Automatically put all my folders to a shortcut of my USB
Solved/Closed
jerkiss
Posts
1
Registration date
Saturday February 16, 2013
Status
Member
Last seen
February 16, 2013
-
Feb 16, 2013 at 01:13 PM
shigri79 Posts 1 Registration date Saturday May 18, 2013 Status Member Last seen May 31, 2013 - May 30, 2013 at 06:33 PM
shigri79 Posts 1 Registration date Saturday May 18, 2013 Status Member Last seen May 31, 2013 - May 30, 2013 at 06:33 PM
Related:
- Automatically put all my folders to a shortcut of my USB
- Usb show - Download - Backup and recovery
- Usb flash drive tester - Download - Backup and recovery
- At the rate shortcut key - Guide
- Keyboard shortcut for accented e - Guide
- Windows 7 bootable usb download - Download - Storage
2 responses
shigri79
Posts
1
Registration date
Saturday May 18, 2013
Status
Member
Last seen
May 31, 2013
May 30, 2013 at 06:33 PM
May 30, 2013 at 06:33 PM
############################## | UsbFix V 7.126 | [Deletion]
User: Wardah (Administrator) # ALI-MEHDI
Updated 13/05/2013 by El Desaparecido
Started at 00:52:15 | 31/05/2013
Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: Hewlett-Packard (HP Mini 210-1000) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (1666)
RAM -> [Total : 2036 | Free : 1204]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft Windows 7 Starter (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16576
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 286 Gb (92 Mb free - 32%) [] # NTFS
D:\ -> Fixed drive # 11 Gb (2 Mb free - 16%) [RECOVERY] # NTFS
E:\ -> Fixed drive # 99 Mb (95 Mb free - 96%) [HP_TOOLS] # FAT32
F:\ -> Removable drive # 15 Gb (13 Mb free - 88%) [Amir] # NTFS
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\SOFTWARE | Run : [DivXUpdate] - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Power2GoExpress] -
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [WinFLTray] - C:\Windows\system32\WinFLTray.exe
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [FLBackup] - C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Updatea.vbs] - "C:\Users\Wardah\AppData\Local\Temp\Updatea.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Stopped processes |
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe (1108)
Stopped! C:\Windows\system32\WLANExt.exe (1596)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1656)
Stopped! C:\Windows\System32\spoolsv.exe (1804)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1952)
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe (1984)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (2016)
Stopped! C:\Windows\system32\WinFLService.exe (116)
Stopped! C:\Program Files\Hotspot Shield\bin\openvpnas.exe (520)
Stopped! C:\Program Files\Hotspot Shield\bin\hsswd.exe (824)
Stopped! C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1728)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2156)
Stopped! C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2220)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2352)
Stopped! C:\Windows\system32\taskhost.exe (2556)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3544)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3668)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3800)
