Tavo virus

[david71]

Hi, I searched on google and found out that this site may provide me solution to my virus problem.

I have this symantec Anitvirus software it keeps on telling me there is a "tavo0.dll" in system32 folder is infected. and when i try to have it fix via my antivirus software it just keeps on coming back each reboot.

but i saw a few posts regarding this problem, I need to post a log of Hijackthis, and a log from Combofix right?

here is the log i attained from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:44 AM, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\David\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189776066640
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe

--
End of file - 11302 bytes

Quote:

but i saw a few posts regarding this problem, I need to post a log of Hijackthis, and a log from Combofix right?

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Quote:

Until a helper responds, the HJT log has not been analysed. Please wait to be advised and don't run fixes until asked.

[david71]

sry admins/volunteers...

i'll go through the standard procedures now... I'll make reply again the instructions given in the "before you post" doesn't help...

Thanks

[steamwiz]

Quote:

Originally Posted by david71

sry admins/volunteers...

i'll go through the standard procedures now... I'll make reply again the instructions given in the "before you post" doesn't help...

Thanks

David ... what do you mean ...the instructions given in the "before you post" doesn't help...

It helps us to help you if you run programs in a certain order, so we have your hijackthis log, I would like to see a KASPERSKY on-line scan log (from the link tashi gave you) before you run anything else, then most probably I will ask you for a Combofix log, but I don't want you to run Combofix first ... if however you have already run it, please post the log ... I must see the log from the first run of Combofix.

steam

[david71]

lol sry, i didn't see review my sentences before posting...

i meant "IF the instruction given.... doesn't help", wow that sentence without that if make a big difference.

so i ran the KASPERSKY, before Spybot... and then i ran Spybot as instructed....

I'm just curious as to why do u guys want the KASPERSKY log before Spybot is ran... neway... here is the log:

Thursday, March 20, 2008 9:58:55 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/03/2008
Kaspersky Anti-Virus database records: 581547


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 58273
Number of viruses found 4
Number of infected objects 30
Number of suspicious objects 0
Duration of the scan process 00:57:47

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\taskman32.exe Infected: Backdoor.Win32.Hupigon.bfgo skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped

C:\WINDOWS\Temp\sqlite_tEmM1ouEZ7L1y4m Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{7B868533-8F69-4FEA-B2A9-F2E2180C1C82}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2FF69CAC-2EC3-4A90-8346-04109BF76A81}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940000.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940001\4F943CF1.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40000\47B51371.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40001\47B51383.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40002\47B51391.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40003\47B5139F.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40004\47B513AD.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN/stream Infected: Trojan.Win32.DNSChanger.ph skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B40005\47B513BB.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B9C0000\4FDDBF18.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FFD7424.VBN Infected: Trojan-PSW.Win32.OnLineGames.rui skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0007\4FFDF4F3.VBN Infected: EICAR-Test-File skipped

C:\Documents and Settings\All Users\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\All Users\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\David\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\David\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\Perflib_Perfdata_73c.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\Perflib_Perfdata_125c.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Acer Arcade\Log\Trace20080320.log Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\XUL.mfl Object is locked skipped

C:\Documents and Settings\David\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\parent.lock Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\cert8.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\key3.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\history.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\search.sqlite Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Guest\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Guest\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-03-20.01-29-28.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0375NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0452NAV~.TMP Object is locked skipped

C:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\change.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{38565508-539E-4B8C-872B-D40144942298}\RP152\change.log Object is locked skipped

Scan process completed.

Thanks alot... and umm, i tried to ran the Combofix yesterday, right after HJT, while the HJT worked fined, but the combofix did not generate a log for me after a while. so i have checked the process that might have stalled it but found none mentioned was running... i dunno why still.. so i'm gonna try to run Combofix again right now, i hope it works.

[david71]

damn it, the combo fix just doesn't work for me, the first few times i ran it, there appears nothing but blue screen and a "." for the title of the windows......

and then, i just check out some other post, i got this link to Combofix's tutorial.... I followed it, and i downloaded this windows recovery point program, i dragged the thing (the right version for my pc) to combo fix, and at the windows when it says "auto scan" i thought it would go through a scan, but, it didn't

it just told me that i couldn't find some .dat file and it doesn't go on anymore. so i just closed the windows... i didn't excatly get the name of the .dat file...

so afterward, i rebooted my computer and made server attempt to run that thing again, including re-doing the windows recovery installment file to combofix... it didn't work...

