Virus/Trojan Something messed me up need help

[NYCSTE2003]

AppName: explorer.exe AppVer: 6.0.2900.3156 ModName: libavcodec.dll
ModVer: 0.0.0.0 Offset: 001f09a1

is the explorer crash

and update spybot is now working and scanning

 

[NYCSTE2003]

File setup.exe received on 09.12.2007 07:08:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/32 (3.13%)
-details
Prevx1 V2 2007.09.12 Heuristic: Suspicious Hijacker

 

[NYCSTE2003]

Logfile of Spyware Terminator v2.0.0.194 (db:1.0.924.684)
Scan Time: 9/12/2007 12:37:57 AM length: 2540 s
Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 160910 (Critical:0)
Filter: No System items, No Safe items, No Invalid items

Running Processes
:
nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
pidgin.exe [The Pidgin developer community] : C:\Program Files\Pidgin\pidgin.exe
ConvertXtoDvd.exe [VSO Software SARL] : C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe
SpybotSD.exe [Safer Networking Limited] : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - [Orbitdownloader.com] : C:\Program Files\Orbitdownloader\orbitcth.dll

StartUps
04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : : C:\WINDOWS\system32\UDBDEF.EXE

Shell Extensions
7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - [Igor Pavlov] : C:\Program Files\7-Zip\7-zip.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll
Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL
- {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - : C:\Program Files\Unlocker\UnlockerCOM.dll
Desktop Manager - {709C6E11-538F-4759-86AC-6ACB302AA0DE} - : C:\WINDOWS\system32\msvdm.dll
Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
AVG7 Shell Extension Class - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
AVG7 Find Extension Class - {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

Protocol Filters
- {807553E5-5146-11D5-A672-00B0D022E945} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

Protocol Handler
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
Data Page Plugable Protocal mso-offdap11 Handler - {32505114-5902-49B2-880A-1F7738E5A384} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [Skype Technologies] : C:\Program Files\Common Files\Skype\Skype4COM.dll

Winsock 2
[Avira GmbH] : C:\WINDOWS\system32\avsda.dll
[Avira GmbH] : C:\WINDOWS\system32\avsda.dll
[Avira GmbH] : C:\WINDOWS\system32\avsda.dll

Services
23 - : C:\WINDOWS\system32\DRIVERS\a347bus.sys
23 - : C:\WINDOWS\system32\Drivers\a347scsi.sys
23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS
23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS
23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS
23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS
23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS
23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
23 - [Elaborate Bytes AG] : C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23 - : C:\WINDOWS\system32\giveio.sys
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys
23 - [Kensington Technology Group] : C:\WINDOWS\system32\drivers\KID_SYS.sys
23 - [Kensington Technology Group] : C:\WINDOWS\system32\drivers\ntxpusb.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
23 - : C:\WINDOWS\system32\DRIVERS\OREANS32.SYS
23 - [VSO Software] : C:\WINDOWS\system32\Drivers\pcouffin.sys
23 - [Elaborate Bytes] : C:\WINDOWS\system32\Drivers\RegKill.sys
23 - : C:\Program Files\SUPERANTISPYWARE\SASDIFSV.SYS
23 - : C:\Program Files\SUPERANTISPYWARE\SASKUTIL.SYS
23 - [Windows (R) 2000 DDK provider] : C:\WINDOWS\system32\speedfan.sys
23 - [Sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\Teefer.sys
23 - [Sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg3n.sys
23 - [Sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg4n.sys
23 - [Sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg5n.sys
23 - [Sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg6n.sys
23 - [Sygate Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\WPSDRVNT.SYS
23 - [Marvell] : C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23 - [EnTech Taiwan] : C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon, DLLName : [SUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[NYCSTE2003]

humm program GodZBSY.exe is running for some reason and google shows up nothing

 

[John]

Upload it to virustotal.com to see if it's detected.

 

[NYCSTE2003]

Originally posted by: John
Upload it to virustotal.com to see if it's detected.

i cant find the file on my computer but it said it was running weird.

and something turned on my system restore even though ive always had it off.

installed a program prevx. and it found 3 issues ill update lata

 

[NYCSTE2003]

ok this is hijack log after doing some more cleanup on my own. ill run the following Do all of the scans from the sticky list posted in this thread in Safe Mode. Then boot back into Normal Mode, run HijackThis and post a log.

Order of Operations

By following the directions listed below, you increase your chances for a fast reply on getting your HijackThis log and your computer cleaned.

