR.bin [07/10/2013 - 23:11:19 | D ] C:\Program Files [17/10/2013 - 20:48:10 | D ] C:\Program Files (x86) [17/10/2013 - 19:39:04 | D ] C:\ProgramData [17/10/2013 - 20:47:55 | SHD ] C:\System Volume Information [13/06/2012 - 19:57:40 | N | 31] C:\tmuninst.ini [18/10/2013 - 12:52:44 | D ] C:\UsbFix [18/10/2013 - 12:53:38 | A | 15570] C:\UsbFix [Clean 1] COMPUTER.txt [17/10/2013 - 23:38:50 | N | 15855] C:\UsbFix [Scan 1] COMPUTER.txt [15/06/2013 - 08:32:34 | RD ] C:\Users [17/10/2013 - 19:38:49 | D ] C:\Windows [01/11/2011 - 23:39:30 | A | 79] E:\autorun.inf [29/08/2012 - 02:57:49 | AD ] E:\Extras [29/08/2012 - 01:36:07 | AD ] E:\Locale [14/08/2012 - 18:35:28 | A | 2009024] E:\WD Drive Unlock.exe [25/09/2013 - 13:36:59 | SHD ] F:\$RECYCLE.BIN [26/09/2013 - 19:58:44 | N | 78978] F:\115-117#2931 (24-9) (8+2pax).jpg [02/10/2013 - 23:35:06 | D ] F:\Ahmed [05/09/2013 - 16:27:33 | N | 385594] F:\ChkFlsh.zip [24/05/2013 - 21:50:30 | D ] F:\film [08/09/2013 - 16:50:10 | D ] F:\found.000 [04/09/2013 - 20:26:04 | N | 205399] F:\ll.jpeg [10/05/2013 - 14:07:46 | SHD ] F:\RECYCLER [17/10/2013 - 23:17:25 | SHD ] F:\System Volume Information [17/10/2013 - 12:40:36 | N | 20294] G:\Ru-423z_DMLR_066_131016.pdf [18/10/2013 - 12:51:40 | N | 1445227] G:\Ru-423z_GMLR_067_131017.zip [18/10/2013 - 02:51:16 | D ] G:\Ru-423z_GMLR_067_131017 ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |