when plug in usb thumb … all file in usb turn to shortcut
First unplug all USB drives, then:
Attach your logs. (MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
log
Now you wait…
Malware experts are notified
Monitoring.
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:Files
C:\Program Files (x86)\Mobogenie
C:\Users\Win7\.android
C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
:OTL
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWLniD5Hi5TtMwNBJkWDmr5p9zLX-9lu92LM2AnKWR1V1E81A4V2BW3QJYplDklTStKaS8fZvNS0EWrzHu71kimGtjfUq3Lw_WEVX3XUf13c1iddKn__N1DXRoTBIvJ3QUqyj0TwU7NfyPZbMwoC02eMkA,,&q={searchTerms}
IE - HKU\S-1-5-21-2891768204-3535275090-2418051885-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWLniD5Hi5TtMwNBJkWDmr5p9zLX-9lu92LM2AnKWR1V1E81A4V2BW3QJYplDklTStKaS8fZvNS0EWrzHu71kimGtjfUq3Lw_WEVX3XUf13c1iddKn__N1DXRoTBIvJ3QUqyj0TwU7NfyPZbMwoC02eMkA,,&q={searchTerms}
CHR - default_search_provider: search_url = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWLniD5Hi5TtMwNBJkWDmr5p9zLX-9lu92LM2AnKWR1V1E81A4V2BW3QJYplDklTStKaS8fZvNS0EWrzHu71kimGtjfUq3Lw_WEVX3XUf13c1iddKn__N1DXRoTBIvJ3QUqyj0TwU7NfyPZbMwoC02eMkA,,&q={searchTerms}
CHR - homepage: http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWLniD5Hi5TtMwNBJkWDmr5p9zLX-9lu92LM2AnKWR1V1E81A4V2BW3QJYplDklTStKaS8fZvNS0EWrzHu71kimGtjfY2FqK66K7ZgLRHtaX-X4HL6l__eTOqM0LvCqrw6SmBwChapRjhffC2yuO2l4vPQ,,
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKU\S-1-5-21-2891768204-3535275090-2418051885-1000..\Run: [Windows Update Service] C:\Users\Win7\AppData\Local\Temp\windows\winsys.exe File not found
O4 - Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O33 - MountPoints2\{3bea21ea-4b4c-11e3-9f6b-10bf48724d4e}\Shell - "" = AutoRun
O33 - MountPoints2\{3bea21ea-4b4c-11e3-9f6b-10bf48724d4e}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
[2014/04/04 18:26:23 | 000,000,000 | ---D | C] -- C:\Users\Win7\Documents\Mobogenie
[2014/04/04 18:26:23 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\Mobogenie
[2014/04/04 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
:commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
.
Please download MCShield from one of the following links:
MCShield -Official download link
[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.
=> Post here AllScanst.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
.
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
log…
MCShield and Addition.txt logs?