Please follow these directions:

1. Boot your computer into Safe Mode by pressing F8 before the Windows logo screen on bootup.
2. Run SpywareBlaster.
3. Run CCleaner.
4. Run CWShredder.
5. Scan for viruses with the Recommended Software and Online Virus Scanners.
6. Run Windows Defender.
7. Run Ad-Aware SE Personal.
8. Run Spybot S&D.
At this point you should reboot your computer and run HijackThis to post a log on our forums.
9. Run HijackThis.
10. Run Windows Update.

Unable to run Windows Update? Fix most common errors with DjLizard's Dial-a-fix!
Cleaning & Settings

This section will describe how to update the recommended applications and allow you to configure each program with the best settings for malware removal.
SpywareBlaster

SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed. It will also stop malware from communicating with its host server. This helps to stop popups and malware from functioning and further spreading the infections.

Update Instructions:

1. Under ?Quick Tasks? click ?Download Latest Protection Updates?.
2. Click the ?Check for Updates? button.

Activation:

1. After updating, click ?Protection? near the top.
2. Under ?Quick Tasks? click ?Enable All Protection? and you're finished with SpywareBlaster.

Need further assistance? Refer to the SpywareBlaster screenshots.
CCleaner

CCleaner helps to clean more than just junk files in your computer. It can also help to clean out and remove malware from your %TEMP% folders and other common temporary directories where malware can reside.

Scan Settings:

1. Select the ?Windows? tab and check every option.
2. Select the ?Applications? tab and check every option.
3. Click the ?Run Cleaner? button.

The following items should not be checked.

* ?Memory Dumps?
* ?Old Prefetch Data?
* ?Hotfix Uninstallers?

The Memory Dumps cleaning option will remove any memory dumps that are generated when a program crashes on your computer. Many technicians can use these memory dumps to tell you exactly what caused the crash. These memory dumps are also sent to a crash analysis center at Microsoft when you use the Error Reporting feature. Reporting these errors and sending the crash dumps help all users because hotfixes are often issued to fix the very problem that made the program crash.

The Old Prefetch Data cleaning option will decrease your system performance. The impact that cleaning/deleting the prefetch data has on your system is well documented by technicians and Microsoft staff. Prefetch is designed to allow your applications to load faster.

The Hotfix Uninstallers cleaning option will remove every hotfix uninstaller. This is a bad option for CCleaner to have. If you have this option checked and you remove your hotfix uninstallers, should you ever have an issue with an update (hotfix) from Microsoft, you would not be able to uninstall the problematic hotfix. This could potentially result in your system being crippled.

Unchecking the above options will ensure your computer remains in proper working order and have better performance.

Note: The first run can take several minutes. You may wish to uncheck some options if CCleaner takes longer than five minutes. If you receive an error (MSVBVM60.DLL or other Visual Basic related error messages) you may need to install the Visual Basic 6 Runtimes.

Advanced users only:

This section deals with changes to your computer's registry. If you do not feel comfortable making changes to your registry then skip this section. It is recommended that you create a folder named ?Backups? in your CCleaner folder inside the Program Files directory and save your registry backups there.

1. Click the ?Issues? button and check every option.
2. Click the ?Scan For Issues? button.
3. Click the ?Fix selected issues...? button.
4. Click ?Yes? when asked to backup changes to the registry.
5. Save the backup for repairing these issues so you may find it easily when you need it in the future.

Need further assistance? Refer to the CCleaner screenshots.
CWShredder

CWShredder is used to find and remove traces of CoolWebSearch ? the name for a wide range of insidious browser hijackers ? from your PC.

Scan Settings:

1. Click ?Fix ->?.
2. Close all browser windows that are open.
3. Click ?OK? on the message box that tells you to close all open browser windows to ensure CWS is cleaned and removed.
4. After it scans through a report will be made, click ?Next ->?.
If any problems were found you may fix them now.
5. Click ?Exit? when you are finished.

Need further assistance? Refer to the CWShredder screenshot.
Windows Defender

Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected and minimizes interruptions and helps you stay productive.

Update Instructions:

1. Click on the arrow beside the Help icon (It is a question mark inside a blue and white circle).
2. Click ?Check for Updates?.

Scan Settings:

1. Click ?Scan Options?. (This is the arrow beside ?Scan Options?
2. Select ?Full system scan?.
3. Click ?Scan Now? to begin scanning.

Need further assistance? Refer to the Windows Defender screenshots.
Ad-Aware SE Personal

Ad-Aware is designed to provide advanced protection from known Data-mining, aggressive advertising, Parasites, Scumware, selected traditional Trojans, Dialers, Browser hijackers, and tracking components.

Update Instructions:

If you have downloaded the Anti-Malware package then you can run InstallDefs.bat or follow the directions below to update Ad-Aware.

1. Click ?Check for updates now?.
2. Click ?Connect? and download the update.
3. Click ?Finish? after the update has finished.

Scan Settings:
Image:AdAwareGear.png

* Open Ad-Aware SE Personal 1.06 and click on the ?Configuration?. If you are unsure how to reach the ?Configuration?, see the metal gear button image to the right.

All of the items mentioned below should be checked (green checkmark). If you cannot check them, simply skip them.

?General? settings:

* Automatically save log file.
* Automatically quarantine objects prior to removal.
* Safe mode (always request confirmation).
* Prompt to update outdated definitions.

?Scanning? settings:

* Scan within archives.
* Scan active processes.
* Scan registry.
* Deep-scan registry.
* Scan my IE Favorites for banned URLs.
* Scan my Hosts file.

?Advanced? settings:

* Include additional object information.
* Include negligible objects information.
* Include environment information.

?Default? settings:

* Click ?Read current settings from system? or you can enter the following.

Default Homepage: ?about:blank?
Default searchpage: ?http://www.google.com? or ?http://www.microsoft.com/isapi...dll?prd=ie&ar=iesearch?

?Tweak - Scanning Engine? settings:

* Unload recognized processes & modules during scan.
* Obtain command line of scanned proesses.
* Run scan as background process (Low CPU usage).
* Scan registry for all users instead of current user only.

?Tweak - Cleaning Engine? settings:

* Always try to unload modules before deletion.
* During removal, unload Explorer and IE if necessary.
* Let Windows remove files in use at next reboot.
* Delete quarantined objects after restoring.

?Tweak - Safety Settings? settings:

* Reanalyze results after scanning before displaying results lists.

?Tweak - Log Files? settings:

* Include basic Ad-Aware settings in log file.
* Include additional Ad-Aware settings in log file.
* Include reference summary in log file.
* Create log file for removal operations.
* Include module list in log file.
* Include alternate data stream details in log file.

?Tweak - User Interface? settings:

* Limit drive selection to fixed drives.
* Use gridlines in results lists.
* Show detail tooltips in results lists.

?Tweak - Misc Settings? settings:

* No options should be checked. If anything is checked, then you should uncheck it.

Click Proceed to continue.

Scanning:

1. Click ?Scan now? on the left side or ?Start? in the lower right.
2. Select the option ?Use custom scanning options? and make sure ?Search for negligible risk entries? is checked.
3. Press ?Next? to begin scanning.

Need further assistance? Refer to the Ad-Aware screenshots.
Spybot S&D

Spybot S&D searches your hard drive for so-called spy- or adbots; that is, little modules that are responsible for the ads many programs display. Many of these modules also transmit information, including your surfing behavior on the Internet. If it finds such modules, it can remove them. In most cases the host still runs fine after removing the spyware/adware.

Note: You do not need to run or activate TeaTimer. If you wish to have the extra protection you should use Windows Defender's Real Time Protection.

First time only:

1. Click ?Mode? -> ?Advanced?.
2. Click ?Yes? on the message box that appears.
3. Click ?Settings? -> ?File Sets? -> Make sure everything is checked.

Update Instructions:

You can run spybotsd_includes.exe or follow the directions below to update Spybot S&D.

1. Click on the ?Update? button.
2. Select all updates.
3. Select a server to download updates from. It is recommended that you use one close to where you live.
4. Click ?Download Updates?.

Scan Settings:

1. Click ?Immunize? and allow it to scan, then click ?Apply?.
2. Click ?Search & Destroy? and then click ?Check for Problems?.

This will find any malware installed and also offer to clean your usage tracks (MRUs).
If you have your folders set in a special way then do not check Windows Explorer in the usage tracks reported.

Need further assistance? Refer to the Spybot S&D screenshots.
HijackThis

HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis creates a report, or log file, with the results of the scan.

Scan Settings:

1. Uncheck ?Show this frame when I start HijackThis? at the bottom.
2. Click the ?Scan? button.
3. Click the ?Save log? button.
4. Name your log with your user name.

Example: If your username is User123, then you would save your log as User123-Hijack

Need further assistance? Refer to the HijackThis screenshot.
Conclusion

Haven't registered yet for the Lunarsoft.net website and forums? Then please register with us!

If you have registered with Lunarsoft.net already, please post your log on the HijackThis Logs forum.

After your computer has been given a clean bill of health, you should read the PC Security page for adding extra protection to your computer.

Good luck, Tarun - Lunarsoft.net

 

[NYCSTE2003]

and here is hijack log 1. before another safemode scan and fix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:13 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Documents and Settings\user\Desktop\HiJackThis v.200b.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co...urces/scan8/oscan8.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/f...102/qsp2ie06101001.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 7372 bytes

 

[John]

FWIW the Lunarsoft.net directions are really dated and will fail to detect and remove a lot of nasty infections. However looking at your HJT log you are already using several of the tools that I recommend. :thumbsup:

Remove:

O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/f...102/qsp2ie06101001.cab
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) <--- the file should still be in system32 though

Suspicious: I think it has something to do with nLite though......

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

Are you still having problems?

 

[NYCSTE2003]

as mentioned in beginning post somewhere with a picture i think included those are my problems.

for all i know my titlebar is missing and replaced with a silly windows symbol.

my quicklaunch >> doesnt work

my start button doesnt work

those are the visual issues my computer has. otherwise it seems just as stable as it ever was and i do everything like normal im just worried i havent found the issue which i have not and when i reformat might still have the problem.

but there is a good chance one of my cleaner programs one im not to familiar with deleted some important files for all i know and thats why those things arent working maybe. who knows.

all these programs i run day in and day out for the most part have found nothing since the first day or two. so i think im about to giveup John.

as mentioned in another thread on another forum this is my next question and route.

just got 500gb drive in today woot.

question.

currently i got 250, 200 and 160 full almost. the 160 isnt plugged in cuz it is ide and well stupid motherboard only has 1 ide slot and well id rather just keep cd rom drive up.

since i just got a 500 i can almost fit all my data onto that alone. should i use that as my C drive and not partition it

or how would you (whoever is reading this) setup your system with 3 sata hdds newest being fastest 16mb cache vs older 8mb cache for whatever thats worth. thanks for helpo

 

[NYCSTE2003]

http://support.microsoft.com/d...x?scid=kb;en-us;555130

Menu bar/Toolbar Missing in Windows Explorer and/or Internet Explorer
View products that this article applies to.
Author: Doug Knox MVP
Community Solutions Content Disclaimer
Article ID : 555130
Last Review : July 28, 2005
Revision : 1.0
SUMMARY
The Menu bar and/or Toolbar may be missing when you open Windows Explorer and/or Internet Explorer.

Back to the top
SYMPTOMS
When you open Windows Explorer or Internet Explorer you may find that your Menu bar and/or Toolbar is missing.

Back to the top
CAUSE
For Windows Explorer and Internet Explorer, this behavior is caused by one or more corrupt values in the Windows Registry

Back to the top
RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this problem, edit the registry to remove the corrupt value(s).

Close all open Internet Explorer and Windows Explorer windows. Start the Registry Editor (Click Start, Run and enter REGEDIT.EXE).

Go to the following Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

For Windows Explorer: In the right pane, locate the Explorer sub-key and open it. In the right pane, locate the ITBarLayout value. Right click this value and select Delete.

For Internet Explorer: In the right pane, locate the WebBrowser sub-key and open it. In the right pane, locate the ITBarLayout value. Right click this value and select Delete.

Quit Registry Editor.

Open the affected program (Windows Explorer or Internet Explorer) and verify that you're Menu bar/Toolbar has been restored. If not, close all open Windows Explorer and Internet Explorer Windows and repeat the above step. Then locate the ShellBrowser sub-key, open it and delete the ITBarLayout value there.

Back to the top
MORE INFORMATION
Notes: Any Toolbar layout customizations will be undone, and the affected Toolbar will be reset to its default configuration. For Windows Explorer, in Windows XP Home Edition, it may be necessary to re-enable the Address bar in Windows Explorer. To do this open Windows Explorer. Then right click a blank area of the Toolbar or Menu bar and select the Address bar item.

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry

 

[NYCSTE2003]

the file ITBarLayout doesnt exist in my registry. soo problemo.

this is all i got.


