Hi, I searched on google and found out that this site may provide me solution to my virus problem.

I have this symantec Anitvirus software it keeps on telling me there is a "tavo0.dll" in system32 folder is infected. and when i try to have it fix via my antivirus software it just keeps on coming back each reboot.

but i saw a few posts regarding this problem, I need to post a log of Hijackthis, and a log from Combofix right?

here is the log i attained from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:44 AM, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\David\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776066640
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe

--
End of file - 11302 bytes




but i saw a few posts regarding this problem, I need to post a log of Hijackthis, and a log from Combofix right?
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)


Until a helper responds, the HJT log has not been analysed. Please wait to be advised and don't run fixes until asked.

sry admins/volunteers...

i'll go through the standard procedures now... I'll make reply again the instructions given in the "before you post" doesn't help...

Thanks

sry admins/volunteers...

i'll go through the standard procedures now... I'll make reply again the instructions given in the "before you post" doesn't help...

Thanks

David ... what do you mean ...the instructions given in the "before you post" doesn't help...

It helps us to help you if you run programs in a certain order, so we have your hijackthis log, I would like to see a KASPERSKY on-line scan log (from the link tashi gave you) before you run anything else, then most probably I will ask you for a Combofix log, but I don't want you to run Combofix first ... if however you have already run it, please post the log ... I must see the log from the first run of Combofix.

steam

lol sry, i didn't see review my sentences before posting...

i meant "IF the instruction given.... doesn't help", wow that sentence without that if make a big difference.

so i ran the KASPERSKY, before Spybot... and then i ran Spybot as instructed....

I'm just curious as to why do u guys want the KASPERSKY log before Spybot is ran... neway... here is the log:

Thursday, March 20, 2008 9:58:55 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/03/2008
Kaspersky Anti-Virus database records: 581547


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 58273
Number of viruses found 4
Number of infected objects 30
Number of suspicious objects 0
Duration of the scan process 00:57:47

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\taskman32.exe Infected: Backdoor.Win32.Hupigon.bfgo skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped

C:\WINDOWS\Temp\sqlite_tEmM1ouEZ7L1y4m Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{7B868533-8F69-4FEA-B2A9-F2E2180C1C82}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2FF69CAC-2EC3-4A90-8346-04109BF76A81}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940000.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940001\4F943CF1.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B9C0000\4FDDBF18.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN Infected: Trojan-PSW.Win32.OnLineGames.rui skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0007\4FFDF4F3.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\All Users\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\David\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\David\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\Perflib_Perfdata_73c.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\Perflib_Perfdata_125c.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Acer Arcade\Log\Trace20080320.log Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\XUL.mfl Object is locked skipped

C:\Documents and Settings\David\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\parent.lock Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\cert8.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\key3.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\history.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\search.sqlite Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Guest\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Guest\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-03-20.01-29-28.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0375NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0452NAV~.TMP Object is locked skipped

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\change.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\change.log Object is locked skipped

Scan process completed.

Thanks alot... and umm, i tried to ran the Combofix yesterday, right after HJT, while the HJT worked fined, but the combofix did not generate a log for me after a while. so i have checked the process that might have stalled it but found none mentioned was running... i dunno why still.. so i'm gonna try to run Combofix again right now, i hope it works.

damn it, the combo fix just doesn't work for me, the first few times i ran it, there appears nothing but blue screen and a "." for the title of the windows......

and then, i just check out some other post, i got this link to Combofix's tutorial.... I followed it, and i downloaded this windows recovery point program, i dragged the thing (the right version for my pc) to combo fix, and at the windows when it says "auto scan" i thought it would go through a scan, but, it didn't

it just told me that i couldn't find some .dat file and it doesn't go on anymore. so i just closed the windows... i didn't excatly get the name of the .dat file...

so afterward, i rebooted my computer and made server attempt to run that thing again, including re-doing the windows recovery installment file to combofix... it didn't work...

HI

I'll try & find out what the problem is with Combofix ...

Go here to run an online scan from ESET.

http://www.eset.eu/online-scanner

Note: You will need to use Internet explorer for this scan

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is checkmarked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Copy and paste the log into your next reply

THEN ...

