Automatically put all my folders to a shortcut of my USB

Solved/Closed
Report
Posts
1
Registration date
Saturday February 16, 2013
Status
Member
Last seen
February 16, 2013
-
Posts
1
Registration date
Saturday May 18, 2013
Status
Member
Last seen
May 31, 2013
-
Hello, I have this problem for a few days now. I think my laptop has a virus but I'm not sure yet. This is my problem:

When I insert and open my USB on my laptop, it will automatically put all my folders to a shortcut of my USB (example: USB's name-ABC:, upon opening it there be a ABC: shortcut) When I open it, my folders are still there. I formatted my USB 5x but it will always create a shortcut of my USB.

Does anyone know what the problem is? Thank you so much!

2 replies

Posts
1
Registration date
Saturday May 18, 2013
Status
Member
Last seen
May 31, 2013

############################## | UsbFix V 7.126 | [Deletion]

User: Wardah (Administrator) # ALI-MEHDI
Updated 13/05/2013 by El Desaparecido
Started at 00:52:15 | 31/05/2013

Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: Hewlett-Packard (HP Mini 210-1000) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (1666)
RAM -> [Total : 2036 | Free : 1204]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows 7 Starter (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16576

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 286 Gb (92 Mb free - 32%) [] # NTFS
D:\ -> Fixed drive # 11 Gb (2 Mb free - 16%) [RECOVERY] # NTFS
E:\ -> Fixed drive # 99 Mb (95 Mb free - 96%) [HP_TOOLS] # FAT32
F:\ -> Removable drive # 15 Gb (13 Mb free - 88%) [Amir] # NTFS

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\SOFTWARE | Run : [DivXUpdate] - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Power2GoExpress] -
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [WinFLTray] - C:\Windows\system32\WinFLTray.exe
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [FLBackup] - C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-995964411-1154817896-3624255911-1000\SOFTWARE | Run : [Updatea.vbs] - "C:\Users\Wardah\AppData\Local\Temp\Updatea.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Stopped processes |

Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe (1108)
Stopped! C:\Windows\system32\WLANExt.exe (1596)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1656)
Stopped! C:\Windows\System32\spoolsv.exe (1804)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1952)
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe (1984)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (2016)
Stopped! C:\Windows\system32\WinFLService.exe (116)
Stopped! C:\Program Files\Hotspot Shield\bin\openvpnas.exe (520)
Stopped! C:\Program Files\Hotspot Shield\bin\hsswd.exe (824)
Stopped! C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1728)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2156)
Stopped! C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2220)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2352)
Stopped! C:\Windows\system32\taskhost.exe (2556)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3544)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3668)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3800)
Stopped! C:\Windows\system32\SearchIndexer.exe (4064)
Stopped! C:\Program Files\DivX\DivX Update\DivXUpdate.exe (3380)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (336)
Stopped! C:\Windows\System32\WinFLTray.exe (3688)
Stopped! C:\Program Files\Skype\Phone\Skype.exe (928)
Stopped! C:\Program Files\Hotspot Shield\bin\openvpntray.exe (2728)
Stopped! C:\Windows\System32\WScript.exe (3324)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (1972)
Stopped! C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (2400)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (2284)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (4336)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (4792)
Stopped! C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (5356)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (5364)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (5516)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (5652)
Stopped! C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (6952)
Stopped! C:\Users\Wardah\Downloads\AutoRunExterminator-1.8\AutoRunExterminator.exe (5484)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (8928)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (9484)
Stopped! C:\Windows\system32\igfxsrvc.exe (10520)
Stopped! C:\PROGRA~1\MIF5BA~1\Office12\WINWORD.EXE (2044)
Stopped! C:\Windows\system32\taskeng.exe (7284)
Stopped! C:\Windows\System32\WUDFHost.exe (7056)