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName"="Links"
"Locked"=dword:00000001
"ShowDiscussionButton"="Yes"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Explorer]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,
aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,
00,00,46,81,00,00,00,10,20,00,00,b6,cb,53,42,c5,dc,c6,01,5c,0f,66,75,69,dc,
c6,01,5c,0f,66,75,69,dc,c6,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,4b,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,
08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,24,37,a4,1e,10,20,44,4f,43,55,4d,
45,7e,31,00,00,44,00,03,00,04,00,ef,be,34,35,17,55,24,37,a4,1e,14,00,00,00,
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,
00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,34,00,
31,00,00,00,00,00,24,37,6f,81,10,20,75,73,65,72,00,00,20,00,03,00,04,00,ef,
be,34,35,52,77,24,37,6f,81,14,00,00,00,75,00,73,00,65,00,72,00,00,00,14,00,
56,00,31,00,00,00,00,00,34,35,31,20,11,20,46,41,56,4f,52,49,7e,31,00,00,3e,
00,03,00,04,00,ef,be,34,35,52,77,34,35,31,20,14,00,28,00,46,00,61,00,76,00,
6f,00,72,00,69,00,74,00,65,00,73,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,
6c,2c,2d,31,32,36,39,33,00,18,00,36,00,31,00,00,00,00,00,34,35,31,20,10,20,
4c,69,6e,6b,73,00,22,00,03,00,04,00,ef,be,34,35,55,77,34,35,31,20,14,00,00,
00,4c,00,69,00,6e,00,6b,00,73,00,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,
58,00,00,00,00,00,00,00,6e,65,77,62,69,65,00,00,00,00,00,00,00,00,00,00,8a,
60,c4,a9,2a,da,fc,43,8a,f7,47,d3,fc,d3,87,e7,e4,9f,91,72,57,48,db,11,9f,4a,
00,16,e6,80,e2,8d,8a,60,c4,a9,2a,da,fc,43,8a,f7,47,d3,fc,d3,87,e7,e4,9f,91,
72,57,48,db,11,9f,4a,00,16,e6,80,e2,8d,00,00,00,00
"{F4D76F09-7896-458A-890F-E1F05C46069F}"=hex:09,6f,d7,f4,96,78,8a,45,89,0f,e1,
f0,5c,46,06,9f

 

[NYCSTE2003]

current hijack log.

run hijackthis and post the log

for sure brotha


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:10 AM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\regedit.exe
C:\Documents and Settings\user\Desktop\HiJackThis v.200b.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 7477 bytes

O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

those two things i dont like look of otherwise everything i am familiar with.

just checked
bdoscandel.exe is the uninstaller for BitDefender Online Scanner. It is located at %WinDir% directory. This is a non-essential program. You can safely remove it.

 

[NYCSTE2003]

Sophos Anti-Virus
Version 4.21.0 [Win32/Intel]
Virus data version 4.21E, September 2007
Includes detection for 291211 viruses, trojans and worms
Copyright (c) 1989-2007 Sophos Plc, www.sophos.com

System time 14:11:09, System date 17 September 2007
Command line qualifiers are: -f -extensive -all -nc -nb -remove -archive -cab -loopback -mime -oe -tnef -pua -mbr -mac

