The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

I have virus on my system (Ahsan's )... please help ... log file attached

Posted 4/3/2008 12:04 PM
#61118
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
I have virus on my system (Ahsan's )... please help ... log file attached .. it disabled ... control pannel , run option , & converted my computer to ahsan's computer , my documents to ahsan's document etc...



regards - n - thanks

Sumit Lama
Post attachments:
Posted 4/3/2008 12:53 PM
#61121
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:





Click here - ->> Before posting a log





After You have run the scan tools -



Reboot normally



Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic





NB. Don´t attach the log´s

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/3/2008 6:49 PM
#61138
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
thanks a - lot ... :jumpin:


my problem is solved run , control pannel etc is back ... but my documents , my network places are still to be renamed ... please advice me whqat do next ... what to do with the combofix log file ... shall i post here or all is done ?



sooooooo many regards - n - thanks :hop:



Sumit Lama ...
Posted 4/5/2008 5:24 AM
#61169
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Yes, post Hijackthis log along with SuperAntiSpyware log, C: combofix TXT in this topic

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/8/2008 4:32 PM
#61259
User avatar

salim Member

Date Joined Nov 2016
Total Posts: 3
here is simple temporary solution to solve this problem

open registry

current user

software

microsoft

windows

current version

polices

explorer

and delete all entries which show on right side

restart machine & enjoy


Thanks to QH
Posted 4/8/2008 7:17 PM
#61262
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
hi


i already said sorry for a new thread to the mod assigned for me ... https://www.bullguard.com/forum/9/Logs-_61236.html



i ma new to this forum ... if i will have to post here only then please check this ....
Post attachments:
Posted 4/9/2008 7:52 AM
#61282
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download Malwarebytes' Anti-Malware to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch



Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.





Copy and Paste that log into your next reply along with new combofix log





Don´t attach the log´s

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/10/2008 2:25 PM
#61314
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
please check this ... & reply ...




ComboFix 08-04-03.2 - Administrator 2008-04-10 6:57:03.2 - [color=red]FAT32[/color]x86
Running from: E:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Resident AV is active