Perform an online scan with Internet Explorer with
http://www.pandasoftware.com/products/activescan.htm
Panda ActiveScan Click on scanyourpc located at the bottom of the page. A pop up window will appear. Please ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Free Online Scan *The download of the 8 MB Panda's ActiveX control will take place*Begin the scan by selecting mycomputer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on see report then click save report

Turn off the real time scanner of any existing antivirus program while performing the online scan.

Please post the Panda log scan.

THEN ...

Please run this on-line scan :-

http://www.bitdefender.com/scan8/ie.html

Scan the whole computer & let it Disinfect/delete all it finds ...

copy & paste here its report here please.

steam

here is hte eset antivirus scan result:

one thing though, this is the second time that i scanned the computer with this program. The first time it went through, i saw it says it has detected 12 infected files, but half way through the scan, my computer over heated and shut down on its own, and when i then turn on the computer again, my original anti virus software, Symantec Antivirus version 7.5, told me that i has detected 12 trojan viruses and forced me to clean them up. so here is the result after the symantec antivirus cleaned those up.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2967 (20080321)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=084cb47b0beb1a4e9972f1ec41ed60cd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-22 11:52:08
# local_time=2008-03-22 07:52:08 )
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=333887
# found=0
# scan_time=1840

here is the scanned result of the panda anti virus...


Incident Status Location

Adware:adware/sbsoft Not disinfected Windows Registry
Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\David\桌面\ComboFix.exe[327882R2FWJFW\pv.cfexe]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Cookies\david@overture[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\David\Cookies\david@fastclick[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Cookies\david@atdmt[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\David\Cookies\david@linksynergy[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\David\Cookies\david@cgi-bin[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\David\Cookies\david@com[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Cookies\david@advertising[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Cookies\david@realmedia[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\David\Cookies\david@i.screensavers[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Cookies\david@advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Cookies\david@tribalfusion[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Cookies\david@server.iad.liveperson[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adserver.easyad.info/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adultfriendfinder.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.azjmp.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[server.iad.liveperson.net/hc/56294818]
Virus:Trj/Bancos.RQ Disinfected C:\ComboFix(2)\pv.cfexe
lol, it says the combofix is infected =.=

here is the result from bit defener..

well, the scans are done for now, thanks alot for the help, i can't wait till u guys fixes the virus for me or.... not :bigthumb:



BitDefender Online Scanner
Scan report generated at: Sat, Mar 22, 2008 - 22:15:11
Scan path: C:\;D:\;E:\;F:\;

Statistics

Time 00:34:38
Files 270449
Folders 5237
Boot Sectors 4
Archives 7100
Packed Files 13737

Results
Identified Viruses 9
Infected Files 104
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 161

Engines Info
Virus Definitions
1021790
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 16
Archive plugins 41
Unpack plugins 7
E-mail plugins 6
System plugins 5

Scan Settings
First Action: Disinfect
Second Action: Delete
Heuristics: Yes
Enable Warnings: Yes
Scanned Extensions: *;
Exclude Extensions
Scan Emails Yes
Scan Archives: Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File: Status


okay, damn it, i keep on getting this message when i try to post the result:

"The text that you have entered is too long (46682 characters). Please shorten it to 20000 characters long.
"

umm.... after the bit defender, i seems to have get rid of all my virus problems.. but now i can't access to my either two main hard drives by double clicking on them...

it, when i go to my computer, and double click on drive c:\, it will tell me that it can't find a program to execute the drive, and the same thing with my d:\ drive.

it can however access to every single file path on the computer by entering their addresses.. i.e. in the internet explorer window, i can type c:\program file, and i'll be lead to the program file foler.... and from the program file if i wanna to to c:\ drive i have to use the "go up a level" button on the function panels.

all, in all, the new problem that i'm having right now is, i can't get to any root drives directly, either by douleing clicking on the icon, or entering address of the root drive in internet explorer.

(i suspect that one of them program filed to disinfect the file, and actually deleted something from windows OS)

Thanks alot:laugh:

Hi



okay, damn it, i keep on getting this message when i try to post the result:

"The text that you have entered is too long (46682 characters). Please shorten it to 20000 characters long.


Split the BitDefender log into 3 parts & make 3 separate posts ... I really would like to see that log ...

RE: your drives ...



Thanks alot


I hope you weren't being sarcastic with me by saying that ...