Stopped! C:\Windows\system32\SearchIndexer.exe (4064)
Stopped! C:\Program Files\DivX\DivX Update\DivXUpdate.exe (3380)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (336)
Stopped! C:\Windows\System32\WinFLTray.exe (3688)
Stopped! C:\Program Files\Skype\Phone\Skype.exe (928)
Stopped! C:\Program Files\Hotspot Shield\bin\openvpntray.exe (2728)
Stopped! C:\Windows\System32\WScript.exe (3324)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (1972)
Stopped! C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (2400)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (2284)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (4336)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (4792)
Stopped! C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (5356)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (5364)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (5516)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (5652)
Stopped! C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (6952)
Stopped! C:\Users\Wardah\Downloads\AutoRunExterminator-1.8\AutoRunExterminator.exe (5484)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (8928)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (9484)
Stopped! C:\Windows\system32\igfxsrvc.exe (10520)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (2044)
Stopped! C:\Windows\system32\taskeng.exe (7284)
Stopped! C:\Windows\System32\WUDFHost.exe (7056)
################## | Files # Infected Folders |
Deleted ! F:\01.jpg.lnk
Deleted ! F:\02.jpg.lnk
Deleted ! F:\Address book backup.WAB.lnk
Deleted ! F:\Amir CV.doc.lnk
Deleted ! F:\Amir Resume.doc.lnk
Deleted ! F:\Amir visa copy.pdf.lnk
Deleted ! F:\authority letter for hec .doc.lnk
Deleted ! F:\DSC_0003.jpg.lnk
Deleted ! F:\DSC_71481.jpg.lnk
Deleted ! F:\EligibilityLetter.pdf.lnk
Deleted ! F:\Experience 2.jpg.lnk
Deleted ! F:\hasho.docx.lnk
Deleted ! F:\Higher Education Commission Pakistan.htm.lnk
Deleted ! F:\Ibrahim PP scan.JPG.lnk
Deleted ! F:\In the line of fire.pdf.lnk
Deleted ! F:\Iram NICOP 1.jpg.lnk
Deleted ! F:\Iram Nicop.docx.lnk
Deleted ! F:\Iram Nicop.jpg.lnk
Deleted ! F:\KESCBillnov12(1).pdf.lnk
Deleted ! F:\KESCBillnov12(2).pdf.lnk
Deleted ! F:\LetterofAuthorization.doc.lnk
Deleted ! F:\NIC copy amir.docx.lnk
Deleted ! F:\NIC.docx.lnk
Deleted ! F:\OE settings.doc.lnk
Deleted ! F:\pass.txt.lnk
Deleted ! F:\Passport size pic.jpg.lnk
Deleted ! F:\PP amir.JPG.lnk
Deleted ! F:\PP slip1 qasim.JPG.lnk
Deleted ! F:\qaju.jpg.lnk
Deleted ! F:\Qasim Birth Certificate.JPG.lnk
Deleted ! F:\Resume.doc.lnk
Deleted ! F:\scan0001.pdf.lnk
Deleted ! F:\scan0004.jpg.lnk
Deleted ! F:\scan0005.jpg.lnk
Deleted ! F:\scan0006.jpg.lnk
Deleted ! F:\Vero,Ibbi,Hasnain NICOP side 1.JPG.lnk
Deleted ! F:\Vero,Ibbi,Hasnain NICOP side 2.JPG.lnk
Deleted ! C:\Users\Wardah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updatea.vbs
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt31E1.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt457F.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt7059.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\Updatea.vbs
Deleted ! D:\syncguid.dat
Deleted ! E:\syncguid.dat
Deleted ! F:\Updatea.vbs
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updatea.vbs
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\F
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{6ca65ef0-51e2-11e0-93fc-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{749f74e6-7d76-11e2-976f-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a5f6a403-4566-11e0-88b4-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c6417ef6-d16f-11df-9482-0ceee6f72d8c}
################## | Listing |
[18/11/2011 - 23:18:58 | D ] C:\$Recycle.Bin
[11/06/2009 - 01:42:20 | N | 24] C:\autoexec.bat
[04/08/2011 - 00:38:36 | N | 30558] C:\bdlog.txt
[22/11/2009 - 11:01:39 | SHD ] C:\boot
[14/07/2009 - 05:38:58 | RASH | 383562] C:\bootmgr
[26/05/2013 - 20:30:57 | D ] C:\Config.Msi
[11/06/2009 - 01:42:20 | N | 10] C:\config.sys
[21/04/2013 - 20:34:57 | D ] C:\CPQSYSTEM
[22/05/2013 - 23:47:29 | D ] C:\Data
[14/07/2009 - 08:53:55 | SHD ] C:\Documents and Settings
[27/05/2013 - 16:16:03 | ASH | 1601327104] C:\hiberfil.sys
[15/12/2009 - 17:15:33 | D ] C:\HP
[23/07/2010 - 15:56:14 | D ] C:\HPMBackup
[16/07/2011 - 21:33:59 | D ] C:\install
[11/07/2011 - 18:44:47 | D ] C:\Intel
[16/07/2011 - 21:34:01 | D ] C:\IUware Online
[07/03/2008 - 19:00:26 | N | 197] C:\lan.log
[10/02/2011 - 22:28:40 | RHD ] C:\MSOCache
[27/05/2013 - 16:16:07 | ASH | 2135105536] C:\pagefile.sys
[07/08/2010 - 16:47:59 | N | 0] C:\pcversion.txt
[14/07/2009 - 06:37:05 | D ] C:\PerfLogs
[18/05/2013 - 15:33:39 | N | 512] C:\PhysicalDisk0_MBR.bin
[27/05/2013 - 00:01:52 | D ] C:\Program Files
[02/05/2013 - 09:03:25 | D ] C:\ProgramData
[07/03/2008 - 19:03:36 | N | 206] C:\realtek.log
[23/07/2010 - 15:57:35 | SHD ] C:\Recovery
[07/03/2008 - 19:03:36 | N | 575] C:\RHDSetup.log
[29/04/2013 - 23:00:17 | D ] C:\SwSetup
[09/07/2012 - 01:56:53 | N | 84] C:\SYNTPAD.LOG
[29/05/2013 - 18:40:44 | SHD ] C:\System Volume Information
[23/07/2010 - 15:57:39 | D ] C:\SYSTEM.SAV
[08/09/2010 - 14:49:30 | N | 1036] C:\Sys_LogWin.log
[31/05/2013 - 02:11:32 | D ] C:\UsbFix
[31/05/2013 - 02:12:25 | A | 9708] C:\UsbFix [Clean 2] ALI-MEHDI.txt
[12/04/2013 - 17:23:27 | D ] C:\Users
[26/05/2013 - 20:30:39 | D ] C:\Windows
[23/06/2009 - 17:09:46 | N | 4] C:\WINDOWSRegDefrag.dat
[01/04/2008 - 13:44:00 | N | 146] C:\YServer.txt
[18/05/2013 - 17:14:52 | D ] C:\ZHP
[18/11/2011 - 23:18:58 | D ] D:\$RECYCLE.BIN
[20/08/2010 - 00:23:27 | D ] D:\2a6cad237064af58db6dfd
[23/07/2010 - 16:05:37 | D ] D:\boot
[14/07/2009 - 22:39:00 | A | 383562] D:\bootmgr
[23/07/2010 - 16:05:36 | N | 0] D:\BT_HP.FLG
[15/12/2009 - 17:51:41 | N | 483] D:\CSP.DAT
[15/12/2009 - 18:00:49 | N | 12035] D:\DeployRp.log
[23/07/2010 - 16:05:37 | D ] D:\hp
[23/07/2010 - 16:05:36 | N | 22] D:\language.ini
[23/07/2010 - 16:05:37 | D ] D:\preload
[23/07/2010 - 16:05:37 | D ] D:\Recovery
[15/12/2009 - 18:00:45 | N | 0] D:\RPCONFIG.LOG
[19/08/2010 - 23:14:16 | SHD ] D:\System Volume Information
[23/07/2010 - 16:05:37 | D ] D:\system.sav
[15/12/2009 - 04:54:12 | D ] E:\Hewlett-Packard
[23/07/2010 - 16:05:46 | SHD ] E:\$RECYCLE.BIN
[16/04/2013 - 12:51:05 | N | 173588] F:\01.jpg
[16/04/2013 - 12:51:18 | N | 179156] F:\02.jpg
[04/07/2012 - 22:40:28 | N | 204007] F:\Address book backup.WAB
[20/03/2013 - 16:04:32 | D ] F:\Amir Askari
[01/12/2012 - 11:36:16 | N | 43008] F:\Amir CV.doc
[05/02/2013 - 11:19:48 | N | 45568] F:\Amir Resume.doc
[04/05/2013 - 11:36:56 | N | 472073] F:\Amir visa copy.pdf
[25/03/2013 - 16:18:14 | N | 38912] F:\authority letter for hec .doc
[17/11/2012 - 13:43:34 | D ] F:\BackupOE
[25/09/2012 - 14:36:46 | D ] F:\Canada
[26/03/2013 - 18:46:29 | D ] F:\Canadian forms asim
[15/04/2013 - 11:56:11 | N | 163222] F:\DSC_0003.jpg
[05/02/2013 - 15:43:30 | N | 152916] F:\DSC_71481.jpg
[03/05/2013 - 19:20:12 | N | 572423] F:\EligibilityLetter.pdf
[03/12/2012 - 19:32:59 | N | 429177] F:\Experience 2.jpg
[16/04/2013 - 19:17:02 | N | 0] F:\hasho.docx
[05/02/2013 - 04:00:26 | N | 28174] F:\Higher Education Commission Pakistan.htm
[06/10/2012 - 09:37:05 | D ] F:\Higher Education Commission Pakistan_files
[10/05/2013 - 10:02:29 | D ] F:\House pics
[26/03/2013 - 19:04:11 | N | 924959] F:\Ibrahim PP scan.JPG
[08/11/2010 - 12:38:08 | N | 3323213] F:\In the line of fire.pdf
[06/05/2013 - 21:17:45 | N | 76829] F:\Iram NICOP 1.jpg
[06/05/2013 - 21:22:05 | N | 163565] F:\Iram Nicop.docx
[06/05/2013 - 21:18:37 | N | 75765] F:\Iram Nicop.jpg
[30/09/2012 - 14:54:59 | D ] F:\islamic folder
[01/12/2012 - 18:40:42 | N | 340861] F:\KESCBillnov12(1).pdf
[01/12/2012 - 18:44:03 | N | 340919] F:\KESCBillnov12(2).pdf
[04/12/2012 - 20:53:52 | N | 55296] F:\LetterofAuthorization.doc
[07/10/2012 - 00:26:41 | D ] F:\Lifescience
[07/05/2013 - 18:01:49 | D ] F:\Mail backup 7-5-13
[25/04/2013 - 07:00:03 | D ] F:\Music
[04/02/2013 - 12:53:00 | N | 395131] F:\NIC copy amir.docx
[16/08/2011 - 16:42:18 | N | 395131] F:\NIC.docx
[04/10/2012 - 13:10:10 | D ] F:\Novartis1
[17/11/2012 - 13:57:47 | N | 744448] F:\OE settings.doc
[15/02/2013 - 09:00:25 | N | 767] F:\pass.txt
[02/05/2013 - 15:55:30 | N | 152916] F:\Passport size pic.jpg
[05/02/2013 - 15:44:15 | D ] F:\pp
[04/05/2013 - 11:37:32 | N | 339906] F:\PP amir.JPG
[26/03/2013 - 19:06:09 | N | 312290] F:\PP slip1 qasim.JPG
[15/04/2013 - 11:56:11 | N | 163222] F:\qaju.jpg
[26/03/2013 - 19:11:46 | N | 1045936] F:\Qasim Birth Certificate.JPG
[22/11/2012 - 11:06:07 | D ] F:\Resume full
[30/09/2012 - 15:00:47 | N | 59904] F:\Resume.doc
[22/05/2012 - 13:13:52 | N | 542045] F:\scan0001.pdf
[25/07/2012 - 22:46:24 | N | 1575332] F:\scan0004.jpg
[25/07/2012 - 22:46:54 | N | 2008308] F:\scan0005.jpg
[25/07/2012 - 22:47:00 | N | 1283642] F:\scan0006.jpg
[24/04/2013 - 22:53:00 | SHD ] F:\System Volume Information
[30/09/2012 - 14:49:49 | D ] F:\usb update
[26/03/2013 - 19:13:47 | N | 800278] F:\Vero,Ibbi,Hasnain NICOP side 1.JPG
[26/03/2013 - 19:14:37 | N | 606549] F:\Vero,Ibbi,Hasnain NICOP side 2.JPG
[06/05/2013 - 21:18:37 | D ] F:\[Originals]
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.sosvirus.net/ |
User: Wardah (Administrator) # ALI-MEHDI
Updated 13/05/2013 by El Desaparecido
Started at 00:52:15 | 31/05/2013
Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: Hewlett-Packard (HP Mini 210-1000) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (1666)
RAM -> [Total : 2036 | Free : 1204]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft Windows 7 Starter (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16576
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 286 Gb (92 Mb free - 32%) [] # NTFS
D:\ -> Fixed drive # 11 Gb (2 Mb free - 16%) [RECOVERY] # NTFS
E:\ -> Fixed drive # 99 Mb (95 Mb free - 96%) [HP_TOOLS] # FAT32