[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 05:01 . 2008-04-09 05:01 <DIR> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-04-09 05:01 . 2008-04-09 05:01 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-09 05:01 . 2008-04-09 05:01 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-09 00:51 . 2008-04-09 00:51 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\MyStartButton
2008-04-09 00:50 . 2008-04-09 00:50 <DIR> d-------- E:\Program Files\EKOSSoft
2008-04-08 16:58 . 2008-04-08 16:58 <DIR> d-------- E:\Program Files\Safari
2008-04-08 16:54 . 2008-04-10 06:53 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-04-08 16:54 . 2008-04-08 16:55 1,409 --a------ E:\WINDOWS\QTFont.for
2008-04-08 16:53 . 2008-04-08 16:53 <DIR> d-------- E:\Program Files\iPod
2008-04-08 16:52 . 2008-04-08 16:52 <DIR> d-------- E:\Program Files\iTunes
2008-04-08 16:51 . 2008-04-08 16:51 <DIR> d-------- E:\Program Files\Common Files\Apple
2008-04-08 16:39 . 2008-04-08 16:39 <DIR> d-------- E:\Program Files\QuickTime
2008-04-08 16:38 . 2008-04-08 16:38 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-08 11:49 . 2008-04-08 11:49 5,074 --a------ E:\ComboFix.rar
2008-04-07 11:40 . 2008-04-07 11:40 <DIR> d--hs---- E:\FOUND.002
2008-04-06 15:00 . 2008-04-06 15:00 <DIR> d--hs---- E:\WINDOWS\ftpcache
2008-04-06 14:54 . 2008-04-06 14:54 <DIR> d-------- E:\Program Files\Pixwares
2008-04-06 14:54 . 2008-04-06 14:55 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Pixwares
2008-04-06 14:28 . 2008-04-06 14:28 <DIR> d--hs---- E:\FOUND.001
2008-04-04 00:09 . 2008-04-04 00:09 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-03 22:46 . 2008-04-03 22:46 1,131 --a------ E:\http___storage_conduit_com_72_44_CT441572_Messages_xml97456_xml.xml
2008-04-03 22:46 . 2008-04-03 22:46 645 --a------ E:\http___storage_conduit_com_72_44_CT441572_Messages_xml97456_xml_structured.xml
2008-04-03 14:44 . 2008-04-03 14:44 <DIR> d-------- E:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-03 14:43 . 2008-04-03 14:43 <DIR> d-------- E:\Program Files\MobiMB Mobile Media Browser
2008-04-03 13:10 . 2008-04-03 13:10 <DIR> d-------- E:\WINDOWS\system32\NtmsData
2008-04-03 13:02 . 2008-04-03 13:02 <DIR> d--h----- E:\WINDOWS\system32\GroupPolicy
2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\AVG7
2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-03 12:06 . 2008-04-03 12:06 <DIR> d--hs---- E:\FOUND.000
2008-04-02 00:11 . 2008-02-25 08:13 <DIR> d-------- E:\Program Files\China Mobile Hardware v1.1
2008-04-01 22:45 . 2008-04-01 22:45 <DIR> d-------- E:\Program Files\Gsmminds_Tool_Bar_By_Azampk
2008-03-30 13:42 . 2008-03-30 13:42 <DIR> d-------- E:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-29 22:22 . 2008-03-29 22:22 <DIR> d-------- E:\Program Files\Everstrike Software
2008-03-29 22:22 . 2008-03-29 22:22 <DIR> d-------- E:\Program Files\Common Files\Everstrike Software
2008-03-29 11:59 . 2007-07-30 19:19 271,224 --a------ E:\WINDOWS\system32\mucltui.dll
2008-03-29 11:59 . 2007-07-30 19:19 207,736 --a------ E:\WINDOWS\system32\muweb.dll
2008-03-29 11:59 . 2007-07-30 19:19 30,072 --a------ E:\WINDOWS\system32\mucltui.dll.mui
2008-03-29 00:39 . 2007-10-17 13:53 43,816 --a------ E:\WINDOWS\system32\drivers\fssfltr.sys
2008-03-29 00:37 . 2008-03-29 00:37 <DIR> d-------- E:\Program Files\Windows Live Favorites
2008-03-29 00:27 . 2006-11-29 13:06 3,426,072 --a------ E:\WINDOWS\system32\d3dx9_32.dll
2008-03-29 00:24 . 2008-03-29 00:24 <DIR> d-------- E:\Program Files\Microsoft SQL Server Compact Edition
2008-03-29 00:11 . 2008-03-29 00:11 <DIR> d-------- E:\Program Files\Windows Live
2008-03-29 00:11 . 2008-03-29 00:11 <DIR> d--hs---- E:\Program Files\Common Files\WindowsLiveInstaller
2008-03-29 00:10 . 2008-03-29 00:10 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ E:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ E:\WINDOWS\system32\QuickTime.qts
2008-03-24 22:29 . 2004-04-05 22:37 47,393 --------- E:\WINDOWS\NuNinst.cfg
2008-03-24 22:28 . 2008-03-24 22:28 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Ahead
2008-03-24 22:05 . 2001-07-06 18:11 569,344 -ra------ E:\WINDOWS\system32\imagr5.dll
2008-03-24 22:05 . 2001-07-06 16:14 544,768 -ra------ E:\WINDOWS\system32\imagx5.dll
2008-03-24 22:05 . 2001-07-06 21:54 283,920 -ra------ E:\WINDOWS\system32\ImagXpr5.dll
2008-03-24 18:59 . 2008-03-24 18:59 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\InstallShield
2008-03-23 20:26 . 2008-03-23 20:26 <DIR> d-------- E:\Game
2008-03-23 17:17 . 2003-01-30 06:04 1,500,160 --a------ E:\WINDOWS\system32\cc3260mt.dll
2008-03-23 17:17 . 2004-08-18 12:34 442,368 --a------ E:\WINDOWS\system32\vp6vfw.dll
2008-03-23 17:17 . 2004-08-06 13:49 265,785 --a------ E:\WINDOWS\system32\pixomatic.dll
