hello!
my computer seems to be affected by some malwarej(thts what mcfee says...)which cannot be deleted , quatranied...
because of it i cannot open mozilla firefox,(it gives the message "try some other, IE and Opera are not so Bad -SAM-")
nor can i CTRL ALT DEL (that gives the message "whats wrong with the processes???-SAM-") and when i try to login thru yahoo messenger, it restarts loggin in by the name "HAPPY SANKRANTI/PONGAL 2008 http://crackspider.net"...
thanks in advance!!

also the virus or whatever it is isnt allowing me to acess orkut!!!!!
guys please help me remove this crap from my computer...even my memory stick(digital camera) and pen drive are affected...how do i remove it from them???

i scaned my computer using malwarebytes anti-malware but no objects were found...

loverboy_muks@yahoo.co.in

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download SuperAntiSpyware from the following link to your desktop:

SuperAntiSpyware

1. Open SuperAntiSpware from its icon and install and Update it
2. Under Scanner Options make sure the following are checked (leave all others unchecked):
3. Close browsers before scanning.
4. Scan for tracking cookies.
5. Terminate memory threats before quarantining.
6. Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Now Scan with SuperAntiSpyware
1. Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
2. Perform a Complete scan. After scan,Verify they are all checked.
3. Click OK on the summary screen to quarantine all found items.
4. If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
1. Click Preferences, then click the Statistics/Logs tab.
2. Under Scanner Logs, double-click SuperAntiSpyware Scan Log.
3. If there are several logs, click the current dated log and press View log.
4. A text file will open in your default text editor.
5. Please copy and paste the Scan Log results in your next reply.
6. Click Close to exit the program.

thanks for replying....m getting crazier day by day...this is my hijack log.:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:06 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Config\system.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MUKUL\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Policies\Explorer\Run: [winlogon] C:\Config\system.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BCAEE08-6121-4203-AB86-47F5036ACE2A}: NameServer = 218.248.240.46,218.248.240.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{C68DDBA7-CF46-4EEB-99E4-336D344A70E3}: NameServer = 218.248.255.146 218.248.255.139
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 4829 bytes

and the SUPER antispamware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/03/2008 at 07:41 PM

Application Version : 4.20.1046

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 00:33:52

Memory items scanned : 197
Memory threats detected : 0
Registry items scanned : 4343
Registry threats detected : 0
File items scanned : 10216
File threats detected : 11

Adware.Tracking Cookie
C:\Documents and Settings\MUKUL\Cookies\mukul@ad.yieldmanager[1].txt
C:\Documents and Settings\MUKUL\Cookies\mukul@advertising[1].txt
C:\Documents and Settings\MUKUL\Cookies\mukul@doubleclick[2].txt
C:\Documents and Settings\MUKUL\Cookies\mukul@revsci[1].txt
C:\Documents and Settings\MUKUL\Cookies\mukul@zedo[2].txt
C:\Documents and Settings\MUKUL\Cookies\mukul@tribalfusion[1].txt
C:\Documents and Settings\MUKUL\Cookies\mukul@adserver[1].txt
C:\Documents and Settings\MUKUL\Cookies\mukul@xiti[1].txt

Adware.Starware
D:\SYSTEM VOLUME INFORMATION\_RESTORE{3BE493F4-CC94-4923-91A8-0935EE1D27EC}\RP37\A0078129.EXE

Trojan.VXGame-Variant/D
D:\NEW DOWNLOADS\YARD_SALE_JUNKIE-SEDA\YARD SALE JUNKIE KEYGENS\ALL.REFLEXIVE.ARCADE.GAMES.V2.0_CRK-FFF\FFF-REFLEXV2.EXE
D:\NEW DOWNLOADS\YARD_SALE_JUNKIE-SEDA\YARD SALE JUNKIE KEYGENS\REFLEXIVE.ARCADE.GAMES.UNIVERSAL.KEYGEN-TSRH.EXE

loverboy_muks@yahoo.co.in

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline, turn off your McAfee antivirus and any antispyware programs that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again.
4. Post the Combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

hi!
this is my combofix log...
ComboFix 08-09-03.03 - MUKUL 2008-09-04 12:25:20.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.62 [GMT 5.5:30]
Running from: C:\Documents and Settings\MUKUL\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\system.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