F:\ -> Removable drive # 15 Gb (13 Mb free - 88%) [Amir] # NTFS
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\SOFTWARE | Run : [DivXUpdate] - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Power2GoExpress] -
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [WinFLTray] - C:\Windows\system32\WinFLTray.exe
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [FLBackup] - C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Updatea.vbs] - "C:\Users\Wardah\AppData\Local\Temp\Updatea.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Stopped processes |
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe (1108)
Stopped! C:\Windows\system32\WLANExt.exe (1596)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1656)
Stopped! C:\Windows\System32\spoolsv.exe (1804)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1952)
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe (1984)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (2016)
Stopped! C:\Windows\system32\WinFLService.exe (116)
Stopped! C:\Program Files\Hotspot Shield\bin\openvpnas.exe (520)
Stopped! C:\Program Files\Hotspot Shield\bin\hsswd.exe (824)
Stopped! C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1728)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2156)
Stopped! C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2220)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2352)
Stopped! C:\Windows\system32\taskhost.exe (2556)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3544)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3668)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3800)
Stopped! C:\Windows\system32\SearchIndexer.exe (4064)
Stopped! C:\Program Files\DivX\DivX Update\DivXUpdate.exe (3380)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (336)
Stopped! C:\Windows\System32\WinFLTray.exe (3688)
Stopped! C:\Program Files\Skype\Phone\Skype.exe (928)
Stopped! C:\Program Files\Hotspot Shield\bin\openvpntray.exe (2728)
Stopped! C:\Windows\System32\WScript.exe (3324)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (1972)
Stopped! C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (2400)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (2284)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (4336)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (4792)
Stopped! C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (5356)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (5364)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (5516)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (5652)
Stopped! C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (6952)
Stopped! C:\Users\Wardah\Downloads\AutoRunExterminator-1.8\AutoRunExterminator.exe (5484)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (8928)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (9484)
Stopped! C:\Windows\system32\igfxsrvc.exe (10520)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (2044)
Stopped! C:\Windows\system32\taskeng.exe (7284)
Stopped! C:\Windows\System32\WUDFHost.exe (7056)
################## | Files # Infected Folders |
Deleted ! F:\01.jpg.lnk
Deleted ! F:\02.jpg.lnk
Deleted ! F:\Address book backup.WAB.lnk
Deleted ! F:\Amir CV.doc.lnk
Deleted ! F:\Amir Resume.doc.lnk
