############################## | UsbFix V 7.126 | [Deletion]

User: Asia (Administrator) # ASIA-KOMPUTER
Updated 13/05/2013 by El Desaparecido
Started at 21:31:29 | 14/05/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: TOSHIBA (Satellite A300) (x64-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU     T5800  @ 2.00GHz (2000)
RAM -> [Total : 4094 | Free : 2364]
BIOS: InsydeH2O Version 2.20
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16540

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 298 Gb (154 Mb free - 52%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Removable drive # 7 Gb (3 Mb free - 37%) [] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [ITSecMng] - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
HKLM\SOFTWARE | Run : [] - 
HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Camera Assistant Software] - "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
HKLM\SOFTWARE\wow6432Node | Run : [ITSecMng] - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
HKLM\SOFTWARE\wow6432Node | Run : [] - 
HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Camera Assistant Software] - "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-845661584-2312701738-3435311148-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Stopped processes |

Stopped! C:\Windows\system32\atiesrxx.exe (1052)
Stopped! C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (1300)
Stopped! C:\Windows\system32\atieclxx.exe (1580)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1648)
Stopped! C:\Windows\Explorer.EXE (1776)
Stopped! C:\Windows\System32\spoolsv.exe (1956)
Stopped! C:\Windows\system32\taskhost.exe (1972)
Stopped! C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (1368)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1452)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (2056)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (2100)
Stopped! C:\Program Files\LSI SoftModem\agr64svc.exe (2164)
Stopped! C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (2364)
Stopped! C:\ProgramData\DatacardService\HWDeviceService64.exe (2396)
Stopped! C:\ProgramData\DatacardService\DCSHelper.exe (2448)
Stopped! C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (2532)
Stopped! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2572)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3148)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3212)
Stopped! C:\Windows\system32\SearchIndexer.exe (3264)
Stopped! C:\Program Files (x86)\Ask.com\Updater\Updater.exe (3292)
Stopped! C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (3356)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3396)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3420)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (3496)
Stopped! C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (3628)
Stopped! C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (3916)
Stopped! C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (2812)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (2068)
Stopped! C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (3816)
Stopped! C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (4076)
Stopped! C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (2648)
Stopped! C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (4336)
Stopped! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4732)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3308)
Stopped! C:\Windows\system32\taskeng.exe (4772)
Stopped! C:\Windows\system32\taskhost.exe (4592)
Stopped! C:\Windows\System32\WUDFHost.exe (3316)
Stopped! c:\program files\windows defender\MpCmdRun.exe (4328)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (936)
Stopped! C:\Windows\system32\SearchFilterHost.exe (1884)

################## | Files # Infected Folders |

Not deleted ! E:\CriticalRebuild.exe
Not deleted ! E:\autorun.exe 
Not deleted ! E:\autorun.exe
Not deleted ! E:\autorun.inf
Not deleted ! F:\AUTORUN.INF
Not deleted ! F:\autorun.exe
Not deleted ! F:\data.cab
Deleted ! H:\Recycler\desktop.ini

(!) Temporary files deleted.

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\E
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{6760a950-e0d1-11e1-9716-806e6f6e6963}

