Tavo virus

D

david71

New member
Hi, I searched on google and found out that this site may provide me solution to my virus problem.

I have this symantec Anitvirus software it keeps on telling me there is a "tavo0.dll" in system32 folder is infected. and when i try to have it fix via my antivirus software it just keeps on coming back each reboot.

but i saw a few posts regarding this problem, I need to post a log of Hijackthis, and a log from Combofix right?

here is the log i attained from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:44 AM, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\David\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1189776066640
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe

--
End of file - 11302 bytes


but i saw a few posts regarding this problem, I need to post a log of Hijackthis, and a log from Combofix right?
Click to expand...
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Until a helper responds, the HJT log has not been analysed. Please wait to be advised and don't run fixes until asked.
Click to expand...
 
Last edited by a moderator:
sry admins/volunteers...

i'll go through the standard procedures now... I'll make reply again the instructions given in the "before you post" doesn't help...

Thanks
 
david71 said:
sry admins/volunteers...

i'll go through the standard procedures now... I'll make reply again the instructions given in the "before you post" doesn't help...

Thanks
Click to expand...

David ... what do you mean ...the instructions given in the "before you post" doesn't help...

It helps us to help you if you run programs in a certain order, so we have your hijackthis log, I would like to see a KASPERSKY on-line scan log (from the link tashi gave you) before you run anything else, then most probably I will ask you for a Combofix log, but I don't want you to run Combofix first ... if however you have already run it, please post the log ... I must see the log from the first run of Combofix.

steam
 
lol sry, i didn't see review my sentences before posting...

i meant "IF the instruction given.... doesn't help", wow that sentence without that if make a big difference.

so i ran the KASPERSKY, before Spybot... and then i ran Spybot as instructed....

I'm just curious as to why do u guys want the KASPERSKY log before Spybot is ran... neway... here is the log:

Thursday, March 20, 2008 9:58:55 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/03/2008
Kaspersky Anti-Virus database records: 581547


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 58273
Number of viruses found 4
Number of infected objects 30
Number of suspicious objects 0
Duration of the scan process 00:57:47

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\taskman32.exe Infected: Backdoor.Win32.Hupigon.bfgo skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped

C:\WINDOWS\Temp\sqlite_tEmM1ouEZ7L1y4m Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{7B868533-8F69-4FEA-B2A9-F2E2180C1C82}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2FF69CAC-2EC3-4A90-8346-04109BF76A81}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940000.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940001\4F943CF1.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B9C0000\4FDDBF18.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN Infected: Trojan-PSW.Win32.OnLineGames.rui skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0007\4FFDF4F3.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\All Users\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\David\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\David\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\Perflib_Perfdata_73c.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\Perflib_Perfdata_125c.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Acer Arcade\Log\Trace20080320.log Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\XUL.mfl Object is locked skipped

C:\Documents and Settings\David\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\parent.lock Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\cert8.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\key3.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\history.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\search.sqlite Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Guest\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Guest\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-03-20.01-29-28.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0375NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0452NAV~.TMP Object is locked skipped

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\change.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\change.log Object is locked skipped

Scan process completed.

Thanks alot... and umm, i tried to ran the Combofix yesterday, right after HJT, while the HJT worked fined, but the combofix did not generate a log for me after a while. so i have checked the process that might have stalled it but found none mentioned was running... i dunno why still.. so i'm gonna try to run Combofix again right now, i hope it works.
 
damn it, the combo fix just doesn't work for me, the first few times i ran it, there appears nothing but blue screen and a "." for the title of the windows......

and then, i just check out some other post, i got this link to Combofix's tutorial.... I followed it, and i downloaded this windows recovery point program, i dragged the thing (the right version for my pc) to combo fix, and at the windows when it says "auto scan" i thought it would go through a scan, but, it didn't

it just told me that i couldn't find some .dat file and it doesn't go on anymore. so i just closed the windows... i didn't excatly get the name of the .dat file...

so afterward, i rebooted my computer and made server attempt to run that thing again, including re-doing the windows recovery installment file to combofix... it didn't work...
 
HI

I'll try & find out what the problem is with Combofix ...

Go here to run an online scan from ESET.

http://www.eset.eu/online-scanner

Note: You will need to use Internet explorer for this scan

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is checkmarked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Copy and paste the log into your next reply

THEN ...