2008-09-03 18:54 . 2008-09-03 18:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-03 18:54 . 2008-09-03 18:54 <DIR> d-------- C:\Documents and Settings\MUKUL\Application Data\SUPERAntiSpyware.com
2008-09-03 18:54 . 2008-09-03 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-03 18:53 . 2008-09-03 18:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 18:45 . 2008-09-04 12:21 2,610 --a------ C:\WINDOWS\system32\Config.MPF
2008-09-03 18:39 . 2008-09-03 18:39 <DIR> d--hs---- C:\FOUND.000
2008-09-03 00:34 . 2008-09-03 00:34 <DIR> dr-hs---- C:\Config
2008-09-03 00:33 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-09-03 00:33 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-03 00:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-03 00:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-03 00:33 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-09-03 00:33 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-09-03 00:33 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-09-03 00:02 . 2008-09-03 00:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-03 00:01 . 2008-09-03 00:01 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-02 23:45 . 2008-09-02 23:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-02 23:44 . 2008-09-02 23:44 <DIR> d--hs---- C:\Recycled
2008-09-02 23:43 . 2008-09-02 23:43 <DIR> d---s---- C:\Documents and Settings\MUKUL\UserData
2008-09-02 23:29 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-09-02 23:28 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-09-02 23:28 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-02 23:28 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-09-02 23:28 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-09-02 23:28 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-09-02 23:28 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-02 23:27 . 2008-09-02 23:27 <DIR> d-------- C:\Program Files\McAfee.com
2008-09-02 23:27 . 2008-09-02 23:27 <DIR> d-------- C:\Program Files\McAfee
2008-09-02 23:27 . 2008-09-02 23:27 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-09-02 23:25 . 2008-09-02 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-21 33792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-05 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S3 slnt;Realtek RTL8139 Family PCI Fast Ethernet NIC;C:\WINDOWS\system32\DRIVERS\slnt.sys [2004-06-22 18004]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dddbca40-7921-11dd-949c-8e63abdacea9}]
\Shell\Auto\command - G:\system.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - G:\system.exe
\Shell\Open\command - G:\system.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Explorer_Run-winlogon - C:\Config\system.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\MUKUL\Application Data\Mozilla\Firefox\Profiles\dtzna7o6.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 12:29:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-04 12:31:35
ComboFix-quarantined-files.txt 2008-09-04 07:01:30

Pre-Run: 7,507,394,560 bytes free
Post-Run: 7,522,770,944 bytes free

115
-----------------------
well could you please tell me how do i erase this virus from my memory stick??? will formatting it be ok??
but if i format it, do i do it from some other (uninfected) comp or will mine be ok??

loverboy_muks@yahoo.co.in

Please download the OTMoveIt2 by OldTimer and save it to your desktop.

1. Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
2. Copy the lines between the X's below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

G:\system.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

4. Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
5. Click the red Moveit! button.
6. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
6. Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL,Registry Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dddbca40-7921-11dd-949c-8e63abdacea9}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

well sir,
the instructions u've given weren't followed...because, the "G:/system.exe" was told to be removed, and "G" is my removable drive(its the memory stick of camera as well as my pen drive..(both represented by 'G'))
so i wanted to ask that weather i put it on and then follow ur instructions?? and by running combofix, my comp seems to be up again!! i din do nething...(as you told not to play wid it)..but still i want to remove it from my pendrive and mem stick...
could you also please tell me weather connecting the mem stick or pendrive AGAIN infect my computer???
thanks a lot!
regards!

loverboy_muks@yahoo.co.in

Let try it differently then. Go tp the following link and run Flash-Disinfector by Subs. It should only get the baddies

Flash-Disinfector-by-subs

Then empty the restore folder, run AFT Cleaner and post the Kaspersky log. Have your pen drive in the computer when Kaspersky runs it scan.

which restore folder?? the system restore in the other drive???

loverboy_muks@yahoo.co.in

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

If you have serveal drives they should be listed. Follow the procedure for each drive.

does flash drive data also gets stored into it?? i never knew!!
ok..will do so...and soon post...thanks a tonne!!

loverboy_muks@yahoo.co.in

thanks a lot....
my virus is gone!!!!
love you guys!!!

loverboy_muks@yahoo.co.in

Glad we could help.