################## | Listing |

[26/07/2012 - 20:41:07 | SHD ] 	C:\$Recycle.Bin
[07/08/2012 - 20:06:19 | N | 3818] 	C:\AdwCleaner[R1].txt
[07/08/2012 - 20:06:34 | N | 3883] 	C:\AdwCleaner[S1].txt
[09/05/2013 - 23:04:56 | D ] 	C:\Config.Msi
[14/07/2009 - 07:08:56 | SHD ] 	C:\Documents and Settings
[14/05/2013 - 21:04:31 | ASH | 3219644416] 	C:\hiberfil.sys
[26/07/2012 - 21:27:11 | D ] 	C:\Intel
[01/12/2006 - 23:37:14 | N | 904704] 	C:\msdia80.dll
[26/07/2012 - 21:48:37 | RHD ] 	C:\MSOCache
[03/08/2012 - 20:07:18 | D ] 	C:\NeverwinterNights
[14/05/2013 - 21:04:36 | ASH | 4292861952] 	C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] 	C:\PerfLogs
[30/04/2013 - 22:22:18 | D ] 	C:\Program Files
[30/04/2013 - 22:22:01 | D ] 	C:\Program Files (x86)
[07/04/2013 - 21:44:36 | HD ] 	C:\ProgramData
[26/07/2012 - 20:40:09 | SHD ] 	C:\Recovery
[13/05/2013 - 09:28:55 | SHD ] 	C:\System Volume Information
[14/05/2013 - 10:43:52 | D ] 	C:\Udostepniony
[14/05/2013 - 21:32:15 | D ] 	C:\UsbFix
[14/05/2013 - 21:32:31 | A | 8135] 	C:\UsbFix [Clean 1] ASIA-KOMPUTER.txt
[14/05/2013 - 21:30:39 | N | 5873] 	C:\UsbFix [Listing 1 ] ASIA-KOMPUTER.txt
[14/05/2013 - 21:29:46 | N | 7775] 	C:\UsbFix [Scan 1] ASIA-KOMPUTER.txt
[07/08/2012 - 19:55:55 | N | 304] 	C:\user.js
[26/07/2012 - 20:40:23 | D ] 	C:\Users
[01/05/2013 - 00:01:28 | D ] 	C:\Windows
[12/11/2003 - 21:32:18 | R | 8839120] 	E:\AcroReader51_ENU.exe
[12/11/2003 - 21:32:18 | R | 5314434] 	E:\ArcadeInstallNWNXP213f.EXE
[12/11/2003 - 21:32:18 | R | 393728] 	E:\CriticalRebuild.exe
[30/09/2005 - 20:42:59 | R | 483] 	E:\CriticalRebuild.ini
[10/10/2005 - 00:16:59 | R | 1301795582] 	E:\Data_Shared.zip
[24/02/2005 - 20:27:00 | R | 52590459] 	E:\Data_linux.zip
[30/09/2005 - 00:27:49 | R | 13870] 	E:\EULA.txt
[07/10/2005 - 01:35:50 | R | 180504819] 	E:\KingmakerSetup.exe
[29/03/2005 - 21:27:14 | R | 22] 	E:\Language_data.zip
[29/03/2005 - 21:27:18 | R | 22] 	E:\Language_update.zip
[12/11/2003 - 21:32:18 | R | 44029] 	E:\NWN Platinum Install Guide.rtf
[06/07/2005 - 02:24:02 | R | 85178067] 	E:\NWNEnglish1.66HotUUpdate.exe
[05/09/2001 - 13:23:24 | R | 56320] 	E:\Setup.exe
[07/10/2005 - 00:38:00 | R | 150] 	E:\Setup.ini
[06/10/2005 - 00:36:26 | R | 465408] 	E:\autorun.exe
[07/10/2005 - 19:24:42 | R | 547] 	E:\autorun.inf
[10/10/2005 - 22:35:53 | D ] 	E:\data
[07/10/2005 - 00:37:59 | R | 1101309] 	E:\data1.cab
[07/10/2005 - 00:37:59 | R | 10860] 	E:\data1.hdr
[07/10/2005 - 00:37:59 | R | 512] 	E:\data2.cab
[10/10/2005 - 21:13:03 | D ] 	E:\ereg
[10/10/2005 - 21:13:02 | D ] 	E:\extras
[26/07/2002 - 01:07:36 | R | 346602] 	E:\ikernel.ex_
[07/10/2005 - 00:38:00 | R | 435] 	E:\layout.bin
[12/11/2003 - 21:32:18 | R | 766] 	E:\nwn.ico
[20/09/2005 - 01:00:52 | R | 55456] 	E:\readme.txt
[28/02/2005 - 21:37:55 | R | 144056] 	E:\setup.bmp
[09/10/2005 - 23:23:14 | R | 207657] 	E:\setup.inx
[08/11/2007 - 15:12:53 | R | 2048] 	F:\00000001.TMP
[08/11/2007 - 15:12:53 | R | 317440] 	F:\00000002.TMP
[31/10/2007 - 12:57:20 | R | 51200] 	F:\1033.mst
[31/10/2007 - 12:57:21 | R | 3584] 	F:\1045.mst
[11/10/2007 - 12:59:54 | R | 675] 	F:\AUTORUN.INF
[31/10/2007 - 12:57:51 | R | 72596980] 	F:\Data.cab
[08/11/2007 - 15:10:29 | D ] 	F:\Image
[17/10/2007 - 09:02:06 | R | 266302] 	F:\SPWNOUP.ICO
[11/10/2007 - 13:42:04 | R | 153040] 	F:\autorun.exe
[08/11/2007 - 15:10:29 | D ] 	F:\data
[17/10/2006 - 14:23:32 | R | 1559323] 	F:\mset2.exe
[31/10/2007 - 12:58:53 | R | 4924224] 	F:\setup.exe
[31/10/2007 - 12:58:44 | R | 4135936] 	F:\setup.msi
[14/05/2013 - 11:53:50 | SHD ] 	H:\RECYCLER
[15/09/2011 - 10:16:48 | D ] 	H:\angielski
[14/03/2013 - 10:33:46 | N | 11007] 	H:\słownictwo jap 2.docx
[02/07/2012 - 00:32:18 | D ] 	H:\polski
[22/01/2013 - 17:07:58 | D ] 	H:\Słabe pierwsze kroczki Tomusia
[15/09/2011 - 10:25:54 | D ] 	H:\japonski
[21/04/2013 - 21:36:56 | N | 42114] 	H:\PROFI kwiecien.pdf
[07/05/2013 - 10:04:40 | D ] 	H:\kwiecien 2013
[19/03/2013 - 09:20:14 | N | 50980] 	H:\jumping_frog.gif
[07/04/2013 - 23:09:22 | N | 19855] 	H:\15-2013 Molski Tomasz - umowa.docx
[18/04/2013 - 09:22:32 | N | 15680] 	H:\Childhood.docx
[16/03/2013 - 16:17:52 | N | 78336] 	H:\Case of a missing hare.doc
[13/05/2013 - 21:44:18 | N | 15720] 	H:\songs'lyrics.docx
[27/11/2006 - 00:04:02 | N | 2088634] 	H:\PictureStoriesPlease.pdf
[21/07/2012 - 00:56:54 | D ] 	H:\Kanji_in_Context
[15/06/2012 - 23:09:54 | D ] 	H:\vlc-1.1.7
[23/11/2012 - 21:17:28 | N | 34816] 	H:\~WRL0001.tmp
[29/10/2012 - 17:40:22 | N | 4096] 	H:\._.Trashes
[29/10/2012 - 17:40:22 | SHD ] 	H:\.Trashes
[29/10/2012 - 17:40:22 | D ] 	H:\.fseventsd
[29/10/2012 - 17:40:24 | D ] 	H:\.Spotlight-V100
[29/10/2012 - 23:32:14 | N | 59506] 	H:\IPA_chart_(C)2005.pdf
[06/11/2012 - 23:26:40 | N | 100409] 	H:\Attendance_list.pdf
[12/12/2012 - 23:01:50 | N | 37238] 	H:\kultura a język.docx
[14/12/2012 - 00:09:02 | N | 81] 	H:\Nowy Dokument tekstowy.txt

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.org |