Perform an online scan with Internet Explorer with
http://www.pandasoftware.com/products/activescan.htm
Panda ActiveScan
  1. Click on scanyourpc located at the bottom of the page.
  2. A pop up window will appear. Please ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Free Online Scan *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting mycomputer
  • If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on see report then click save report

Turn off the real time scanner of any existing antivirus program while performing the online scan.

Please post the Panda log scan.

THEN ...

Please run this on-line scan :-

http://www.bitdefender.com/scan8/ie.html

Scan the whole computer & let it Disinfect/delete all it finds ...

copy & paste here its report here please.

steam
 
Last edited:
here is hte eset antivirus scan result:

one thing though, this is the second time that i scanned the computer with this program. The first time it went through, i saw it says it has detected 12 infected files, but half way through the scan, my computer over heated and shut down on its own, and when i then turn on the computer again, my original anti virus software, Symantec Antivirus version 7.5, told me that i has detected 12 trojan viruses and forced me to clean them up. so here is the result after the symantec antivirus cleaned those up.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2967 (20080321)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=084cb47b0beb1a4e9972f1ec41ed60cd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-22 11:52:08
# local_time=2008-03-22 07:52:08 )
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=333887
# found=0
# scan_time=1840
 
here is the scanned result of the panda anti virus...


Incident Status Location

Adware:adware/sbsoft Not disinfected Windows Registry
Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\David\桌面\ComboFix.exe[327882R2FWJFW\pv.cfexe]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Cookies\david@overture[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\David\Cookies\david@fastclick[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Cookies\david@atdmt[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\David\Cookies\david@linksynergy[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\David\Cookies\david@cgi-bin[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\David\Cookies\david@com[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Cookies\david@advertising[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Cookies\david@realmedia[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\David\Cookies\david@i.screensavers[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Cookies\david@advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Cookies\david@tribalfusion[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Cookies\david@server.iad.liveperson[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adserver.easyad.info/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adultfriendfinder.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.azjmp.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[server.iad.liveperson.net/hc/56294818]
Virus:Trj/Bancos.RQ Disinfected C:\ComboFix(2)\pv.cfexe
lol, it says the combofix is infected =.=
 
bit defener scan result

here is the result from bit defener..

well, the scans are done for now, thanks alot for the help, i can't wait till u guys fixes the virus for me or.... not :bigthumb:



BitDefender Online Scanner
Scan report generated at: Sat, Mar 22, 2008 - 22:15:11
Scan path: C:\;D:\;E:\;F:\;

Statistics

Time 00:34:38
Files 270449
Folders 5237
Boot Sectors 4
Archives 7100
Packed Files 13737

Results
Identified Viruses 9
Infected Files 104
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 161

Engines Info
Virus Definitions
1021790
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 16
Archive plugins 41
Unpack plugins 7
E-mail plugins 6
System plugins 5

Scan Settings
First Action: Disinfect
Second Action: Delete
Heuristics: Yes
Enable Warnings: Yes
Scanned Extensions: *;
Exclude Extensions
Scan Emails Yes
Scan Archives: Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File: Status


okay, damn it, i keep on getting this message when i try to post the result:

"The text that you have entered is too long (46682 characters). Please shorten it to 20000 characters long.
"
 
umm.... after the bit defender, i seems to have get rid of all my virus problems.. but now i can't access to my either two main hard drives by double clicking on them...

it, when i go to my computer, and double click on drive c:\, it will tell me that it can't find a program to execute the drive, and the same thing with my d:\ drive.

it can however access to every single file path on the computer by entering their addresses.. i.e. in the internet explorer window, i can type c:\program file, and i'll be lead to the program file foler.... and from the program file if i wanna to to c:\ drive i have to use the "go up a level" button on the function panels.

all, in all, the new problem that i'm having right now is, i can't get to any root drives directly, either by douleing clicking on the icon, or entering address of the root drive in internet explorer.

(i suspect that one of them program filed to disinfect the file, and actually deleted something from windows OS)

Thanks alot:laugh:
 
Hi

okay, damn it, i keep on getting this message when i try to post the result:

"The text that you have entered is too long (46682 characters). Please shorten it to 20000 characters long.
Click to expand...