Any unforeseen things can happen when removing malware ...

However NOTHING has been deleted from your Windows O/S, it appears you have/had a flashdrive infection (you have an infected flashdrive somewhere) ... the problem is being caused by an autorun.inf in the root folders, most probably a rogue .vbs file as well ... if you can now get Combofix to run ... it will remove the infected files for you ... or there are other ways we can do it.

Delete the Combofix.exe file you have on your desktop ...

Please download Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.

No need to install the recovery console again, you only need to do that once ...

Just follow the directions below...

Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic. :-

http://www.bleepingcomputer.com/forums/topic114351.html

1. Double click on combofix.exe & follow the prompts.

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.


If you need to refer to the tutorial, it's here :-

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam

the three parts of the bit defender scan: part 1

C:\WINDOWS\system32\kavo0.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\WINDOWS\system32\kavo0.dll
Disinfection failed

C:\WINDOWS\system32\kavo0.dll
Delete failed

C:\WINDOWS\system32\kavo.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\WINDOWS\system32\kavo.exe
Disinfection failed

C:\WINDOWS\system32\kavo.exe
Deleted

C:\WINDOWS\system32\kavo1.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\WINDOWS\system32\kavo1.dll
Disinfection failed

C:\WINDOWS\system32\kavo1.dll
Deleted

C:\WINDOWS\Temp\4iv.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\WINDOWS\Temp\4iv.dll
Disinfection failed

C:\WINDOWS\Temp\4iv.dll
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.O

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40000\47FFE7AC.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.O

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40000\47FFE7AC.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40000\47FFE7AC.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40001\47FFE7B7.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.O

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40001\47FFE7B7.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40001\47FFE7B7.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40002\47FFE7C2.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.O

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40002\47FFE7C2.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40002\47FFE7C2.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F340000.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F340000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F340000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F2C0000\4FECA8FA.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F2C0000\4FECA8FA.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F2C0000\4FECA8FA.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17E80000\57E8A903.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17E80000\57E8A903.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17E80000\57E8A903.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140000\47F4A9FC.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140000\47F4A9FC.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140000\47F4A9FC.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13AC0000\57ECABF1.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13AC0000\57ECABF1.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13AC0000\57ECABF1.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40000.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000\4FE5F06F.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000\4FE5F06F.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000\4FE5F06F.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4FFDF26C.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4FFDF26C.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4FFDF26C.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0001\4FFDF278.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0001\4FFDF278.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0001\4FFDF278.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0002\4FFDF2CB.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0002\4FFDF2CB.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0002\4FFDF2CB.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0003\4FFDF313.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0003\4FFDF313.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0003\4FFDF313.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0004\4FFDF3E2.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0004\4FFDF3E2.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0004\4FFDF3E2.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0005\4FFDF48B.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0005\4FFDF48B.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0005\4FFDF48B.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0006\4FFDF4DD.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0006\4FFDF4DD.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0006\4FFDF4DD.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF40000\4FF5F6E2.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF40000\4FF5F6E2.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF40000\4FF5F6E2.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRE

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0001.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRE

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0002.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRE

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0002.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0003.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0003.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0003.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0004.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0004.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0004.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0005.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0005.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0005.VBN=>(Quarantine-PE)
Deleted

part two of the scan:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0006.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0006.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0006.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05180000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05180000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05180000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980000\47FB618B.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980000\47FB618B.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980000\47FB618B.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08180000\4FFB66D7.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08180000\4FFB66D7.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08180000\4FFB66D7.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02180000\47FB68A7.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02180000\47FB68A7.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02180000\47FB68A7.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940000\47F769FD.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940000\47F769FD.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940000\47F769FD.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940001\47F76A0E.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940001\47F76A0E.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940001\47F76A0E.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940002\47F76A3A.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940002\47F76A3A.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940002\47F76A3A.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0001.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140000\47F7E489.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140000\47F7E489.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140000\47F7E489.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140001\47F7E497.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140001\47F7E497.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140001\47F7E497.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000001.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000002.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000002.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440003.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440003.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440003.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440004.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440004.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440004.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440005.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440005.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440005.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440006.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440006.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440006.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440007.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440007.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440007.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440008.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440008.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440008.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440009.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440009.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440009.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000A.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000A.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000A.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000B.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000B.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000B.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BCN9TTKU\ubs[1].exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BCN9TTKU\ubs[1].exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BCN9TTKU\ubs[1].exe
Deleted