[steamwiz]

HI

I'll try & find out what the problem is with Combofix ...

Go here to run an online scan from ESET.

http://www.eset.eu/online-scanner

Note: You will need to use Internet explorer for this scan

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is checkmarked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Copy and paste the log into your next reply

THEN ...

Perform an online scan with Internet Explorer with
http://www.pandasoftware.com/products/activescan.htm
Panda ActiveScan

1. Click on scanyourpc located at the bottom of the page.
2. A pop up window will appear. Please ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Free Online Scan *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting mycomputer

• If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on see report then click save report

Turn off the real time scanner of any existing antivirus program while performing the online scan.

Please post the Panda log scan.

THEN ...

Please run this on-line scan :-

http://www.bitdefender.com/scan8/ie.html

Scan the whole computer & let it Disinfect/delete all it finds ...

copy & paste here its report here please.

steam

[david71]

here is hte eset antivirus scan result:

one thing though, this is the second time that i scanned the computer with this program. The first time it went through, i saw it says it has detected 12 infected files, but half way through the scan, my computer over heated and shut down on its own, and when i then turn on the computer again, my original anti virus software, Symantec Antivirus version 7.5, told me that i has detected 12 trojan viruses and forced me to clean them up. so here is the result after the symantec antivirus cleaned those up.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2967 (20080321)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=084cb47b0beb1a4e9972f1ec41ed60cd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-22 11:52:08
# local_time=2008-03-22 07:52:08 )
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=333887
# found=0
# scan_time=1840

[david71]

here is the scanned result of the panda anti virus...


Incident Status Location

Adware:adware/sbsoft Not disinfected Windows Registry
Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\David\桌面\ComboFix.exe[327882R2FWJFW\pv.cfexe]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Cookies\david@overture[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\David\Cookies\david@fastclick[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Cookies\david@atdmt[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\David\Cookies\david@linksynergy[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\David\Cookies\david@cgi-bin[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\David\Cookies\david@com[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Cookies\david@advertising[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Cookies\david@realmedia[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\David\Cookies\david@i.screensavers[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Cookies\david@advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Cookies\david@tribalfusion[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Cookies\david@server.iad.liveperson[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adserver.easyad.info/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.adultfriendfinder.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.azjmp.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1n219c08.default\COOKIES.TXT[server.iad.liveperson.net/hc/56294818]
Virus:Trj/Bancos.RQ Disinfected C:\ComboFix(2)\pv.cfexe
lol, it says the combofix is infected =.=

[david71]

here is the result from bit defener..

well, the scans are done for now, thanks alot for the help, i can't wait till u guys fixes the virus for me or.... not



BitDefender Online Scanner
Scan report generated at: Sat, Mar 22, 2008 - 22:15:11
Scan path: C:\;D:\;E:\;F:\;

Statistics

Time 00:34:38
Files 270449
Folders 5237
Boot Sectors 4
Archives 7100
Packed Files 13737

Results
Identified Viruses 9
Infected Files 104
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 161

Engines Info
Virus Definitions
1021790
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 16
Archive plugins 41
Unpack plugins 7
E-mail plugins 6
System plugins 5

Scan Settings
First Action: Disinfect
Second Action: Delete
Heuristics: Yes
Enable Warnings: Yes
Scanned Extensions: *;
Exclude Extensions
Scan Emails Yes
Scan Archives: Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File: Status


okay, damn it, i keep on getting this message when i try to post the result:

"The text that you have entered is too long (46682 characters). Please shorten it to 20000 characters long.
"

[david71]

umm.... after the bit defender, i seems to have get rid of all my virus problems.. but now i can't access to my either two main hard drives by double clicking on them...

it, when i go to my computer, and double click on drive c:\, it will tell me that it can't find a program to execute the drive, and the same thing with my d:\ drive.

it can however access to every single file path on the computer by entering their addresses.. i.e. in the internet explorer window, i can type c:\program file, and i'll be lead to the program file foler.... and from the program file if i wanna to to c:\ drive i have to use the "go up a level" button on the function panels.

all, in all, the new problem that i'm having right now is, i can't get to any root drives directly, either by douleing clicking on the icon, or entering address of the root drive in internet explorer.

(i suspect that one of them program filed to disinfect the file, and actually deleted something from windows OS)

Thanks alot