Hi,

First I want to say: T-H-A-N-K Y-O-U !!!!!!

I succeded installing my old avg anti virus, and the cccleaner is working at normal mode.
You are great!

about my new home-works , I cant delete that file because I dont have a H:\
strange where that path came from.

second, heres the log:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002

HKEY_LOCAL_MACHINE\SYSTEM\LastKnownGoodRecovery

HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

HKEY_LOCAL_MACHINE\SYSTEM\Select

HKEY_LOCAL_MACHINE\SYSTEM\Setup

HKEY_LOCAL_MACHINE\SYSTEM\WPA

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet


I made already a avg full scan and it showed the "amvo.exe.vir" in the combofix-quarantine files. - thats it.

I just activated the bitdefender, and I will add its log soon

FINISHED THE SCAN:

BitDefender Online Scanner



Scan report generated at: Wed, Apr 02, 2008 - 00:22:23





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:55:52

Files
281277

Folders
6100

Boot Sectors
3

Archives
5771

Packed Files
13369




Results

Identified Viruses
2

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3




Engines Info

Virus Definitions
1086104

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\DAEMON Tools\SetupDTSB.exe
Detected with: Application.Adware.Savenow.G

C:\Program Files\DAEMON Tools\SetupDTSB.exe
Disinfection failed

C:\Program Files\DAEMON Tools\SetupDTSB.exe
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir
Infected with: Packer.Malware.NSAnti.X

C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir
Deleted

C:\System Volume Information\_restore{F09FB033-F71D-4FE1-971E-4DD0004ADE85}\RP5\A0001568.exe
Detected with: Application.Adware.Savenow.G

C:\System Volume Information\_restore{F09FB033-F71D-4FE1-971E-4DD0004ADE85}\RP5\A0001568.exe
Disinfection failed

C:\System Volume Information\_restore{F09FB033-F71D-4FE1-971E-4DD0004ADE85}\RP5\A0001568.exe
Deleted

Ah, yes, that did a job. Some malware was detected in your Restore points. If you did those operations I listed in my last post in order given then your new restore point got infected too. So run this point clearance procedure again...[toggling system restore off/on clears all old points..]
=In case you are tempted to do a system restore we must clear all your system restore points because some have been infected.... So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
[[a quick way in is Start > run, paste: control sysdm.cpl,,4 -and OK]]
Now make a fresh, clean restore point: Start > programs > accessories > system tools > system restore and create a restore point now!!
[[the quick way to System Restore is Start > run, paste: %systemroot%\system32\restore\rstrui.exe -and OK]]

Ah, DAEMON Tools was picked up earlier but I ignored it - I do not know what yours was but legit versions are safer.
You have 3 boot sectors? Seems like a lot....
H:\rthrw.com.. by any chance have you used a plugin of some sort, eg a USB device like a thumbdrive? That would explain the mountpoints2 entry in your registry [Windows remembers every USB device you ever plug in..]. Anyway, that device is infected. Delete its contents and format it.
Just as a point of curiosity will the Panda scan run now?

Done

Is it clean now, or should I remove it?

My knowledge at this area is not something to be proud of, should I do something about the 3 sectors? I remember the man who installed my WINDOWS asked me about spliting my hard disk to 2, but Im not sure thats relevant.
You are right , I did what you said, it was a usb disk-on-key that had a virus, I formatted it..

I will start it now and let you know what happened

BTW, When I started windows today, I got an error message that remote-assistane application failed to start.

Thanks a lot friend

="So run this point clearance procedure again...[toggling system restore off/on clears all old points..]" - I hope you did this bit also, tsahi.
=SetupDTSB.exe - this has already been deleted by BitDefender. It is an optional Searchbar installed with Daemon Tools [you get the chance to stop its installation during DT setup]. So don't worry about it.
=3 boot sectors. If you had a third party bootmanager and 3 OS's on your hd[s] I would expect this, but if you only have XP then, umm, no. I don't know how your tech managed to get 3 on if you only have XP.... if you had 98 and XP [and no boot manager] XP would overwrite the 98 boot sector with its own code, so still only one boot sector....
If you do have only XP then, well, it is simpler to just ignore the other two. I could remove them for you [or tell you how to do it] but it involves software with a lot of err... destructive power. Really, the extras [if that is the case] can do no harm.
We'll have a go at fixing remote assistance if Panda gets thru ok. Rest easy.

Panda scan finished (I think I deleted those cookies many times before):


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-03 07:45:59
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.519 7.5.519 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Osnat\Cookies\osnat@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Osnat\Cookies\osnat@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Osnat\Cookies\osnat@tribalfusion[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Osnat\Cookies\osnat@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Osnat\Cookies\osnat@ad.yieldmanager[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location N
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description N
;===================================================================================================================================================================================
;===================================================================================================================================================================================

mmm... nothing to worry about with those cookies. Using CCLeaner every couple weeks fixes those. How about the points I mentioned in my last post?
After all this cleaning etc it may pay you to run a check on your precious system files. Go start, run, paste in..
sfc /scannow
..and load your XP disk.

I made the new restore-point as you asked
My computer working well now, thanks again!

You did GREAT!
Thanks again for your tolerance and your professionalism

Good-oh, tsahi.... if you're happy, I'm happy.
Cheers.

thought I would post my 2 cents.

I had the same problem as the original poster, and it turned out to the be the Beagle/Bagle virus.

I also couldn't boot into safe mode.

The solution for me was to use avast! antivirus Home Edition free, this performed a virus scan before booting into XP.

W32.Beagle@mm Removal Tool helped a little bit, but resulted in errors on startup.

Finally with those 2 programs removing most of the virus, I could reinstall AVG Free as per normal.