Split the BitDefender log into 3 parts & make 3 separate posts ... I really would like to see that log ...

RE: your drives ...

Thanks alot
Click to expand...

I hope you weren't being sarcastic with me by saying that ...

Any unforeseen things can happen when removing malware ...

However NOTHING has been deleted from your Windows O/S, it appears you have/had a flashdrive infection (you have an infected flashdrive somewhere) ... the problem is being caused by an autorun.inf in the root folders, most probably a rogue .vbs file as well ... if you can now get Combofix to run ... it will remove the infected files for you ... or there are other ways we can do it.

Delete the Combofix.exe file you have on your desktop ...

Please download Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.

No need to install the recovery console again, you only need to do that once ...

Just follow the directions below...

Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic. :-

http://www.bleepingcomputer.com/forums/topic114351.html

1. Double click on combofix.exe & follow the prompts.

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.


If you need to refer to the tutorial, it's here :-

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
 
the three parts of the bit defender scan: part 1

C:\WINDOWS\system32\kavo0.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\WINDOWS\system32\kavo0.dll
Disinfection failed

C:\WINDOWS\system32\kavo0.dll
Delete failed

C:\WINDOWS\system32\kavo.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\WINDOWS\system32\kavo.exe
Disinfection failed

C:\WINDOWS\system32\kavo.exe
Deleted

C:\WINDOWS\system32\kavo1.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\WINDOWS\system32\kavo1.dll
Disinfection failed

C:\WINDOWS\system32\kavo1.dll
Deleted

C:\WINDOWS\Temp\4iv.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\WINDOWS\Temp\4iv.dll
Disinfection failed

C:\WINDOWS\Temp\4iv.dll
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN=>(Quarantine-PE)
Infected with: DeepScan:Generic.Zlob.7.06B0FD20

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.O

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40000\47FFE7AC.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.O

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40000\47FFE7AC.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40000\47FFE7AC.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40001\47FFE7B7.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.O

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40001\47FFE7B7.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40001\47FFE7B7.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40002\47FFE7C2.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.O

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40002\47FFE7C2.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40002\47FFE7C2.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F340000.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F340000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F340000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F2C0000\4FECA8FA.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F2C0000\4FECA8FA.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F2C0000\4FECA8FA.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17E80000\57E8A903.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17E80000\57E8A903.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17E80000\57E8A903.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140000\47F4A9FC.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140000\47F4A9FC.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140000\47F4A9FC.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13AC0000\57ECABF1.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13AC0000\57ECABF1.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13AC0000\57ECABF1.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40000.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000\4FE5F06F.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000\4FE5F06F.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000\4FE5F06F.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4FFDF26C.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4FFDF26C.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4FFDF26C.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0001\4FFDF278.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0001\4FFDF278.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0001\4FFDF278.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0002\4FFDF2CB.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0002\4FFDF2CB.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0002\4FFDF2CB.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0003\4FFDF313.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0003\4FFDF313.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0003\4FFDF313.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0004\4FFDF3E2.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0004\4FFDF3E2.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0004\4FFDF3E2.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0005\4FFDF48B.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0005\4FFDF48B.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0005\4FFDF48B.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0006\4FFDF4DD.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0006\4FFDF4DD.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0006\4FFDF4DD.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF40000\4FF5F6E2.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF40000\4FF5F6E2.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF40000\4FF5F6E2.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRE

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0001.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRE

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0002.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRE

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0002.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0003.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0003.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0003.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0004.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0004.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0004.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0005.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0005.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0005.VBN=>(Quarantine-PE)
Deleted
 
part two of the scan:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0006.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0006.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0006.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05180000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05180000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05180000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980000\47FB618B.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980000\47FB618B.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980000\47FB618B.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08180000\4FFB66D7.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08180000\4FFB66D7.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08180000\4FFB66D7.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02180000\47FB68A7.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02180000\47FB68A7.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02180000\47FB68A7.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940000\47F769FD.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940000\47F769FD.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940000\47F769FD.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940001\47F76A0E.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940001\47F76A0E.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940001\47F76A0E.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940002\47F76A3A.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940002\47F76A3A.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940002\47F76A3A.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0001.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140000\47F7E489.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140000\47F7E489.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140000\47F7E489.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140001\47F7E497.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140001\47F7E497.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05140001\47F7E497.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000001.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000002.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000002.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01000002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000.VBN=>(Quarantine-PE)
Infected with: Trojan.PWS.OnlineGames.SRL

