File Missing After Virus Scanned Removable Media Disk

Dear Experts,

Please help to solve my issue…

  1. purchased Avast Internet Security 2015 software (AIS).
  2. inserted removable flash drive (USB) to clear any viruses files.
  3. scan the USB disk with AIS software.
  4. threat found…clicked on “fix automatically”.
  5. threat has been cleaned.
  6. re-opened the USB drive in My Computer…NO files and folders can bee seen!!!..all went missing!!!
  7. re-scan the USB disk with AIS…noticed the files and folder can been seen on the AIS scanning files…but did not appeared on the My Computer…

**Please help to solve my issues…

Regards,
Syed

Hello,
try to set showing hidden files/folders in settings.

Milos

Hi Milo,

i’ve done that by tick on the hidden item check box. But still the files is nowhere to be found

Regards,
Syed

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Monitoring.

Dear Asyn,

please review the files attached as requested.

Regards,
Syed

Valinorum will look at the logs…

In the mean time!

You had 1250+ objects found, and deleted by MBAM alone, aswMBR picked up 12 more (Record for me) and FRST indicates some issues.

PLUS

You have 2 active Anti-Viruses (Norton and Avast.) Choose one to keep, remove the other.

Hi, :slight_smile:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

[*]Please do not create any new threads on this while we are working on your system as it wastes another volunteer’s time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
[*]Please do not install any new software while we are working on this system as it may hinder our process.
[*]Malware removal is a complicated process so don’t stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
[*]Please do not try to fix anything without being ask.
[*]Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
[*]Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
[*]If you are confused about any instruction, stop and ask. Do not keep on going.
[*]Do not repeat the steps if you face any problems.
[*]I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
[*]Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
[*]The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.


[*]Step #1 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.

[b][color=navy][]EliteUnzip
[
]Feature Update Service
[]iWebar
[
]Mobogenie3
[]Object Browser
[
]PC Data App
[]Rich Media View
[
]Shopping Helper Smartbar
[]Shopping Helper Smartbar Engine
[
]Trust Media Viewer


[*]Step #2 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
[*]Open Notepad.exe. Do not use any other text editor software;
[*]Copy and Paste the contents inside the code-box to your Notepad

Start
Closeprocesses:
Emptytemp:
Task: {04FDAC1B-F01C-4FC2-9F29-7308A12424D1} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Task: {BFE3F598-8684-471E-8D62-E6AE9D93E307} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {D12923C0-F2DA-4D7D-B7AA-760444D2673C} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {E068CEF7-D42F-4EF4-A569-35386DBC84EF} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
C:\Program Files (x86)\YTDownloader\
Task: {FED436E1-9660-4BB8-9F49-C4AAB320CC57} - \Windows Update Check - 0x0E7302EC No Task File <==== ATTENTION
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
C:\Program Files (x86)\Mobogenie
HKU\S-1-5-21-620888907-572185987-2131530841-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-620888907-572185987-2131530841-1001\...\Run: [MicrosoftSrCnt] => "C:\Users\SYEDRE~1\AppData\Local\Temp\x2ed.exe" <===== ATTENTION
HKU\S-1-5-21-620888907-572185987-2131530841-1001\...\Run: [MicrosoftSfCnt] => "C:\Users\SYEDRE~1\AppData\Local\Temp\167150890.exe" <===== ATTENTION
HKU\S-1-5-21-620888907-572185987-2131530841-1001\...\Run: [Taandf00] => C:\Users\SYEDRE~1\AppData\Local\Temp\KB00073382.exe <===== ATTENTION
C:\Users\SYEDRE~1\AppData\Local\Temp\x2ed.exe
C:\Users\SYEDRE~1\AppData\Local\Temp\167150890.exe
C:\Users\SYEDRE~1\AppData\Local\Temp\KB00073382.exe
HKU\S-1-5-21-620888907-572185987-2131530841-1001\...\Run: [T688122] => C:\Users\SYEDRE~1\AppData\Local\Temp\404928706.exe <===== ATTENTION
C:\Users\SYEDRE~1\AppData\Local\Temp\404928706.exe
HKU\S-1-5-21-620888907-572185987-2131530841-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: 
HKU\S-1-5-21-620888907-572185987-2131530841-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {3267E69C-F6A0-406C-A6E8-270D20454423} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_17_ie&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEtCtAzy0A0BtCyCyByByCtN0D0Tzu0SzzyEyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0EtCtCtAyCyCtGzztCtA0CtG0F0FyDtAtGzy0E0DtDtGyD0FzyzytA0A0CyE0B0C0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0EtB0CyBtA0FtGzzyCyDyDtGtByBtCyBtGyB0C0AtCtGtD0A0B0Azy0Fzz0D0Bzz0BtA2Q&cr=1266534590&ir=
SearchScopes: HKLM - {3267E69C-F6A0-406C-A6E8-270D20454423} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_17_ie&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEtCtAzy0A0BtCyCyByByCtN0D0Tzu0SzzyEyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0EtCtCtAyCyCtGzztCtA0CtG0F0FyDtAtGzy0E0DtDtGyD0FzyzytA0A0CyE0B0C0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0EtB0CyBtA0FtGzzyCyDyDtGtByBtCyBtGyB0C0AtCtGtD0A0B0Azy0Fzz0D0Bzz0BtA2Q&cr=1266534590&ir=
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk3_14_29&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEtCtAzy0A0BtCyCyByByCtN0D0Tzu0SzyyBtDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtA1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2SyE0FyDtD0DtD0AtDtGzz0AyD0DtGtD0EtD0DtG0AtBtD0DtGtD0AyD0FyDyDyD0E0F0D0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztD0EtA0B0FtC0EtGtCyDtB0EtGyEtCyByCtG0AtDtB0FtGyBtBzzyB0E0Ezy0C0AtC0AtC2Q&cr=2084443396&ir=
S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [97007 2014-04-11] () [File not signed] <==== ATTENTION
C:\Program Files\PCDApp\
HKLM-x32\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs [178 2014-04-11] ()
C:\ProgramData\MakeMarkerFile.exe
C:\Users\SYED REZA\AppData\Local\Temp\dufgmr4c.exe
End

[*]Click on File > Save as…
[list][*]Inside the File Name box type fixlist.txt
[*]From the Save as type drop down list, choose All Files
[*]Save the file to your Desktop;
[*]Re-run FRST.exe and click Fix;
[*]Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.[]After the completion, a log will be produced;
[
]Attach the log in your next reply.[/list]


[*]Required Log(s):
[*]FRST Fix Log

Regards,
Valinorum