Full Scanning

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer10.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer10.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer10.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer11.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer11.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer11.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer12.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer12.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer12.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer13.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer13.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer13.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer14.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer14.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer14.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer2.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer2.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer2.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer3.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer3.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer3.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer4.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer4.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer4.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer5.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer5.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer5.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer6.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer6.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer6.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer7.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer7.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer7.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer8.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer8.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer8.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer9.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer9.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer9.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSDirectDraw.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSDirectDraw.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSDirectDraw.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSManagementConsole.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSManagementConsole.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSManagementConsole.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer10.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer10.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer10.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer11.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer11.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer11.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer12.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer12.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer12.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer13.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer13.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer13.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer2.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer2.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer2.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer3.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer3.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer3.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer4.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer4.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer4.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer5.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer5.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer5.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer6.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer6.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer6.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer7.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer7.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer7.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer8.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer8.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer8.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer9.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer9.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer9.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows1.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows1.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows1.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows2.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows2.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows2.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer1.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer1.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer1.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer10.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer10.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer10.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer2.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer2.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer2.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer3.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer3.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer3.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer4.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer4.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer4.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer5.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer5.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer5.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer6.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer6.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer6.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer7.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer7.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer7.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer8.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer8.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer8.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer9.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer9.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer9.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK1.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK1.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK1.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK10.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK10.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK10.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK11.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK11.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK11.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK12.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK12.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK12.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK13.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK13.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK13.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK14.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK14.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK14.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK15.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK15.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK15.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK16.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK16.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK16.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK17.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK17.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK17.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK18.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK18.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK18.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK19.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK19.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK19.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK2.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK2.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK2.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK20.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK20.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK20.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK21.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK21.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK21.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK3.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK3.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK3.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK4.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK4.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK4.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK5.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK5.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK5.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK6.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK6.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK6.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK7.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK7.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK7.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK8.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK8.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK8.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK9.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK9.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK9.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith1.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith1.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith1.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith10.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith10.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith10.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith11.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith11.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith11.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith12.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith12.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith12.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith13.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith13.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith13.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith2.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith2.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith2.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith3.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith3.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith3.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith4.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith4.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith4.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith5.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith5.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith5.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith6.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith6.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith6.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith7.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith7.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith7.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith8.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith8.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith8.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith9.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith9.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith9.zip\comment
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini
Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\comment
Could not open C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Could not open C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Could not check C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5pfrjjr.default\Cache\0AFB9CCFd01\Gzip (corrupt)
>>> Virus 'Mal/Dorf-A' found in file C:\Documents and Settings\user\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Documents and Settings\user\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe
Removal successful
Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-10-2007 - 17-49-17.SBU\{2098F008-8CFE-4491-B2DD-B87774FF4B09}
Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-10-2007 - 17-49-17.SBU\{28220B1F-237F-474A-9922-3BD112494632}
Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-10-2007 - 17-49-17.SBU\backup.db
Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-12-2007 - 16-00-13.SBU\{63A246B4-3B17-43F2-8E27-9F4EA0F61ECC}
Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-12-2007 - 16-00-13.SBU\backup.db
Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-12-2007 - 22-35-49.SBU\backup.db
Could not open C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Could not open C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
>>> Virus 'Mal/Dorf-A' found in file C:\Documents and Settings\user\Local Settings\Apps\2.0\JHWCEDC8.09R\0HQC76CR.LYK\wowa..tion_4d89fb8d52541cc9_0001.0009_0cd1b5f8e4698fd6\WowAceUpdater.exe
Removal successful
Could not open C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_5f0.dat
Could not open C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_704.dat
>>> Virus 'Mal/HckPk-A' found in file C:\hbwpb.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AC3Filter\dialog_patch.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AIM\Patcher.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AIM\SendFile.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AIM\ShareFile.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AIM\Sysfiles\AolOnDesktop.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmcdlg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Avira\AntiVir PersonalEdition Premium\guardgui.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Avira\AntiVir PersonalEdition Premium\licmgr.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Avira\AntiVir PersonalEdition Premium\preupd.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\DVD Decrypter\DVDDecrypter.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\FDRLab\YouTube Downloader\ffmpeg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\FixVTS.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\GIGABYTE\ET5Pro\ETcall.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Gravis\Xperience\Setup\grxp4exe.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Gravis\Xperience\Setup\xp_run.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\GRETECH\GomPlayer\GrLauncher.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\GRETECH\GomPlayer\KillGom.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\GRETECH\GomPlayer\srt2smi.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\Helexis\Drive Health\dhreport.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\ImgBurn\ImgBurn.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\InfraRecorder\ckEffects.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Battlefield 1942_uninst.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\IrfanView\iv_uninstall.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\IrfanView\Plugins\Slideshow.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\ktab.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\orbd.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\pack200.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\policytool.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\rmid.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\rmiregistry.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\servertool.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\tnameserv.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\jv16 PowerTools 2007\Backups\0013E9\PXL.exe
Removal successful
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp
Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\NetMeeting\cb32.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\nLite\7z.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\gengal.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\msfontextract.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\nsplugin.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\odbcconfig.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\pkgchk.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\scalc.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\senddoc.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\setofficelang.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\swriter.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\uno.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\unopkg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Outlook Express\msimn.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Outlook Express\oemig50.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Outlook Express\wabmig.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\peazip.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\gwrap.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\pea.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\unace\unace.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\upx\strip.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\upx\upx.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Pmcc\Baku\sdelete.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\PowerISO\dvdburn.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\PowerISO\piso.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\RaimaRadio\lame.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Realtek\InstallShield\SoundMan.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\Replay Converter\ffmpeg2theora.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Replay Converter\RegSvr32.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Replay Converter\ReplayConverterv20_Crack.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\SUPERAntiSpyware\BootSafe.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Teamspeak2_RC2\client_sdk\tsControl.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Unlocker\UnlockerAssistant.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\VistaCodecPack\filters\ac3config.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Winamp\Plugins\reporter.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Winamp\WampEnq.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Windows Media Player\mplayer2.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\WinRAR\patch.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\WinRAR\RarExtLoader.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\WinRAR\Uninstall.exe
Removal successful
>>> Virus 'Mal/HckPk-A' found in file C:\WINDOWS\erdnt\subs\ERDNT.EXE
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\hh.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\msistub.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\System32\Macromed\Shockwave 10\SwInit.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{103906AD-C60E-4E65-BC84-CE980D19CE41}\ARPPRODUCTICON.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{7CCEBC24-62DB-4280-A8EC-BFA49F167920}\places.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\ffdshowraw_F9FD80CE04484D4F8BCD77FC514C3F99.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\Haali_F9FD80CE04484D4F8BCD77FC514C3F99.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\QuickTime_F9FD80CE04484D4F8BCD77FC514C3F99.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2qfe\iedw.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\SoundMan.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\actmovie.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ahui.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\alg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\asr_fmt.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\asr_ldm.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\at.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\atmadm.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\auditusr.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\bootcfg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\bootok.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\cipher.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\comp.exe
Removal successful
Could not open C:\WINDOWS\system32\config\system.LOG
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\alg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\arp.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\asr_fmt.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\asr_ldm.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\asr_pfu.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\at.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\atmadm.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\compact.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\comrepl.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\comrereg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\convlog.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\davcdata.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\dcomcnfg.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\defrag.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\dllhost.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\drvqry.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\dumprep.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\dvdupgrd.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\esentutl.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\evcreate.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\eventvwr.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\expand.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\extrac32.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\fc.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\find.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\findstr.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\flattemp.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\fltmc.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\gpupdate.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\grpconv.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\help.exe