C:\Documents and Settings\David\Local Settings\Temp\cc.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\David\Local Settings\Temp\cc.exe
Disinfection failed

C:\Documents and Settings\David\Local Settings\Temp\cc.exe
Deleted

C:\Documents and Settings\David\Local Settings\Temp\4iv.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\David\Local Settings\Temp\4iv.dll
Disinfection failed

C:\Documents and Settings\David\Local Settings\Temp\4iv.dll
Deleted

C:\Documents and Settings\David\Local Settings\Temp\kpgzlk8c.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\David\Local Settings\Temp\kpgzlk8c.dll
Disinfection failed

C:\Documents and Settings\David\Local Settings\Temp\kpgzlk8c.dll
Deleted

C:\Documents and Settings\David\Local Settings\Temp\hyw7.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\David\Local Settings\Temp\hyw7.dll
Disinfection failed

C:\Documents and Settings\David\Local Settings\Temp\hyw7.dll
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021233.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021233.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021233.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021273.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021273.dll
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021273.dll
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021307.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021307.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021307.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021308.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021308.dll
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021308.dll
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021309.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021309.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021309.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021340.bat
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021340.bat
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021340.bat
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021344.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021344.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021344.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021435.DLL
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021435.DLL
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021435.DLL
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021448.bat
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021448.bat
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021448.bat
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021528.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021528.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021528.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021529.DLL
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021529.DLL
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021529.DLL
Deleted

and the part three of the scan:

D:\dyr2j6mv.exe
Infected with: Trojan.PWS.OnlineGames.SSC

D:\dyr2j6mv.exe
Disinfection failed

D:\dyr2j6mv.exe
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019234.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019234.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019234.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019273.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019273.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019273.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019294.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019294.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019294.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019314.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019314.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019314.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019333.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019333.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019333.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019354.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019354.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019354.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019381.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019381.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019381.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019401.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019401.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019401.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020400.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020400.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020400.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020423.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020423.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020423.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020493.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020493.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020493.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020551.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020551.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020551.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020625.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020625.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020678.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020678.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020912.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020912.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020934.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020934.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020954.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020954.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020975.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020975.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0021133.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0021133.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021235.exe
Infected with: Trojan.PWS.OnlineGames.SSC

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021235.exe
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021235.exe
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021342.bat
Infected with: Trojan.PWS.OnlineGames.SSC

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021342.bat
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021342.bat
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021409.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021409.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021409.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021410.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021410.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021450.bat
Infected with: Trojan.PWS.OnlineGames.SSC

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021450.bat
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021450.bat
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021530.exe
Infected with: Trojan.PWS.OnlineGames.SSC

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021530.exe
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021530.exe
Deleted

combofix jsut doesn't work, I've followed the instructions given by the firewall/antivirus disable guide, I've made sure that i got all the software disabled, but it still doesn't work.

when i'm trying to disable the spybot, i could not find tea-timer being listed in the system start up check list located in the advance option selection. questions: is my tea timer even running? i have a all default installation..

so i've gone to the extend of uninstalling spybot, to make sure that teatimer isn't running at all. still, the combofix doesn't work, all i see is a blue screen with nothing, absolutely nothing on it, and a "." for its windows title.....
(I've waited for more than 20 minutes)


and so, now i realize that my computer have some problem, now i press F8, it wouldn't go into the boot selection menu, i can't enter safe mode, and i can't get to c drive by double clicking on it....

i realized that i couldn't see the boot menu while trying to perform a scan with the re-installed spybot under safe mode. what happens is that no matter how fast i tap that f8 button, before the windows symbol screen, it would just go straight to normal booting, basicly ignored that F8 pressing... unlike before.

Hi

Please run this Flash_Disinfector tool by sUBs ...