Deleted ! F:\Amir visa copy.pdf.lnk
Deleted ! F:\authority letter for hec .doc.lnk
Deleted ! F:\DSC_0003.jpg.lnk
Deleted ! F:\DSC_71481.jpg.lnk
Deleted ! F:\EligibilityLetter.pdf.lnk
Deleted ! F:\Experience 2.jpg.lnk
Deleted ! F:\hasho.docx.lnk
Deleted ! F:\Higher Education Commission Pakistan.htm.lnk
Deleted ! F:\Ibrahim PP scan.JPG.lnk
Deleted ! F:\In the line of fire.pdf.lnk
Deleted ! F:\Iram NICOP 1.jpg.lnk
Deleted ! F:\Iram Nicop.docx.lnk
Deleted ! F:\Iram Nicop.jpg.lnk
Deleted ! F:\KESCBillnov12(1).pdf.lnk
Deleted ! F:\KESCBillnov12(2).pdf.lnk
Deleted ! F:\LetterofAuthorization.doc.lnk
Deleted ! F:\NIC copy amir.docx.lnk
Deleted ! F:\NIC.docx.lnk
Deleted ! F:\OE settings.doc.lnk
Deleted ! F:\pass.txt.lnk
Deleted ! F:\Passport size pic.jpg.lnk
Deleted ! F:\PP amir.JPG.lnk
Deleted ! F:\PP slip1 qasim.JPG.lnk
Deleted ! F:\qaju.jpg.lnk
Deleted ! F:\Qasim Birth Certificate.JPG.lnk
Deleted ! F:\Resume.doc.lnk
Deleted ! F:\scan0001.pdf.lnk
Deleted ! F:\scan0004.jpg.lnk
Deleted ! F:\scan0005.jpg.lnk
Deleted ! F:\scan0006.jpg.lnk
Deleted ! F:\Vero,Ibbi,Hasnain NICOP side 1.JPG.lnk
Deleted ! F:\Vero,Ibbi,Hasnain NICOP side 2.JPG.lnk
Deleted ! C:\Users\Wardah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updatea.vbs
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt31E1.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt457F.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt7059.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\Updatea.vbs
Deleted ! D:\syncguid.dat
Deleted ! E:\syncguid.dat
Deleted ! F:\Updatea.vbs
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updatea.vbs
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\F
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{6ca65ef0-51e2-11e0-93fc-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{749f74e6-7d76-11e2-976f-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a5f6a403-4566-11e0-88b4-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c6417ef6-d16f-11df-9482-0ceee6f72d8c}
################## | Listing |
[18/11/2011 - 23:18:58 | D ] C:\$Recycle.Bin
[11/06/2009 - 01:42:20 | N | 24] C:\autoexec.bat
[04/08/2011 - 00:38:36 | N | 30558] C:\bdlog.txt
[22/11/2009 - 11:01:39 | SHD ] C:\boot
[14/07/2009 - 05:38:58 | RASH | 383562] C:\bootmgr
[26/05/2013 - 20:30:57 | D ] C:\Config.Msi
[11/06/2009 - 01:42:20 | N | 10] C:\config.sys
[21/04/2013 - 20:34:57 | D ] C:\CPQSYSTEM
[22/05/2013 - 23:47:29 | D ] C:\Data
[14/07/2009 - 08:53:55 | SHD ] C:\Documents and Settings
[27/05/2013 - 16:16:03 | ASH | 1601327104] C:\hiberfil.sys
[15/12/2009 - 17:15:33 | D ] C:\HP
[23/07/2010 - 15:56:14 | D ] C:\HPMBackup
[16/07/2011 - 21:33:59 | D ] C:\install
[11/07/2011 - 18:44:47 | D ] C:\Intel
[16/07/2011 - 21:34:01 | D ] C:\IUware Online
[07/03/2008 - 19:00:26 | N | 197] C:\lan.log
[10/02/2011 - 22:28:40 | RHD ] C:\MSOCache
[27/05/2013 - 16:16:07 | ASH | 2135105536] C:\pagefile.sys
[07/08/2010 - 16:47:59 | N | 0] C:\pcversion.txt
[14/07/2009 - 06:37:05 | D ] C:\PerfLogs
[18/05/2013 - 15:33:39 | N | 512] C:\PhysicalDisk0_MBR.bin
[27/05/2013 - 00:01:52 | D ] C:\Program Files
[02/05/2013 - 09:03:25 | D ] C:\ProgramData
[07/03/2008 - 19:03:36 | N | 206] C:\realtek.log
[23/07/2010 - 15:57:35 | SHD ] C:\Recovery