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440003.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440003.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440003.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440004.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440004.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440004.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440005.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440005.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440005.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440006.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440006.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440006.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440007.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440007.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440007.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440008.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440008.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440008.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440009.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440009.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440009.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000A.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000A.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000A.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000B.VBN=>(Quarantine-PE)
Infected with: Packer.Malware.NSAnti.T

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000B.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B44000B.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BCN9TTKU\ubs[1].exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BCN9TTKU\ubs[1].exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BCN9TTKU\ubs[1].exe
Deleted

C:\Documents and Settings\David\Local Settings\Temp\cc.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\David\Local Settings\Temp\cc.exe
Disinfection failed

C:\Documents and Settings\David\Local Settings\Temp\cc.exe
Deleted

C:\Documents and Settings\David\Local Settings\Temp\4iv.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\David\Local Settings\Temp\4iv.dll
Disinfection failed

C:\Documents and Settings\David\Local Settings\Temp\4iv.dll
Deleted

C:\Documents and Settings\David\Local Settings\Temp\kpgzlk8c.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\David\Local Settings\Temp\kpgzlk8c.dll
Disinfection failed

C:\Documents and Settings\David\Local Settings\Temp\kpgzlk8c.dll
Deleted

C:\Documents and Settings\David\Local Settings\Temp\hyw7.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\Documents and Settings\David\Local Settings\Temp\hyw7.dll
Disinfection failed

C:\Documents and Settings\David\Local Settings\Temp\hyw7.dll
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021233.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021233.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021233.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021273.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021273.dll
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021273.dll
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021307.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021307.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021307.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021308.dll
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021308.dll
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021308.dll
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021309.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021309.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021309.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021340.bat
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021340.bat
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021340.bat
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021344.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021344.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021344.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021435.DLL
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021435.DLL
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021435.DLL
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021448.bat
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021448.bat
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021448.bat
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021528.exe
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021528.exe
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021528.exe
Deleted

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021529.DLL
Infected with: Trojan.PWS.OnlineGames.SSC

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021529.DLL
Disinfection failed

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021529.DLL
Deleted
 
and the part three of the scan:

D:\dyr2j6mv.exe
Infected with: Trojan.PWS.OnlineGames.SSC

D:\dyr2j6mv.exe
Disinfection failed

D:\dyr2j6mv.exe
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019234.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019234.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019234.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019273.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019273.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019273.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019294.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019294.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019294.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019314.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019314.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019314.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019333.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019333.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019333.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019354.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019354.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019354.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019381.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019381.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019381.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019401.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019401.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0019401.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020400.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020400.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020400.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020423.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020423.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\A0020423.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020493.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020493.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020493.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020551.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020551.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP153\A0020551.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020625.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020625.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020678.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020678.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020912.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020912.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020934.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020934.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020954.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020954.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020975.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0020975.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0021133.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP154\A0021133.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021235.exe
Infected with: Trojan.PWS.OnlineGames.SSC

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021235.exe
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP155\A0021235.exe
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021342.bat
Infected with: Trojan.PWS.OnlineGames.SSC

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021342.bat
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021342.bat
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021409.cmd
Infected with: Packer.Malware.NSAnti.T

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021409.cmd
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021409.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021410.cmd
Infected with: Trojan.PWS.OnlineGames.SRL

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021410.cmd
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021450.bat
Infected with: Trojan.PWS.OnlineGames.SSC

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021450.bat
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021450.bat
Deleted

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021530.exe
Infected with: Trojan.PWS.OnlineGames.SSC

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021530.exe
Disinfection failed

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP156\A0021530.exe
Deleted
 
combofix just doesn't work

combofix jsut doesn't work, I've followed the instructions given by the firewall/antivirus disable guide, I've made sure that i got all the software disabled, but it still doesn't work.

when i'm trying to disable the spybot, i could not find tea-timer being listed in the system start up check list located in the advance option selection. questions: is my tea timer even running? i have a all default installation..