2008-03-23 17:17 . 2004-01-06 10:43 188,416 --a------ E:\WINDOWS\system32\eax.dll
2008-03-23 17:17 . 2004-10-18 14:04 161,280 --a------ E:\WINDOWS\system32\fmod.dll
2008-03-23 17:17 . 2002-02-01 07:00 22,016 --a------ E:\WINDOWS\system32\borlndmm.dll
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Kingston
2008-03-20 20:12 . 2008-03-20 20:12 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-20 20:07 . 2008-03-20 20:07 <DIR> d-------- E:\Program Files\Apple Software Update
2008-03-20 20:07 . 2008-03-20 20:07 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Apple
2008-03-17 11:21 . 2007-02-22 10:15 137,216 --a------ E:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-17 11:21 . 2007-02-22 10:15 65,536 --a------ E:\WINDOWS\system32\nmwcdcocls.dll
2008-03-17 11:21 . 2007-02-22 10:15 12,288 --a------ E:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-03-17 11:21 . 2007-02-22 10:15 8,320 --a------ E:\WINDOWS\system32\drivers\nmwcdc.sys
2008-03-17 10:18 . 2008-03-17 10:18 <DIR> d-------- E:\Program Files\backupdrivers
2008-03-17 10:18 . 2008-03-17 10:18 21,888 --a------ E:\WINDOWS\system32\drivers\eps2kt1.sys
2008-03-17 10:18 . 2008-03-17 10:18 12,800 --a------ E:\WINDOWS\system32\drivers\smccard.sys
2008-03-17 10:18 . 2008-03-17 10:18 4,608 --a------ E:\WINDOWS\system32\R5CoInst.dll
2008-03-17 10:17 . 2008-03-17 10:17 <DIR> d-------- E:\Program Files\Software Installation Information
2008-03-17 10:17 . 2008-03-17 10:17 23,312 --a------ E:\WINDOWS\system32\_shfoldr.dll
2008-03-17 10:13 . 2007-10-06 11:36 47,744 --a------ E:\WINDOWS\system32\drivers\vserial.sys
2008-03-17 10:13 . 2007-10-06 11:35 15,264 --a------ E:\WINDOWS\system32\drivers\vsb.sys
2008-03-12 20:01 . 2008-03-12 20:01 <DIR> d-------- E:\Program Files\YahooFriend
2008-03-11 22:04 . 2008-03-11 22:04 <DIR> d-------- E:\Program Files\Cable Finder
2008-03-11 22:04 . 2000-07-15 00:00 101,888 --a------ E:\WINDOWS\system32\VB6STKIT.DLL
2008-03-11 19:24 . 2008-03-11 19:24 38 --a------ E:\WINDOWS\SYMGAMES.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 00:12 81,920 ----a-w E:\WINDOWS\system32\UFS2XX.DLL
2008-04-10 00:12 34,639 ----a-w E:\WINDOWS\system32\drivers\UFS2XX.SYS
2008-04-09 04:58 32 --sha-w E:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-09 04:58 32 --sha-w E:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-09 04:58 32 --sha-w E:\WINDOWS\system32\drivers\fidbox.idx
2008-04-09 04:58 32 --sha-w E:\WINDOWS\system32\drivers\fidbox.dat
2008-03-09 11:09 --------- d-----w E:\Program Files\Mayoko
2008-03-08 13:34 --------- d-----w E:\Program Files\Windows Media Connect 2
2008-03-03 11:52 33,824 ----a-w E:\WINDOWS\system32\drivers\oreans32.sys
2008-03-03 11:51 --------- d-----w E:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 09:13 --------- d-----w E:\Program Files\WIDCOMM
2008-02-24 15:47 --------- d-----w E:\Program Files\Rockstar Games
2008-02-22 09:07 91,700 ----a-w E:\WINDOWS\system32\drivers\klin.dat
2008-02-22 09:07 85,860 ----a-w E:\WINDOWS\system32\drivers\klick.dat
2008-02-22 08:06 --------- d-----w E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 14:07 --------- d-----w E:\Program Files\Cruiser Suite
2008-02-20 10:45 11,752,533 ----a-w E:\Program Files\Zuma Deluxe.rar
2008-02-18 11:46 --------- d-----w E:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-18 11:46 --------- d-----w E:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2008-02-18 11:46 --------- d-----w E:\Documents and Settings\LocalService\Application Data\ICQ Toolbar
2008-02-12 13:12 --------- d-----w E:\Program Files\s'e jumpert
2008-02-10 07:09 2,071,667 ----a-w E:\Program Files\GSM Tricks.rar
2008-02-01 05:41 586,240 ----a-w E:\WINDOWS\WLXPGSS.SCR
2008-01-29 06:32 107,368 ----a-w E:\WINDOWS\system32\GEARAspi.dll
2008-01-11 05:53 44,544 ------w E:\WINDOWS\system32\dllcache\pngfilt.dll
2007-03-13 10:43 2,397 ----a-w E:\Program Files\SWI.XML
2007-03-12 11:08 176 ----a-w E:\Documents and Settings\Program Files\license.dat
2007-02-27 12:55 94,208 ----a-w E:\Documents and Settings\Program Files\Setup.exe
2005-10-13 15:57 422,400 --sha-r E:\WINDOWS\x2.64.exe
2005-05-13 11:42 217,073 --sha-r E:\WINDOWS\meta4.exe
2005-10-24 05:43 66,560 --sha-r E:\WINDOWS\MOTA113.exe
2005-06-26 10:02 616,448 --sha-r E:\WINDOWS\system32\cygwin1.dll
2005-06-21 17:07 45,568 --sha-r E:\WINDOWS\system32\cygz.dll
2005-10-07 13:44 308,224 --sha-r E:\WINDOWS\system32\avisynth.dll
2004-01-24 18:30 70,656 --sha-r E:\WINDOWS\system32\i420vfw.dll
2004-01-24 18:30 70,656 --sha-r E:\WINDOWS\system32\yv12vfw.dll
2005-02-28 07:46 240,128 --sha-r E:\WINDOWS\system32\x.264.exe
2005-07-14 07:01 27,648 --sha-r E:\WINDOWS\system32\AVSredirect.dll
2006-04-27 04:54 2,945,024 --sha-r E:\WINDOWS\system32\Smab.dll
.