[07/03/2008 - 19:03:36 | N | 575] C:\RHDSetup.log
[29/04/2013 - 23:00:17 | D ] C:\SwSetup
[09/07/2012 - 01:56:53 | N | 84] C:\SYNTPAD.LOG
[29/05/2013 - 18:40:44 | SHD ] C:\System Volume Information
[23/07/2010 - 15:57:39 | D ] C:\SYSTEM.SAV
[08/09/2010 - 14:49:30 | N | 1036] C:\Sys_LogWin.log
[31/05/2013 - 02:11:32 | D ] C:\UsbFix
[31/05/2013 - 02:12:25 | A | 9708] C:\UsbFix [Clean 2] ALI-MEHDI.txt
[12/04/2013 - 17:23:27 | D ] C:\Users
[26/05/2013 - 20:30:39 | D ] C:\Windows
[23/06/2009 - 17:09:46 | N | 4] C:\WINDOWSRegDefrag.dat
[01/04/2008 - 13:44:00 | N | 146] C:\YServer.txt
[18/05/2013 - 17:14:52 | D ] C:\ZHP
[18/11/2011 - 23:18:58 | D ] D:\$RECYCLE.BIN
[20/08/2010 - 00:23:27 | D ] D:\2a6cad237064af58db6dfd
[23/07/2010 - 16:05:37 | D ] D:\boot
[14/07/2009 - 22:39:00 | A | 383562] D:\bootmgr
[23/07/2010 - 16:05:36 | N | 0] D:\BT_HP.FLG
[15/12/2009 - 17:51:41 | N | 483] D:\CSP.DAT
[15/12/2009 - 18:00:49 | N | 12035] D:\DeployRp.log
[23/07/2010 - 16:05:37 | D ] D:\hp
[23/07/2010 - 16:05:36 | N | 22] D:\language.ini
[23/07/2010 - 16:05:37 | D ] D:\preload
[23/07/2010 - 16:05:37 | D ] D:\Recovery
[15/12/2009 - 18:00:45 | N | 0] D:\RPCONFIG.LOG
[19/08/2010 - 23:14:16 | SHD ] D:\System Volume Information
[23/07/2010 - 16:05:37 | D ] D:\system.sav
[15/12/2009 - 04:54:12 | D ] E:\Hewlett-Packard
[23/07/2010 - 16:05:46 | SHD ] E:\$RECYCLE.BIN
[16/04/2013 - 12:51:05 | N | 173588] F:\01.jpg
[16/04/2013 - 12:51:18 | N | 179156] F:\02.jpg
[04/07/2012 - 22:40:28 | N | 204007] F:\Address book backup.WAB
[20/03/2013 - 16:04:32 | D ] F:\Amir Askari
[01/12/2012 - 11:36:16 | N | 43008] F:\Amir CV.doc
[05/02/2013 - 11:19:48 | N | 45568] F:\Amir Resume.doc
[04/05/2013 - 11:36:56 | N | 472073] F:\Amir visa copy.pdf
[25/03/2013 - 16:18:14 | N | 38912] F:\authority letter for hec .doc
[17/11/2012 - 13:43:34 | D ] F:\BackupOE
[25/09/2012 - 14:36:46 | D ] F:\Canada
[26/03/2013 - 18:46:29 | D ] F:\Canadian forms asim
[15/04/2013 - 11:56:11 | N | 163222] F:\DSC_0003.jpg
[05/02/2013 - 15:43:30 | N | 152916] F:\DSC_71481.jpg
[03/05/2013 - 19:20:12 | N | 572423] F:\EligibilityLetter.pdf
[03/12/2012 - 19:32:59 | N | 429177] F:\Experience 2.jpg
[16/04/2013 - 19:17:02 | N | 0] F:\hasho.docx
[05/02/2013 - 04:00:26 | N | 28174] F:\Higher Education Commission Pakistan.htm
[06/10/2012 - 09:37:05 | D ] F:\Higher Education Commission Pakistan_files
[10/05/2013 - 10:02:29 | D ] F:\House pics
[26/03/2013 - 19:04:11 | N | 924959] F:\Ibrahim PP scan.JPG
[08/11/2010 - 12:38:08 | N | 3323213] F:\In the line of fire.pdf
[06/05/2013 - 21:17:45 | N | 76829] F:\Iram NICOP 1.jpg
[06/05/2013 - 21:22:05 | N | 163565] F:\Iram Nicop.docx
[06/05/2013 - 21:18:37 | N | 75765] F:\Iram Nicop.jpg
[30/09/2012 - 14:54:59 | D ] F:\islamic folder
[01/12/2012 - 18:40:42 | N | 340861] F:\KESCBillnov12(1).pdf
[01/12/2012 - 18:44:03 | N | 340919] F:\KESCBillnov12(2).pdf
[04/12/2012 - 20:53:52 | N | 55296] F:\LetterofAuthorization.doc
[07/10/2012 - 00:26:41 | D ] F:\Lifescience
[07/05/2013 - 18:01:49 | D ] F:\Mail backup 7-5-13
[25/04/2013 - 07:00:03 | D ] F:\Music
[04/02/2013 - 12:53:00 | N | 395131] F:\NIC copy amir.docx
[16/08/2011 - 16:42:18 | N | 395131] F:\NIC.docx
[04/10/2012 - 13:10:10 | D ] F:\Novartis1
[17/11/2012 - 13:57:47 | N | 744448] F:\OE settings.doc