so i've gone to the extend of uninstalling spybot, to make sure that teatimer isn't running at all. still, the combofix doesn't work, all i see is a blue screen with nothing, absolutely nothing on it, and a "." for its windows title.....
(I've waited for more than 20 minutes)


and so, now i realize that my computer have some problem, now i press F8, it wouldn't go into the boot selection menu, i can't enter safe mode, and i can't get to c drive by double clicking on it....

i realized that i couldn't see the boot menu while trying to perform a scan with the re-installed spybot under safe mode. what happens is that no matter how fast i tap that f8 button, before the windows symbol screen, it would just go straight to normal booting, basicly ignored that F8 pressing... unlike before.
 
Hi

Please run this Flash_Disinfector tool by sUBs ...

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Just download the exe file and double click on it to run it...then follow instructions

A box will pop up telling you to plug in your flash drive and click OK to start the dis infection ... by the way if you try to cross the box of with the X in the corner ... it will run anyway ... after a few seconds a box will pop up saying "done"

-
When you have done that ... please download "Mountpoints Diagnostic.zip" by Mosaic1

http://www.help2go.com/index2.php?option=com_forum&Itemid=33&page=download&id=1450

Unzip it & Double click to run it. It will create a report named Diagnostic.txt. When finished, upload Diagnostic.txt in your next post ...

steam
 
Diagnostic Report
2008-03-25 11:23:53.84

Mountpoints > Drives subkeys:
------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567579ce-33dd-11d9-87df-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567579cf-33dd-11d9-87df-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567579d0-33dd-11d9-87df-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6c06b0-864f-11da-8881-97c2bce8c5e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
df,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,df,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,20,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6c06b0-864f-11da-8881-97c2bce8c5e9}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6c06b0-864f-11da-8881-97c2bce8c5e9}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6c06b0-864f-11da-8881-97c2bce8c5e9}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\GAME_EXE]
@="\\NWN2Launcher.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\GAME_GUID]
@="F20C1251-1D0A-4944-B2AE-678581B33B19"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\GAME_NAME]
@="Neverwinter Nights 2"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e3e624-6706-11dc-a745-00130203c9e9}\_Autorun\DefaultIcon]
@="F:\\AUTORUN.ICO"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fa8ed5a-8642-11da-887b-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fa8ed5b-8642-11da-887b-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d4fa850-6461-11dc-a743-00130203c9e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,ee,5f,00,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,09,07,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d4fa851-6461-11dc-a743-00130203c9e9}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,09,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,06,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell]
@="Auto"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\Auto]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\Auto\command]
@="Ghost.pif"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\AutoRun]
"Extended"=""
@="????(&P)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa1bca0-937d-11dc-a757-00130203c9e9}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b8738e-7277-11dc-a752-00130203c9e9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b8738e-7277-11dc-a752-00130203c9e9}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b8738e-7277-11dc-a752-00130203c9e9}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b8738e-7277-11dc-a752-00130203c9e9}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d162-62c1-11dc-a73d-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d163-62c1-11dc-a73d-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d164-62c1-11dc-a73d-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,01,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,60,00,00,00,0c,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d164-62c1-11dc-a73d-806d6172696f}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae3d164-62c1-11dc-a73d-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\WIN\\vpplays.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~
No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

Files found on C:
autorun.inf


Contents of autorun.inf on C:
;2DK2S9wDL6Ls4iSiL9DldJikA1KA9K4Ko0aK984slDlkD3f7sjrdaf425a1as4fo31jjs8r252waC2kkaKqwaqs3d3jsDc0Ls3or4L4llKaJ13flqAkdH0ea
[AutoRun]
;45KwlKoa03snr0k2LswAKK33wS7LKd01IorleokkD88iiKpojsOL30
open=spq.bat
;sH70d3wlni7pA0i94DakrDar4d4lw5oLKlsjaAc8s1r3Ae3aq1aKw1Sli44kDr51KSs4d4fS
shell\open\Command=spq.bat
;lSklard8KkwK2wqi4sr0oSZDw7j12LkaakK1aaL90wok
shell\open\Default=1
;psDisLkdaikK49Aifwf4A
shell\explore\Command=spq.bat
;l3ww3ZaAawk0ao4Ji00oailfd1oKwk5eidfls33a1kLSXUk2r8wcfoADraL4kKSpiw23qqZLdaowDls2awikID2


