Jenxcus infected usb key

Hello, I have a USB key infected with Jenxcus virus, Avast cannot repair my important files. How to fix my important files and clean my laptop and USB keys´

Hopping to get some help…

follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan tool logs … 3 logs total

Then scroll down to SPECIFIC INFECTIONS LOGS … picture 5
follow MCShield instructions … this log you copy and paste here

MCShield log:

MCShield AllScans.txt <<<


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 09:02:50 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 09:40:47 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 15:34:11 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 16:09:38 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 16:09:51 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…

=> The drive is clean.

I also attached Mbam and FRST logs thanks

Could you let me know what problems there are after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\Run: [tmpEDED] => wscript.exe //B "C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe" <===== ATTENTION HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\Run: [125d3f6ae0a53efa91122391603b15de] => .. [0 2015-01-07] () HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: E - E:\LaunchU3.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: F - F:\laucher.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {22c52741-2ebd-11e4-aa44-9ff07268ff8e} - E:\Startme.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {3f318391-0f4f-11e4-bd66-df6986ed03fd} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {43ba7662-cf85-11e3-bd1f-02704e2b0701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {4af1a086-26db-11e4-8b28-844bf559dca5} - F:\LaunchU3.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {4f79a77d-1e05-11e4-ba42-844bf559dca5} - E:\LGAutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {965e2d8c-11e9-11e4-8a8f-a3edd4bfdbd4} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {a187ad0d-d1c6-11e3-b50b-02509a230701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {a187ad48-d1c6-11e3-b50b-02509a230701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {a73d73ec-cee2-11e3-a29b-02704e280701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {a73d7452-cee2-11e3-a29b-02704e280701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {aa4d8658-9faa-11e2-be7e-ecbf90268189} - D:\SETUP.EXE HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {bd25373c-fc9c-11e4-a846-806e6f6e6963} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {c34be88c-db4e-11e2-8a2c-ecb73ccba681} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {cfc03ff5-0f40-11e4-ab5f-ad70573821fd} - F:\laucher.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {e3b115e7-6316-11e2-8653-c28af77e69fe} - E:\unlock.exe autoplay=true ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File Toolbar: HKU\S-1-5-21-1201811183-624649827-1094862506-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR Extension: (WhiteSmoke New) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-07-19] Task: {ADD9F329-4C77-49D3-95C0-E09D88D323A8} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION C:\Users\Acer\AppData\Local\Temp\nsg2974.tmp C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[
]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Acer at 2015-06-16 19:12:33 Run:1
Running from C:\Users\Acer\Desktop\frst2
Loaded Profiles: Acer (Available Profiles: Acer)
Boot Mode: Normal

fixlist content:


CreateRestorePoint:
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\Run: [tmpEDED] => wscript.exe //B “C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe” <===== ATTENTION
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\Run: [125d3f6ae0a53efa91122391603b15de] => … [0 2015-01-07] ()
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: E - E:\LaunchU3.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: F - F:\laucher.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {22c52741-2ebd-11e4-aa44-9ff07268ff8e} - E:\Startme.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {3f318391-0f4f-11e4-bd66-df6986ed03fd} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {43ba7662-cf85-11e3-bd1f-02704e2b0701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {4af1a086-26db-11e4-8b28-844bf559dca5} - F:\LaunchU3.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {4f79a77d-1e05-11e4-ba42-844bf559dca5} - E:\LGAutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {965e2d8c-11e9-11e4-8a8f-a3edd4bfdbd4} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {a187ad0d-d1c6-11e3-b50b-02509a230701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {a187ad48-d1c6-11e3-b50b-02509a230701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {a73d73ec-cee2-11e3-a29b-02704e280701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {a73d7452-cee2-11e3-a29b-02704e280701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {aa4d8658-9faa-11e2-be7e-ecbf90268189} - D:\SETUP.EXE
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {bd25373c-fc9c-11e4-a846-806e6f6e6963} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {c34be88c-db4e-11e2-8a2c-ecb73ccba681} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {cfc03ff5-0f40-11e4-ab5f-ad70573821fd} - F:\laucher.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {e3b115e7-6316-11e2-8653-c28af77e69fe} - E:\unlock.exe autoplay=true
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BHO: McAfee Phishing Filter → {27B4851A-3207-45A2-B947-BE8AFE6163AB} → c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO-x32: McAfee Phishing Filter → {27B4851A-3207-45A2-B947-BE8AFE6163AB} → c:\progra~1\mcafee\msk\mskapbho.dll No File
Toolbar: HKU\S-1-5-21-1201811183-624649827-1094862506-1000 → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Extension: (WhiteSmoke New) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-07-19]
Task: {ADD9F329-4C77-49D3-95C0-E09D88D323A8} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
C:\Users\Acer\AppData\Local\Temp\nsg2974.tmp
C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Restore point was successfully created.
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\Software\Microsoft\Windows\CurrentVersion\Run\tmpEDED => value removed successfully
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\Software\Microsoft\Windows\CurrentVersion\Run\125d3f6ae0a53efa91122391603b15de => value removed successfully
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E” => key removed successfully
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F” => key removed successfully
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{22c52741-2ebd-11e4-aa44-9ff07268ff8e}” => key removed successfully
HKCR\CLSID{22c52741-2ebd-11e4-aa44-9ff07268ff8e} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{3f318391-0f4f-11e4-bd66-df6986ed03fd}” => key removed successfully
HKCR\CLSID{3f318391-0f4f-11e4-bd66-df6986ed03fd} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{43ba7662-cf85-11e3-bd1f-02704e2b0701}” => key removed successfully
HKCR\CLSID{43ba7662-cf85-11e3-bd1f-02704e2b0701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{4af1a086-26db-11e4-8b28-844bf559dca5}” => key removed successfully
HKCR\CLSID{4af1a086-26db-11e4-8b28-844bf559dca5} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{4f79a77d-1e05-11e4-ba42-844bf559dca5}” => key removed successfully
HKCR\CLSID{4f79a77d-1e05-11e4-ba42-844bf559dca5} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{965e2d8c-11e9-11e4-8a8f-a3edd4bfdbd4}” => key removed successfully
HKCR\CLSID{965e2d8c-11e9-11e4-8a8f-a3edd4bfdbd4} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{a187ad0d-d1c6-11e3-b50b-02509a230701}” => key removed successfully
HKCR\CLSID{a187ad0d-d1c6-11e3-b50b-02509a230701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{a187ad48-d1c6-11e3-b50b-02509a230701}” => key removed successfully
HKCR\CLSID{a187ad48-d1c6-11e3-b50b-02509a230701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{a73d73ec-cee2-11e3-a29b-02704e280701}” => key removed successfully
HKCR\CLSID{a73d73ec-cee2-11e3-a29b-02704e280701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{a73d7452-cee2-11e3-a29b-02704e280701}” => key removed successfully
HKCR\CLSID{a73d7452-cee2-11e3-a29b-02704e280701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{aa4d8658-9faa-11e2-be7e-ecbf90268189}” => key removed successfully
HKCR\CLSID{aa4d8658-9faa-11e2-be7e-ecbf90268189} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{bd25373c-fc9c-11e4-a846-806e6f6e6963}” => key removed successfully
HKCR\CLSID{bd25373c-fc9c-11e4-a846-806e6f6e6963} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{c34be88c-db4e-11e2-8a2c-ecb73ccba681}” => key removed successfully
HKCR\CLSID{c34be88c-db4e-11e2-8a2c-ecb73ccba681} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{cfc03ff5-0f40-11e4-ab5f-ad70573821fd}” => key removed successfully
HKCR\CLSID{cfc03ff5-0f40-11e4-ab5f-ad70573821fd} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{e3b115e7-6316-11e2-8653-c28af77e69fe}” => key removed successfully
HKCR\CLSID{e3b115e7-6316-11e2-8653-c28af77e69fe} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay” => key removed successfully
HKCR\CLSID{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}” => key removed successfully
“HKCR\CLSID{27B4851A-3207-45A2-B947-BE8AFE6163AB}” => key removed successfully
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}” => key removed successfully
“HKCR\Wow6432Node\CLSID{27B4851A-3207-45A2-B947-BE8AFE6163AB}” => key removed successfully
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{ADD9F329-4C77-49D3-95C0-E09D88D323A8}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{ADD9F329-4C77-49D3-95C0-E09D88D323A8}” => key removed successfully
C:\Windows\System32\Tasks\DefaultCheck => moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultCheck” => key removed successfully
C:\Users\Acer\AppData\Local\Temp\nsg2974.tmp => moved successfully.
“C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe” => File/Folder not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

L’op‚ration a r‚ussi.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

L’op‚ration a r‚ussi.