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Just download the exe file and double click on it to run it...then follow instructions

A box will pop up telling you to plug in your flash drive and click OK to start the dis infection ... by the way if you try to cross the box of with the X in the corner ... it will run anyway ... after a few seconds a box will pop up saying "done"

-
When you have done that ... please download "Mountpoints Diagnostic.zip" by Mosaic1

http://www.help2go.com/index2.php?option=com_forum&Itemid=33&page=download&id=1450

Unzip it & Double click to run it. It will create a report named Diagnostic.txt. When finished, upload Diagnostic.txt in your next post ...

steam

Diagnostic Report
2008-03-25 11:23:53.84

Mountpoints > Drives subkeys:
------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567579ce-33dd-11d9-87df-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567579cf-33dd-11d9-87df-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567579d0-33dd-11d9-87df-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6c06b0-864f-11da-8881-97c2bce8c5e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
df,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,df,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,20,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6c06b0-864f-11da-8881-97c2bce8c5e9}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6c06b0-864f-11da-8881-97c2bce8c5e9}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6c06b0-864f-11da-8881-97c2bce8c5e9}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\GAME_EXE]
@="\\NWN2Launcher.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\GAME_GUID]
@="F20C1251-1D0A-4944-B2AE-678581B33B19"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\GAME_NAME]
@="Neverwinter Nights 2"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\_Autorun\DefaultIcon]
@="F:\\AUTORUN.ICO"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fa8ed5a-8642-11da-887b-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fa8ed5b-8642-11da-887b-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d4fa850-6461-11dc-a743-00130203c9e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,ee,5f,00,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,09,07,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d4fa851-6461-11dc-a743-00130203c9e9}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,09,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,06,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell]
@="Auto"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\Auto]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\Auto\command]
@="Ghost.pif"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\AutoRun]
"Extended"=""
@="????(&P)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b8738e-7277-11dc-a752-00130203c9e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b8738e-7277-11dc-a752-00130203c9e9}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b8738e-7277-11dc-a752-00130203c9e9}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b8738e-7277-11dc-a752-00130203c9e9}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d162-62c1-11dc-a73d-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d163-62c1-11dc-a73d-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d164-62c1-11dc-a73d-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,01,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,60,00,00,00,0c,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d164-62c1-11dc-a73d-806d6172696f}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d164-62c1-11dc-a73d-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\WIN\\vpplays.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~
No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

Files found on C:
autorun.inf


Contents of autorun.inf on C:
;2DK2S9wDL6Ls4iSiL9DldJikA1KA9K4Ko0aK984slDlkD3f7sjrdaf425a1as4fo31jjs8r252waC2kkaKqwaqs3d3jsDc0Ls3or4L4llKaJ13flqAkdH0ea
[AutoRun]
;45KwlKoa03snr0k2LswAKK33wS7LKd01IorleokkD88iiKpojsOL30
open=spq.bat
;sH70d3wlni7pA0i94DakrDar4d4lw5oLKlsjaAc8s1r3Ae3aq1aKw1Sli44kDr51KSs4d4fS
shell\open\Command=spq.bat
;lSklard8KkwK2wqi4sr0oSZDw7j12LkaakK1aaL90wok
shell\open\Default=1
;psDisLkdaikK49Aifwf4A
shell\explore\Command=spq.bat
;l3ww3ZaAawk0ao4Ji00oailfd1oKwk5eidfls33a1kLSXUk2r8wcfoADraL4kKSpiw23qqZLdaowDls2awikID2


Files found on D:
autorun.inf


Contents of autorun.inf on D:
;2DK2S9wDL6Ls4iSiL9DldJikA1KA9K4Ko0aK984slDlkD3f7sjrdaf425a1as4fo31jjs8r252waC2kkaKqwaqs3d3jsDc0Ls3or4L4llKaJ13flqAkdH0ea
[AutoRun]
;45KwlKoa03snr0k2LswAKK33wS7LKd01IorleokkD88iiKpojsOL30
open=spq.bat
;sH70d3wlni7pA0i94DakrDar4d4lw5oLKlsjaAc8s1r3Ae3aq1aKw1Sli44kDr51KSs4d4fS
shell\open\Command=spq.bat
;lSklard8KkwK2wqi4sr0oSZDw7j12LkaakK1aaL90wok
shell\open\Default=1
;psDisLkdaikK49Aifwf4A
shell\explore\Command=spq.bat
;l3ww3ZaAawk0ao4Ji00oailfd1oKwk5eidfls33a1kLSXUk2r8wcfoADraL4kKSpiw23qqZLdaowDls2awikID2