################## | Files # Infected Folders |

Deleted ! F:\01.jpg.lnk
Deleted ! F:\02.jpg.lnk
Deleted ! F:\Address book backup.WAB.lnk
Deleted ! F:\Amir CV.doc.lnk
Deleted ! F:\Amir Resume.doc.lnk
Deleted ! F:\Amir visa copy.pdf.lnk
Deleted ! F:\authority letter for hec .doc.lnk
Deleted ! F:\DSC_0003.jpg.lnk
Deleted ! F:\DSC_71481.jpg.lnk
Deleted ! F:\EligibilityLetter.pdf.lnk
Deleted ! F:\Experience 2.jpg.lnk
Deleted ! F:\hasho.docx.lnk
Deleted ! F:\Higher Education Commission Pakistan.htm.lnk
Deleted ! F:\Ibrahim PP scan.JPG.lnk
Deleted ! F:\In the line of fire.pdf.lnk
Deleted ! F:\Iram NICOP 1.jpg.lnk
Deleted ! F:\Iram Nicop.docx.lnk
Deleted ! F:\Iram Nicop.jpg.lnk
Deleted ! F:\KESCBillnov12(1).pdf.lnk
Deleted ! F:\KESCBillnov12(2).pdf.lnk
Deleted ! F:\LetterofAuthorization.doc.lnk
Deleted ! F:\NIC copy amir.docx.lnk
Deleted ! F:\NIC.docx.lnk
Deleted ! F:\OE settings.doc.lnk
Deleted ! F:\pass.txt.lnk
Deleted ! F:\Passport size pic.jpg.lnk
Deleted ! F:\PP amir.JPG.lnk
Deleted ! F:\PP slip1 qasim.JPG.lnk
Deleted ! F:\qaju.jpg.lnk
Deleted ! F:\Qasim Birth Certificate.JPG.lnk
Deleted ! F:\Resume.doc.lnk
Deleted ! F:\scan0001.pdf.lnk
Deleted ! F:\scan0004.jpg.lnk
Deleted ! F:\scan0005.jpg.lnk
Deleted ! F:\scan0006.jpg.lnk
Deleted ! F:\Vero,Ibbi,Hasnain NICOP side 1.JPG.lnk
Deleted ! F:\Vero,Ibbi,Hasnain NICOP side 2.JPG.lnk
Deleted ! C:\Users\Wardah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updatea.vbs
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt31E1.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt457F.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\utt7059.tmp.exe
Deleted ! C:\Users\Wardah\AppData\Local\Temp\Updatea.vbs
Deleted ! D:\syncguid.dat
Deleted ! E:\syncguid.dat
Deleted ! F:\Updatea.vbs

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updatea.vbs

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\F
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{6ca65ef0-51e2-11e0-93fc-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{749f74e6-7d76-11e2-976f-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a5f6a403-4566-11e0-88b4-0ceee6f72d8c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c6417ef6-d16f-11df-9482-0ceee6f72d8c}