========= End of Reg: =========

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {FAC4B15F-77BF-47D4-955F-F12B3F219CC7}.
Unable to cancel {0C429932-92D4-4AAB-942C-EC312C72D70A}.
Unable to cancel {1A142CFE-06E3-4D81-9906-FB048493A3C9}.
Unable to cancel {B2430C9B-F2F3-43A2-B9D9-A6B2B96CC8AC}.
Unable to cancel {40291676-8CD2-4A46-8C45-49CFD145426B}.
Unable to cancel {B7263E93-100C-47EC-9BF4-E1A7AEC897EE}.
Unable to cancel {6933CBE8-1C8F-4CEC-B0DA-3F3201038148}.
Unable to cancel {E7760FE2-13E2-40C1-B9E4-51FF2093F9F3}.
Unable to cancel {D2F8EA5F-8BE2-4C6B-B497-9B55A7D88F9F}.
Unable to cancel {50A7F1F0-DDDA-4A08-BA94-7D7A4FEE776D}.
Unable to cancel {679BF0AC-4AD9-4082-818A-084279471966}.
Unable to cancel {C743721B-44A7-43E4-9B16-3FE721A6F63E}.
Unable to cancel {314D103B-C5D5-4005-9A3E-BD7D8282F68B}.
Unable to cancel {04A08A5B-68B5-4A7C-B824-87797B1F5845}.
Unable to cancel {E9FC448B-FF35-45D6-BF0C-63BCAA478624}.
Unable to cancel {625AF100-ABCC-4EB1-8153-69D32C3B2BD2}.
Unable to cancel {49D5B285-277C-4DD8-B3F1-2CF6FE52B78B}.
Unable to cancel {D06FA3A5-A777-4D28-A2FD-A35493A646B7}.
Unable to cancel {439B6847-939C-46A1-9DC4-34DF894BFE92}.
Unable to cancel {B6B75B8C-B8A5-4676-BFC9-671CB17C1668}.
{CEB6FD5C-2DB6-431E-A10A-571D31F206BB} canceled.
{024D42FC-75A1-48E7-A155-8AB321B8DCC0} canceled.
{20F9BFB9-B37B-4BAB-B646-E8939E84163D} canceled.
{CB635E9A-1B92-4991-A115-35A0C4C1B0EC} canceled.
{5ACF5DE3-BC3C-4750-B87D-CC9136015194} canceled.
{EB71AB5B-303A-41D1-9A65-E9FAE685A019} canceled.
{7639889E-408A-4797-B145-4EAA5B022D0D} canceled.
7 out of 27 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 21.9 GB temporary data Removed.

The system needed a reboot…

==== End of Fixlog 19:20:04 ====


Running fix at 2015-06-16 19:37:29

Fix finished at 2015-06-16 19:37:34

Anti-VBS/VBE, build 11
http://www.mcshield.net/download/tools/Anti-VBSVBE/

Could you now run a fresh FRST scan please and let me know what problems you are having

Avast still detects the virus on my USB key, i want to get rid of it without loosing my files.

Does MCShield not detect this ?

MCShield is not detecting it here are the logs…

MCShield AllScans.txt <<<


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 09:02:50 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 09:40:47 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 15:34:11 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 16:09:38 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2015-06-16 16:09:51 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<

2015-06-16 19:22:39 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

2015-06-16 19:22:39 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…

=> The drive is clean.

2015-06-16 19:22:41 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<

2015-06-16 19:56:43 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<

2015-06-16 22:48:18 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

2015-06-16 22:48:18 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…

=> The drive is clean.

2015-06-16 22:48:22 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…

=> The drive is clean.

What is the file name on the flash drive ?

Also do you have MCShield set to show hidden files

I have MCShield set to unhide items on flash drive but it does detect it. Avast detects in drive G:

LNK:Jenxcus-M[Trj] G:\Guité\Guité.Ink, trashes.Ink, C.Ink, $RECYCLEBIN.Ink
LNK:Jenxcus-L[Trj] G:\Skypee\Google.nk
VBS:Runner-IW[Trj] G:$RECYCLEBIN\VIc.rar|>[embedded:MSEncoded]
Other:Malware-gen[Trj] G:\Skypee\googleupdate.a3x

In drive H:

Other:Malware-gen[Trj] H:\Skypee\googleupdate.a3x

MCShield should delete those

Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Hello essexboy, i already did that and posted logs above,MCShield does not detect them. Will run it again and post logs below.
I also want to fix those files and not delete them. Thanks for your help.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<

2015-06-18 00:11:43 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…

=> The drive is clean.

2015-06-18 00:11:46 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…

=> The drive is clean.

2015-06-18 00:11:53 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…

=> The drive is clean.

I rebooted computer, did another scan. This time Avast logs shows me only; Googleupdate.a3x and $Recyclebin on drive G: and H:
So i put those in quarantaine since no file i needed seems to be infected anymore. Also Jenxcus does not show up on scan. Problem seems to be fixed. I will do a reboot scan with avast to see if it detects anything.

Let me know please as deletion of those folders should clear the problem

Did a reboot scan, and it shows no virus. I opened the travel drives and those files are still there but not infected according to avast.
I will delete them because they are not needed…
Thanks…

Yes delete them as they contain additional files for the malware