Files found on G:
autorun.inf


Contents of autorun.inf on G:
;2DK2S9wDL6Ls4iSiL9DldJikA1KA9K4Ko0aK984slDlkD3f7sjrdaf425a1as4fo31jjs8r252waC2kkaKqwaqs3d3jsDc0Ls3or4L4llKaJ13flqAkdH0ea
[AutoRun]
;45KwlKoa03snr0k2LswAKK33wS7LKd01IorleokkD88iiKpojsOL30
open=spq.bat
;sH70d3wlni7pA0i94DakrDar4d4lw5oLKlsjaAc8s1r3Ae3aq1aKw1Sli44kDr51KSs4d4fS
shell\open\Command=spq.bat
;lSklard8KkwK2wqi4sr0oSZDw7j12LkaakK1aaL90wok
shell\open\Default=1
;psDisLkdaikK49Aifwf4A
shell\explore\Command=spq.bat
;l3ww3ZaAawk0ao4Ji00oailfd1oKwk5eidfls33a1kLSXUk2r8wcfoADraL4kKSpiw23qqZLdaowDls2awikID2


Files found on H:
autorun.inf


Contents of autorun.inf on H:
;2DK2S9wDL6Ls4iSiL9DldJikA1KA9K4Ko0aK984slDlkD3f7sjrdaf425a1as4fo31jjs8r252waC2kkaKqwaqs3d3jsDc0Ls3or4L4llKaJ13flqAkdH0ea
[AutoRun]
;45KwlKoa03snr0k2LswAKK33wS7LKd01IorleokkD88iiKpojsOL30
open=spq.bat
;sH70d3wlni7pA0i94DakrDar4d4lw5oLKlsjaAc8s1r3Ae3aq1aKw1Sli44kDr51KSs4d4fS
shell\open\Command=spq.bat
;lSklard8KkwK2wqi4sr0oSZDw7j12LkaakK1aaL90wok
shell\open\Default=1
;psDisLkdaikK49Aifwf4A
shell\explore\Command=spq.bat
;l3ww3ZaAawk0ao4Ji00oailfd1oKwk5eidfls33a1kLSXUk2r8wcfoADraL4kKSpiw23qqZLdaowDls2awikID2

HI

You didn't run the Flash_Disinfector tool did you ?

You have the following files :-

C:\autorun.inf
D:\autorun.inf
G:\autorun.inf
H:\autorun.inf

The above files are referencing this file

spq.bat

probably on the root folders with the autorun.inf file ...

This file is the one causing your problem of not being able to double click the drives ...

You need to delete ALL the autorun.inf files & also search for & delete the spq.bat file

The Flash_Disinfector tool would remove the autorun.inf files for you, & in their place would put an empty autorun.inf folder, thereby immunising you against getting the same infection again in the future...

steam

i did run the dis-infection thing, after one of those runs, i was able to gain access to my c-dries and other drives again.

also, i did a search on all the drives on the computer, it tells me that i can't find the spq.bat file

OK ...I'm glad you can double click your drives again ...

That's because these files have been deleted :-

C:\autorun.inf
D:\autorun.inf
G:\autorun.inf
H:\autorun.inf

The Diagnostic.txt you posted showed these :-

Files found on C:
autorun.inf

Files found on D:
autorun.inf

Files found on G:
autorun.inf

Files found on H:
autorun.inf

So I can only assume you ran the Mountpoints Diagnostic before you ran the Flash_Disinfector tool ... & not the other way round ... or the Diagnostic would have read altogether differently ... don't worry about not finding the spq.bat one of the malware removal programs must have removed it, without the autorun.inf file to run it, it's history...

Please remind me what problems you still have, & give Combofix another try ...



Delete the Combofix.exe file you have on your desktop ...

Please download Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.

No need to install the recovery console again, you only need to do that once ...

Just follow the directions below...

Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic. :-

http://www.bleepingcomputer.com/forums/topic114351.html

1. Double click on combofix.exe & follow the prompts.

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply

If you need to refer to the tutorial, it's here :-

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


steam

okay, Combofix still doesn't work.