((((((((((((((((((((((((((((( [url=snapshot@2008-04-04]snapshot@2008-04-04[/url]_ 0.02.03.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-08 11:25:00 102,400 ----a-r E:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-04-08 11:28:58 307,200 ----a-r E:\WINDOWS\Installer\{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}\SafariIco.exe
- 2008-04-03 08:23:20 16,384 ----a-w E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-08 05:50:46 16,384 ----a-w E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-03 08:23:20 32,768 ----a-w E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-08 05:50:46 32,768 ----a-w E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-03 08:23:20 32,768 ----a-w E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-08 05:50:46 32,768 ----a-w E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-29 06:31:28 16,168 ----a-w E:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-02-18 05:46:24 30,464 ----a-w E:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
+ 2005-09-07 19:11:54 31,452 ----a-w E:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\mtbox.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ E:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Yahoo! Pager"="E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WinClock"="E:\Program Files\Pixwares\WinClock\winclock.exe" [2005-07-12 01:03 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:20 155648]
"IgfxTray"="E:\WINDOWS\system32\igfxtray.exe" [2003-04-07 12:49 155648]
"HotKeysCmds"="E:\WINDOWS\system32\hkcmd.exe" [2003-04-07 12:37 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 06:23 54784 E:\WINDOWS\SOUNDMAN.EXE]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02 200768]
"fssui"="E:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-01 12:34 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"status"= present