################## | Listing |

[18/11/2011 - 23:18:58 | D ] C:\$Recycle.Bin
[11/06/2009 - 01:42:20 | N | 24] C:\autoexec.bat
[04/08/2011 - 00:38:36 | N | 30558] C:\bdlog.txt
[22/11/2009 - 11:01:39 | SHD ] C:\boot
[14/07/2009 - 05:38:58 | RASH | 383562] C:\bootmgr
[26/05/2013 - 20:30:57 | D ] C:\Config.Msi
[11/06/2009 - 01:42:20 | N | 10] C:\config.sys
[21/04/2013 - 20:34:57 | D ] C:\CPQSYSTEM
[22/05/2013 - 23:47:29 | D ] C:\Data
[14/07/2009 - 08:53:55 | SHD ] C:\Documents and Settings
[27/05/2013 - 16:16:03 | ASH | 1601327104] C:\hiberfil.sys
[15/12/2009 - 17:15:33 | D ] C:\HP
[23/07/2010 - 15:56:14 | D ] C:\HPMBackup
[16/07/2011 - 21:33:59 | D ] C:\install
[11/07/2011 - 18:44:47 | D ] C:\Intel
[16/07/2011 - 21:34:01 | D ] C:\IUware Online
[07/03/2008 - 19:00:26 | N | 197] C:\lan.log
[10/02/2011 - 22:28:40 | RHD ] C:\MSOCache
[27/05/2013 - 16:16:07 | ASH | 2135105536] C:\pagefile.sys
[07/08/2010 - 16:47:59 | N | 0] C:\pcversion.txt
[14/07/2009 - 06:37:05 | D ] C:\PerfLogs
[18/05/2013 - 15:33:39 | N | 512] C:\PhysicalDisk0_MBR.bin
[27/05/2013 - 00:01:52 | D ] C:\Program Files
[02/05/2013 - 09:03:25 | D ] C:\ProgramData
[07/03/2008 - 19:03:36 | N | 206] C:\realtek.log
[23/07/2010 - 15:57:35 | SHD ] C:\Recovery
[07/03/2008 - 19:03:36 | N | 575] C:\RHDSetup.log
[29/04/2013 - 23:00:17 | D ] C:\SwSetup
[09/07/2012 - 01:56:53 | N | 84] C:\SYNTPAD.LOG
[29/05/2013 - 18:40:44 | SHD ] C:\System Volume Information
[23/07/2010 - 15:57:39 | D ] C:\SYSTEM.SAV
[08/09/2010 - 14:49:30 | N | 1036] C:\Sys_LogWin.log
[31/05/2013 - 02:11:32 | D ] C:\UsbFix
[31/05/2013 - 02:12:25 | A | 9708] C:\UsbFix [Clean 2] ALI-MEHDI.txt
[12/04/2013 - 17:23:27 | D ] C:\Users
[26/05/2013 - 20:30:39 | D ] C:\Windows
[23/06/2009 - 17:09:46 | N | 4] C:\WINDOWSRegDefrag.dat
[01/04/2008 - 13:44:00 | N | 146] C:\YServer.txt
[18/05/2013 - 17:14:52 | D ] C:\ZHP
[18/11/2011 - 23:18:58 | D ] D:\$RECYCLE.BIN
[20/08/2010 - 00:23:27 | D ] D:\2a6cad237064af58db6dfd
[23/07/2010 - 16:05:37 | D ] D:\boot
[14/07/2009 - 22:39:00 | A | 383562] D:\bootmgr
[23/07/2010 - 16:05:36 | N | 0] D:\BT_HP.FLG
[15/12/2009 - 17:51:41 | N | 483] D:\CSP.DAT
[15/12/2009 - 18:00:49 | N | 12035] D:\DeployRp.log
[23/07/2010 - 16:05:37 | D ] D:\hp
[23/07/2010 - 16:05:36 | N | 22] D:\language.ini
[23/07/2010 - 16:05:37 | D ] D:\preload
[23/07/2010 - 16:05:37 | D ] D:\Recovery
[15/12/2009 - 18:00:45 | N | 0] D:\RPCONFIG.LOG
[19/08/2010 - 23:14:16 | SHD ] D:\System Volume Information
[23/07/2010 - 16:05:37 | D ] D:\system.sav
[15/12/2009 - 04:54:12 | D ] E:\Hewlett-Packard
[23/07/2010 - 16:05:46 | SHD ] E:\$RECYCLE.BIN
[16/04/2013 - 12:51:05 | N | 173588] F:\01.jpg
[16/04/2013 - 12:51:18 | N | 179156] F:\02.jpg
[04/07/2012 - 22:40:28 | N | 204007] F:\Address book backup.WAB
[20/03/2013 - 16:04:32 | D ] F:\Amir Askari
[01/12/2012 - 11:36:16 | N | 43008] F:\Amir CV.doc
[05/02/2013 - 11:19:48 | N | 45568] F:\Amir Resume.doc
[04/05/2013 - 11:36:56 | N | 472073] F:\Amir visa copy.pdf
[25/03/2013 - 16:18:14 | N | 38912] F:\authority letter for hec .doc
[17/11/2012 - 13:43:34 | D ] F:\BackupOE
[25/09/2012 - 14:36:46 | D ] F:\Canada
[26/03/2013 - 18:46:29 | D ] F:\Canadian forms asim
[15/04/2013 - 11:56:11 | N | 163222] F:\DSC_0003.jpg
[05/02/2013 - 15:43:30 | N | 152916] F:\DSC_71481.jpg
[03/05/2013 - 19:20:12 | N | 572423] F:\EligibilityLetter.pdf
[03/12/2012 - 19:32:59 | N | 429177] F:\Experience 2.jpg