 

[NYCSTE2003]

just sharing a current scan.

http://img183.imageshack.us/my...e=virusscannerswm3.jpg

 

[NYCSTE2003]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:34 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pidgin\pidgin.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\user\Desktop\HiJackThis v.200b.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: Editor plugin - {6C8DE14D-EF92-492f-BBF7-B61F1405F328} - smuhdd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co...urces/scan8/oscan8.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/f...102/qsp2ie06101001.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe (file missing)
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 6976 bytes

 

[Motorheader]

Okay - just reading the Sophos log you appear to have downloaded/installed "software of questionable origin". No wonder your rig is a mess.

The word "patch" and "crack" show a few times.

My suggestion:

- Goto http://www.ultimatebootcd.com/
- follow instructions to download the latest version and make the CD
- Boot from the CD
- Choose any of the 5 Hard Disk wiping tools

If you choose to play with warez/cracks, unfortunately this is what happens.

 

[NYCSTE2003]

Originally posted by: Motorheader
Okay - just reading the Sophos log you appear to have downloaded/installed "software of questionable origin". No wonder your rig is a mess.

The word "patch" and "crack" show a few times.

My suggestion:

- Goto http://www.ultimatebootcd.com/
- follow instructions to download the latest version and make the CD
- Boot from the CD
- Choose any of the 5 Hard Disk wiping tools

If you choose to play with warez/cracks, unfortunately this is what happens.

not familiar with that site ill def check it out.

-and of course the only time ive ever gotten infected with anything is of coures from downloading stuff and not knowing what your always getting.

its not a big deal to wipe your computer and reformat. i just enjoy trying to fix things sometimes.

let the person who has never sinned throw the first stone .

thanks for ur help ill chekcout that site


PS- how do you remove entries that you can see in hijack log when i removed the programs from my computer. some things i just dont know how to remove. and things from msconfig start menu even though sometimes they arent on the computer.

i can run all the scanner cleaner programs i want but nothing removes them. so any advice would rock in that department

 

[mechBgon]

its not a big deal to wipe your computer and reformat.

It is a big deal if they steal your stuff, however. Like your WoW login, so they can auction off all your WoW stuff. Or the keys to your game CDs, so they can sell them and then your key won't work for YOU anymore. Or your PayPal, or eBay, or bank site logins. Or so they can use your computer to send Spam and malware to thousands of other people until you clean it.

None of that damage is undone by you LOL I'LL JUST REFORMAT AND IT'S ALL GOOD. Stop being the bad guys' dream-come-true computer owner. Please. You can live without that stuff.

 

[NYCSTE2003]

yea ur right.

-important facts to learn from all of this.

-even though you may consider yourself a computer guru the dude making the virus, trojan, spyware etc is more evil
-dont download warez stuff.
-once infected and you think its staying reformat to not allow bad guys to get important stuff.

a few questions for anyone reading.
1. does installing for ex AVG claimwin and umm antirvir hurt me if i use lets say antivir as my main always runnning AV and use AVG and Claim only to scan folders when i want. someone mentioned its bad and i know having them running together could mess things up sometimes but thats not what i do right?

2. too many spyware cleaner programs installed. true or not true? is there really a way to messup your rig like question 1 with too much cleaner software? or is it more so about knowing what programs are good and if you got a problem squash it right away or redo.