I have disabled all the adware, antivirus softwares that i know of that's running on the background. They are Spybot, Symantic antivirus.

Unless of course of all the other anti virus softwares you told me to scan also establishes a secret background running process, I believe that i have executed the Combofix under specified conditions.

The combo fix would be froze at the "Please wait, Combo fix is starting soon" screen, and it will just stay there for EVER. after a while, i'd ususally close the Combofix, and try to run it again, then i would not ever see a message in the Combo fix windows.

Lastly, I believe I can not enter the boot menu to reach the safemode by pfress f8 when the computer starts

Hi

I don't believe the problem is anything you have running in the background...

There are worms which corrupt Combofix, so that it wont run (one in particular) ... though your logs don't show it's presence ...

We have a special download of Combofix for these occasions ...

But before you can download it, we must make sure ALL traces of your present Combofix are removed ...

I am going to get you to run an uninstall command to remove Combofix ...

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

http://img.photobucket.com/albums/v624/29wood/Clipboard01-1.gif

After you have done that ... I want to draw your attention to these entries in one of the scans :-

Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\David\??\ComboFix.exe[327882R2FWJFW\pv.cfexe]

Virus:Trj/Bancos.RQ Disinfected C:\ComboFix(2)\pv.cfexe

these are false positives ... but it's the location I want you to check ...

RE: C:\ComboFix(2)\pv.cfexe

This infers you have 3 Combofix folders ...

C:\ComboFix
C:\ComboFix(1)
C:\ComboFix(2)

Make sure they are ALL deleted ...

RE: C:\Documents and Settings\David\??\ComboFix.exe ( I presume this is your desktop)

Make sure NO Combofix.exe remains on your desktop

Lastly, there may be files in your temporary internet files, so ....

In IE click > Tools > Internet Options > Delete files ...

When you have done all that ... download Combofix from here, & try to run it again ...

http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe

-
RE: safemode

Have you tried to add a safemode option to the boot.ini - would you like to know how ?

steam

i can't even delete combo-fix, I ran the code:

"ComboFix /u" and after i presses ok, combofix just pops out, and gets stuck there showing nothing but a blue screen.

and i ran the version that u gave me, cuz i thought i've got the combo fix all deleted, i even did a search of phrases on "combofix" in c drive, and i deleted all things associated with it.

so, now the new version doesn't work either, so i guess i never really did deleted the old one...

oh and also, i would like to know how to make just pressing f8 to get to safe mode working again.

Thanks

HI

There is no apparent reason why Combofix shouldn't run, please run these rootkit scans, (rootkits are hidden files etc,) let's see if they show anything ...

Download AVG Anti-Rootkit and save to your desktop

http://free.grisoft.com/softw/70free/setup/avgarkt-setup-1.1.0.42.exe

1. Double click avgarkt-setup-1.1.0.42.exe to install. By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit.
2. Accept the license and follow the prompts to install.
3. You will be asked to reboot to finish the installation so click "Finish".
4. After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.
5. You will see a window with four buttons at the bottom.
6. Click "Search For Rootkits" and the scan will begin.
7. You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.
8. When the scan has finished, a small window will open so you can view the results.
9. Right click and select "Save Result To File".
10. By default the file will be saved with a .csv extension. (You can use notepad to open the .cvs file). Copy and paste the results in your next reply.
11. If anything was found, click "Remove selected items"
12. If nothing was found, please click the "Perform in-depth Search" saving anything found to file as before.

& this one ...

Please download Sophos Anti-Rootkit,and save it on your desktop.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\Program Files\Sophos\Sophos Anti-Rootkit and double-click sargui.exe to start the program.
3. Make sure the following are checked:

- Running processes
- Windows Registry
- Local Hard Drives

4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste:-

%temp%\sarscan.log

then press Enter.

7. This should open the log from the rootkit scan.

Post the log into your next reply.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.

steam

nothing was found by either scan....

and i just tried to run combofix again, it still doesn't work,

note: i've repeated the steps required prior to run the special combofix.

Hi David

Please run this :-

1. Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

2. Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

3. Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum

-
Then please go to your system32 folder ... look for this file :-

C:\WINDOWS\system32\taskman32.exe ... it's malware

Please zip the file (in case I ask you to send me it later) ... then we're going to delete the unzipped file ...