Files found on D:
autorun.inf


Contents of autorun.inf on D:
;2DK2S9wDL6Ls4iSiL9DldJikA1KA9K4Ko0aK984slDlkD3f7sjrdaf425a1as4fo31jjs8r252waC2kkaKqwaqs3d3jsDc0Ls3or4L4llKaJ13flqAkdH0ea
[AutoRun]
;45KwlKoa03snr0k2LswAKK33wS7LKd01IorleokkD88iiKpojsOL30
open=spq.bat
;sH70d3wlni7pA0i94DakrDar4d4lw5oLKlsjaAc8s1r3Ae3aq1aKw1Sli44kDr51KSs4d4fS
shell\open\Command=spq.bat
;lSklard8KkwK2wqi4sr0oSZDw7j12LkaakK1aaL90wok
shell\open\Default=1
;psDisLkdaikK49Aifwf4A
shell\explore\Command=spq.bat
;l3ww3ZaAawk0ao4Ji00oailfd1oKwk5eidfls33a1kLSXUk2r8wcfoADraL4kKSpiw23qqZLdaowDls2awikID2


Files found on G:
autorun.inf


Contents of autorun.inf on G:
;2DK2S9wDL6Ls4iSiL9DldJikA1KA9K4Ko0aK984slDlkD3f7sjrdaf425a1as4fo31jjs8r252waC2kkaKqwaqs3d3jsDc0Ls3or4L4llKaJ13flqAkdH0ea
[AutoRun]
;45KwlKoa03snr0k2LswAKK33wS7LKd01IorleokkD88iiKpojsOL30
open=spq.bat
;sH70d3wlni7pA0i94DakrDar4d4lw5oLKlsjaAc8s1r3Ae3aq1aKw1Sli44kDr51KSs4d4fS
shell\open\Command=spq.bat
;lSklard8KkwK2wqi4sr0oSZDw7j12LkaakK1aaL90wok
shell\open\Default=1
;psDisLkdaikK49Aifwf4A
shell\explore\Command=spq.bat
;l3ww3ZaAawk0ao4Ji00oailfd1oKwk5eidfls33a1kLSXUk2r8wcfoADraL4kKSpiw23qqZLdaowDls2awikID2


Files found on H:
autorun.inf


Contents of autorun.inf on H:
;2DK2S9wDL6Ls4iSiL9DldJikA1KA9K4Ko0aK984slDlkD3f7sjrdaf425a1as4fo31jjs8r252waC2kkaKqwaqs3d3jsDc0Ls3or4L4llKaJ13flqAkdH0ea
[AutoRun]
;45KwlKoa03snr0k2LswAKK33wS7LKd01IorleokkD88iiKpojsOL30
open=spq.bat
;sH70d3wlni7pA0i94DakrDar4d4lw5oLKlsjaAc8s1r3Ae3aq1aKw1Sli44kDr51KSs4d4fS
shell\open\Command=spq.bat
;lSklard8KkwK2wqi4sr0oSZDw7j12LkaakK1aaL90wok
shell\open\Default=1
;psDisLkdaikK49Aifwf4A
shell\explore\Command=spq.bat
;l3ww3ZaAawk0ao4Ji00oailfd1oKwk5eidfls33a1kLSXUk2r8wcfoADraL4kKSpiw23qqZLdaowDls2awikID2
 
HI

You didn't run the Flash_Disinfector tool did you ?

You have the following files :-

C:\autorun.inf
D:\autorun.inf
G:\autorun.inf
H:\autorun.inf

The above files are referencing this file

spq.bat

probably on the root folders with the autorun.inf file ...

This file is the one causing your problem of not being able to double click the drives ...

You need to delete ALL the autorun.inf files & also search for & delete the spq.bat file

The Flash_Disinfector tool would remove the autorun.inf files for you, & in their place would put an empty autorun.inf folder, thereby immunising you against getting the same infection again in the future...

steam
 
i did run the dis-infection thing, after one of those runs, i was able to gain access to my c-dries and other drives again.
 
You must log in or register to reply here.
Back
Top