[16/04/2013 - 19:17:02 | N | 0] F:\hasho.docx
[05/02/2013 - 04:00:26 | N | 28174] F:\Higher Education Commission Pakistan.htm
[06/10/2012 - 09:37:05 | D ] F:\Higher Education Commission Pakistan_files
[10/05/2013 - 10:02:29 | D ] F:\House pics
[26/03/2013 - 19:04:11 | N | 924959] F:\Ibrahim PP scan.JPG
[08/11/2010 - 12:38:08 | N | 3323213] F:\In the line of fire.pdf
[06/05/2013 - 21:17:45 | N | 76829] F:\Iram NICOP 1.jpg
[06/05/2013 - 21:22:05 | N | 163565] F:\Iram Nicop.docx
[06/05/2013 - 21:18:37 | N | 75765] F:\Iram Nicop.jpg
[30/09/2012 - 14:54:59 | D ] F:\islamic folder
[01/12/2012 - 18:40:42 | N | 340861] F:\KESCBillnov12(1).pdf
[01/12/2012 - 18:44:03 | N | 340919] F:\KESCBillnov12(2).pdf
[04/12/2012 - 20:53:52 | N | 55296] F:\LetterofAuthorization.doc
[07/10/2012 - 00:26:41 | D ] F:\Lifescience
[07/05/2013 - 18:01:49 | D ] F:\Mail backup 7-5-13
[25/04/2013 - 07:00:03 | D ] F:\Music
[04/02/2013 - 12:53:00 | N | 395131] F:\NIC copy amir.docx
[16/08/2011 - 16:42:18 | N | 395131] F:\NIC.docx
[04/10/2012 - 13:10:10 | D ] F:\Novartis1
[17/11/2012 - 13:57:47 | N | 744448] F:\OE settings.doc
[15/02/2013 - 09:00:25 | N | 767] F:\pass.txt
[02/05/2013 - 15:55:30 | N | 152916] F:\Passport size pic.jpg
[05/02/2013 - 15:44:15 | D ] F:\pp
[04/05/2013 - 11:37:32 | N | 339906] F:\PP amir.JPG
[26/03/2013 - 19:06:09 | N | 312290] F:\PP slip1 qasim.JPG
[15/04/2013 - 11:56:11 | N | 163222] F:\qaju.jpg
[26/03/2013 - 19:11:46 | N | 1045936] F:\Qasim Birth Certificate.JPG
[22/11/2012 - 11:06:07 | D ] F:\Resume full
[30/09/2012 - 15:00:47 | N | 59904] F:\Resume.doc
[22/05/2012 - 13:13:52 | N | 542045] F:\scan0001.pdf
[25/07/2012 - 22:46:24 | N | 1575332] F:\scan0004.jpg
[25/07/2012 - 22:46:54 | N | 2008308] F:\scan0005.jpg
[25/07/2012 - 22:47:00 | N | 1283642] F:\scan0006.jpg
[24/04/2013 - 22:53:00 | SHD ] F:\System Volume Information
[30/09/2012 - 14:49:49 | D ] F:\usb update
[26/03/2013 - 19:13:47 | N | 800278] F:\Vero,Ibbi,Hasnain NICOP side 1.JPG
[26/03/2013 - 19:14:37 | N | 606549] F:\Vero,Ibbi,Hasnain NICOP side 2.JPG
[06/05/2013 - 21:18:37 | D ] F:\[Originals]

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ |
8
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2821 users have said thank you to us this month

Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Hello,

Try this 1

1) First Disable the "Autorun" feature. Click on the below hyperlink "Fix" and

follow the instructions

Fix

Since you are using Windows 7, right-click on it and select the option "Run as

administrator".

2) Click on the below link and download the file "AutorunExterminator"

https://ccm.net/download/download-11613-autorun-exterminator

[Note : Make sure Dot Net Framework is installed in your PC to install the

"AutorunExterminator" OR

Click on the below link and download the Dot Net Framework

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19]

Extract it --> Double-click on "AutorunExterminator" --> Plug your pen drive

drive now.

This will remove the autorun.inf files from your pen drive and also from

drives.

3) After that, download the Malwarebytes' Anti-Malware from the below link

https://ccm.net/download/download-105-malwarebytes

Update it --> Perform "Full Scan"

If the problem still exists then click on the below link and follow the instructions

given under "Diagnosis"

http://ccm.net/faq/24698-zhpdiag

Good Luck