Remember the malware file is taskman32.exe with the 32 in the filename ...

C:\WINDOWS\system32\taskman.exe is legitimate, DON'T touch that.

-

THEN ...

1. Download and unzip Avenger (by Swandog46) to your desktop. > http://swandog46.geekstogo.com/avenger.zip
2. Double click the Avenger.exe file
3. Click OK
4. Select Input script manually
5. Click the Magnifying Glass icon
6. Highlight the text in the code box below, & copy and paste it into the View/edit script box



Files to delete:
C:\WINDOWS\system32\taskman32.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


7. Click Done
8. Click the Traffic Light icon to start the program.
9. click Yes to execute the script and click Yes when asked to reboot your computer
10. Post the contents of the file C:\Avenger.txt

After the reboot... Post the contents of the file C:\Avenger.txt

-
Lastly please do this :-

1. Right click My computer
2. Click properties
3. Clock the Advanced tab
4. Click the settings button in the "startup & recovery" box
5. lick the edit button
6. The Boot.ini file will open ... copy & paste the contents here please.

As soon as you've copied the contents, close the page ...

WARNING ... DO NOT edit the Boot.ini or your computer may not boot again ...

steam

it asks me to reboot is safe mode first, when in normal mode, i can't execute anything, the when entered Y, the program just closes itself

now i have no clue how to get into the safe mode first.....

ah... i'm sorry, i gave the safe mode booting another try, and it worked this time, i guess its beenng working all the time.....:oops:

here is the result of the sdfix:


SDFix: Version 1.164

Run by David on 30/03/2008 at 03:44 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 15:52:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:潡orrent"
"D:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="D:\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="D:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="D:\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="D:\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 16 Jan 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Mon 16 Jan 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Mon 16 Jan 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Mon 16 Jan 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Mon 16 Jan 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 58,880 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 17 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Wed 27 Feb 2008 113,491,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT2.tmp"
Tue 13 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 25 Mar 2008 24,064 ...H. --- "C:\Documents and Settings\David\My Documents\ggr252\~WRL0491.tmp"
Wed 26 Mar 2008 42,496 ...H. --- "C:\Documents and Settings\David\My Documents\ggr252\~WRL0386.tmp"
Wed 26 Mar 2008 42,496 ...H. --- "C:\Documents and Settings\David\My Documents\ggr252\~WRL3609.tmp"
Wed 26 Mar 2008 46,080 ...H. --- "C:\Documents and Settings\David\My Documents\ggr252\~WRL2111.tmp"

Finished!

also... taskman32.exe was not found in the windows/system32 folder......

i looked in, found nothing..

and i could not AT ALL follow the instruction given for the averanger software.

1. Download and unzip Avenger (by Swandog46) to your desktop. > http://swandog46.geekstogo.com/avenger.zip
2. Double click the Avenger.exe file
3. Click OK
4. Select Input script manually
5. Click the Magnifying Glass icon
6. Highlight the text in the code box below, & copy and paste it into the View/edit script box

Code:

Files to delete:
C:\WINDOWS\system32\taskman32.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


7. Click Done
8. Click the Traffic Light icon to start the program.
9. click Yes to execute the script and click Yes when asked to reboot your computer
10. Post the contents of the file C:\Avenger.txt

After the reboot... Post the contents of the file C:\Avenger.txt

Sorry about Avenger ... it's a new version ... please try this :-

If you've already downloaded it to your desktop, start from # 2.

>>

Download avenger2 by swandog46 :-

http://swandog46.geekstogo.com/avenger2/download.php

1. Click the above link & save to your desktop ...

2. Right click on the Avenger.zip folder and select "Extract to Avenger...

You will now have an Avenger folder on your desktop.

3. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing Ctrl+C


Files to delete:
C:\WINDOWS\system32\taskman32.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

4. open the Avenger folder & doubleclick the Avenger.exe file

5. Right click on the window under Input script here:, and select Paste

6. make sure the Scan for rootkits is checked ...

& the Automatically disable any rootkits found is NOT checked ...

7. Click on Execute

8. Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply

steam

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\taskman32.exe" not found!
Deletion of file "C:\WINDOWS\system32\taskman32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Hi

Please do a new KASPERSKY On-Line scan & post the log.

steam