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=E:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2003-04-07 12:37 114688 E:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 15:36 3144800 E:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2003-04-07 12:49 155648 E:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
--a------ 2008-03-05 22:00 19148408 E:\WINDOWS\system32\MRT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
E:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 15:20 155648 E:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2007-03-27 15:58 1744896 E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-07-02 17:10 23237416 E:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-04-25 06:23 54784 E:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TeamViewer"="E:\Program Files\TeamViewer\TeamViewer.exe" -servicehelper

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Messenger\\MSMSGS.EXE"=
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"E:\\Program Files\\ICQLite\\ICQLite.exe"=
"E:\\Program Files\\DynGate\\DynGate.exe"=
"E:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\ODIN\\DIET\\DietOdin.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\WINDOWS\\System32\\mmc.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bb80810-757b-11dc-be8a-00e02010219f}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a4ffd00-4977-11dc-a889-00e02010219f}]
\Shell\Auto\command - O:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a6bf808-95b8-11dc-beef-001320251be1}]
\Shell\Auto\command - K:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15552c9-f74f-11dc-8046-0080bd5e768c}]
\Shell\AutoRun\command - K:\DataTraveler101R.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 11:47:44 E:\WINDOWS\Tasks\1-Click Maintenance.job"
- E:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-08 10:55:04 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-10 01:10:04 E:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- E:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-04-10 07:20:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-10 7:21:43
ComboFix-quarantined-files.txt 2008-04-10 01:51:38
ComboFix2.txt 2008-04-03 18:34:56
Pre-Run: 3,609,477,120 bytes free
Post-Run: 3,560,308,736 bytes free
.
2008-03-30 08:12:50 --- E O F ---


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>



Malwarebytes' Anti-Malware 1.11
Database version: 603

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 174087
Time elapsed: 5 hour(s), 14 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7467507-dd40-4123-be49-7b7df5db80c6} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\{6780a29e-6a18-0c70-1dff-1610dde00108} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system\ext32inc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\WINDOWS\wincom27.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
E:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.






regards - n - thanks

sumit lama
Posted 4/12/2008 4:58 AM
#61378
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
hi


i ma still waiting for reply ... recycle bin is still named as G.W.Bush ...
Posted 4/12/2008 5:04 AM
#61379
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. Have you read this line in my last reply -


"
Don´t attach the log´s" ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/12/2008 12:16 PM
#61407
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
yes i do ... but can't understand ... i thought it is a one kind of signatures added ...


so the thing is done & edited also ... please advice me what to do now ...



regards - n - thanks

Sumit Lama
Posted 4/13/2008 8:26 AM
#61469
User avatar

salim Member

Date Joined Nov 2016
Total Posts: 3
plz sir follow my methid your problem will !00% solved
sallupatel2005@yahoo.com
salim
Posted 4/15/2008 4:12 AM
#61532
User avatar

worntilltorn Member

Date Joined Nov 2016
Total Posts: 1
cellclinic

how did u solve the problem? i'm facing the same issue
Posted 4/15/2008 10:45 AM
#61536
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
post is edited ... can i gets the reply ?


regards - n - thanks

sumit lama
Posted 4/17/2008 6:12 AM
#61601
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
thanks mod for ur assistance ... i think no more assistance i can get from here ( mod got angry ... i think :idea: )


no probs virus is almost removed ... thanks once again for the great suppot ...



regards - n - thanks

sumit lama
Posted 4/17/2008 6:18 AM
#61602
User avatar

salim Member

Date Joined Nov 2016
Total Posts: 3
why cell clinic does not consider my method to solve his problem
Thanks
salim
Posted 4/21/2008 6:16 AM
#61746
User avatar

KKR Member

Date Joined Nov 2016
Total Posts: 2
Hi salim,




It is not allowing me to to the regedit.. so what to do....?




KKR



"salim" wrote:
why cell clinic does not consider my method to solve his problem
Thanks
salim
Posted 4/23/2008 7:45 PM
#61828
User avatar

bellow Member

Date Joined Nov 2016
Total Posts: 1
thank you i got rid of AHSAN but still the problem prevails now i am not able to access my drives i don't know which virus is doing this
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, October 8, 2022, 12:55 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
192 Guest(s), 0 Registered Member(s) are currently online.