 

[mechBgon]

My 2¢ worth:

1) what about multiple antiviruses? If you need more security than a very good single antivirus can provide, then adding more antiviruses isn't the right answer. Hardening your operating system, laying aside your Administrator powers when you don't need them, eliminating vulnerabilities, and conciously avoiding all risky behavi0rz are where it's at. Also, even if just one antivirus has a realtime scanner enabled, they still can clash.

2) what about multiple spyware cleaners? They can generally be used together. Personally, I don't see too much point in them if you're using the strategy in #1 above, but you have to include the risk avoidance part of the plan.

Case in point: I've had Vista installed for almost 9 months, and use the strategy I just described in #1. I don't run warez/P2P/cracks/serials, I don't go installing junk I found on the Internet willy-nilly, and I don't do anything dumb with my Administrator account. I do keep everything up-to-date, leave User Account Control enabled, and use IE7 in Protected Mode. The system does get sent to malicious websites every day in the course of malware hunting, but only from a separate dedicated non-Admin user account just for that role.

So I ran SpyBot Search & Destroy on my regular non-Admin user account on Vista, and the only thing it could find to gripe about was one desktop shortcut it didn't like, which was only there because it was left over from some malware research. That's on a computer which has been used to collect over 8GB of malware from the wild, and strategy #1 kept it clean. I think that shows that if you keep your nose clean, you probably won't need a spyware cleaner, let alone multiple spyware cleaners.

 

[NYCSTE2003]

Originally posted by: mechBgon
My 2¢ worth:

1) what about multiple antiviruses? If you need more security than a very good single antivirus can provide, then adding more antiviruses isn't the right answer. Hardening your operating system, laying aside your Administrator powers when you don't need them, eliminating vulnerabilities, and conciously avoiding all risky behavi0rz are where it's at. Also, even if just one antivirus has a realtime scanner enabled, they still can clash.

2) what about multiple spyware cleaners? They can generally be used together. Personally, I don't see too much point in them if you're using the strategy in #1 above, but you have to include the risk avoidance part of the plan.

Case in point: I've had Vista installed for almost 9 months, and use the strategy I just described in #1. I don't run warez/P2P/cracks/serials, I don't go installing junk I found on the Internet willy-nilly, and I don't do anything dumb with my Administrator account. I do keep everything up-to-date, leave User Account Control enabled, and use IE7 in Protected Mode. The system does get sent to malicious websites every day in the course of malware hunting, but only from a separate dedicated non-Admin user account just for that role.

So I ran SpyBot Search & Destroy on my regular non-Admin user account on Vista, and the only thing it could find to gripe about was one desktop shortcut it didn't like, which was only there because it was left over from some malware research. That's on a computer which has been used to collect over 8GB of malware from the wild, and strategy #1 kept it clean. I think that shows that if you keep your nose clean, you probably won't need a spyware cleaner, let alone multiple spyware cleaners.

cool man your a much smarter man then me. i only do multiple AVs cuz i figured they wouldnt bother each other and usually i dont recall having a conflict or problem but i believe you and would agree there could be problems it only makes sense.

i gotta learn more about setting admin account and using that only for specific things while keeping my account limited.

ill be reformating this evening.

and possibly upgrading to vista to check it out sometime soon or dual booting or something

 

[NYCSTE2003]

well just to update everyone.

my computer got totally screwed up it was fine for a week or so. then files started getting corrupted and other stuff. i tried fixing things but nothing worked so i gaveup and reformated.

things to note.

1. learn how to setup an admin account and only use limited user account (gotta figure that out)
2. antivirus programs and spyware scanners only find 70-90percent of issues out today dont rely on them
3. when in doubt reformat much faster then i did cuz i think the virus thing started corrupting my other harddrive files. im worried about that now its my data drive and im trying to see howmany files are messed up. the thing started changing all my exe files and then my AV would delete it. soo yea stinks.

anyways just wnated to update ya all

 

[NYCSTE2003]

1. followed all the steps here making my computer safer http://www.mechbgon.com/
2. found my first issue hehe. trying to upload a possible infected file and im told to http://www.virustotal.com
-0 bytes size received / Se ha recibido un archivo vacio
-try and copy file to desktop to try and upload from there to http://www.virustotal.com says access denied. soo this is fun im learning haha


ps but seriouslly i know some of you are laughing and stuff but the bottom line is if you play with fire your bound to get burned and i fianlyl got hurt 7years of playing with xp clearly knowing more then the normal person and being considered a god by them i always knew i didnt know much. i proved it to myself 7years later haha. im screwed


whoah interesting i tried to copy a exe file that didnt showup on my AV scan and i could.

soo something with good interests in mind is preventing me from moving the so called problem exe. interesting. just sharing this with ya all