[15/02/2013 - 09:00:25 | N | 767] F:\pass.txt
[02/05/2013 - 15:55:30 | N | 152916] F:\Passport size pic.jpg
[05/02/2013 - 15:44:15 | D ] F:\pp
[04/05/2013 - 11:37:32 | N | 339906] F:\PP amir.JPG
[26/03/2013 - 19:06:09 | N | 312290] F:\PP slip1 qasim.JPG
[15/04/2013 - 11:56:11 | N | 163222] F:\qaju.jpg
[26/03/2013 - 19:11:46 | N | 1045936] F:\Qasim Birth Certificate.JPG
[22/11/2012 - 11:06:07 | D ] F:\Resume full
[30/09/2012 - 15:00:47 | N | 59904] F:\Resume.doc
[22/05/2012 - 13:13:52 | N | 542045] F:\scan0001.pdf
[25/07/2012 - 22:46:24 | N | 1575332] F:\scan0004.jpg
[25/07/2012 - 22:46:54 | N | 2008308] F:\scan0005.jpg
[25/07/2012 - 22:47:00 | N | 1283642] F:\scan0006.jpg
[24/04/2013 - 22:53:00 | SHD ] F:\System Volume Information
[30/09/2012 - 14:49:49 | D ] F:\usb update
[26/03/2013 - 19:13:47 | N | 800278] F:\Vero,Ibbi,Hasnain NICOP side 1.JPG
[26/03/2013 - 19:14:37 | N | 606549] F:\Vero,Ibbi,Hasnain NICOP side 2.JPG
[06/05/2013 - 21:18:37 | D ] F:\[Originals]
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.sosvirus.net/ |
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Feb 16, 2013 at 09:24 PM
Feb 16, 2013 at 09:24 PM
Hello,
Try this 1
1) First Disable the "Autorun" feature. Click on the below hyperlink "Fix" and
follow the instructions
Fix
Since you are using Windows 7, right-click on it and select the option "Run as
administrator".
2) Click on the below link and download the file "AutorunExterminator"
https://ccm.net/downloads/security-and-maintenance/5911-autorun-exterminator/
[Note : Make sure Dot Net Framework is installed in your PC to install the
"AutorunExterminator" OR
Click on the below link and download the Dot Net Framework
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19]
Extract it --> Double-click on "AutorunExterminator" --> Plug your pen drive
drive now.
This will remove the autorun.inf files from your pen drive and also from
drives.
3) After that, download the Malwarebytes' Anti-Malware from the below link
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Update it --> Perform "Full Scan"
If the problem still exists then click on the below link and follow the instructions
given under "Diagnosis"
http://ccm.net/faq/24698-zhpdiag
Good Luck
Try this 1
1) First Disable the "Autorun" feature. Click on the below hyperlink "Fix" and
follow the instructions
Fix
Since you are using Windows 7, right-click on it and select the option "Run as
administrator".
2) Click on the below link and download the file "AutorunExterminator"
https://ccm.net/downloads/security-and-maintenance/5911-autorun-exterminator/
[Note : Make sure Dot Net Framework is installed in your PC to install the
"AutorunExterminator" OR
Click on the below link and download the Dot Net Framework
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19]
Extract it --> Double-click on "AutorunExterminator" --> Plug your pen drive
drive now.
This will remove the autorun.inf files from your pen drive and also from
drives.
3) After that, download the Malwarebytes' Anti-Malware from the below link
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Update it --> Perform "Full Scan"
If the problem still exists then click on the below link and follow the instructions
given under "Diagnosis"
http://ccm.net/faq/24698-zhpdiag
Good Luck
