Jump to content

virus/trojan taskbar and start menu not fully working


Recommended Posts

Logfile of Spyware Terminator v2.0.0.194 (db:1.0.924.684)

Scan Time: 9/12/2007 12:37:57 AM length: 2540 s

Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)

User: Admin

Boot Mode: Normal

Scan type: Full_Spyware_Scan

Scanned Objects: 160910 (Critical:0)

Filter: No System items, No Safe items, No Invalid items

Running Processes

:

nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe

pidgin.exe [The Pidgin developer community] : C:\Program Files\Pidgin\pidgin.exe

ConvertXtoDvd.exe [VSO Software SARL] : C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe

SpybotSD.exe [safer Networking Limited] : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Internet Settings

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO

02 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - [Orbitdownloader.com] : C:\Program Files\Orbitdownloader\orbitcth.dll

StartUps

04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : : C:\WINDOWS\system32\UDBDEF.EXE

Shell Extensions

7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - [igor Pavlov] : C:\Program Files\7-Zip\7-zip.dll

AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll

Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL

Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL

- {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll

UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - : C:\Program Files\Unlocker\UnlockerCOM.dll

Desktop Manager - {709C6E11-538F-4759-86AC-6ACB302AA0DE} - : C:\WINDOWS\system32\msvdm.dll

Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll

Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

AVG7 Shell Extension Class - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

AVG7 Find Extension Class - {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

Protocol Filters

- {807553E5-5146-11D5-A672-00B0D022E945} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

Protocol Handler

Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

Data Page Plugable Protocal mso-offdap11 Handler - {32505114-5902-49B2-880A-1F7738E5A384} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [skype Technologies] : C:\Program Files\Common Files\Skype\Skype4COM.dll

Winsock 2

[Avira GmbH] : C:\WINDOWS\system32\avsda.dll

[Avira GmbH] : C:\WINDOWS\system32\avsda.dll

[Avira GmbH] : C:\WINDOWS\system32\avsda.dll

Services

23 - : C:\WINDOWS\system32\DRIVERS\a347bus.sys

23 - : C:\WINDOWS\system32\Drivers\a347scsi.sys

23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS

23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS

23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS

23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS

23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS

23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

23 - [Elaborate Bytes AG] : C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

23 - : C:\WINDOWS\system32\giveio.sys

23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys

23 - [Kensington Technology Group] : C:\WINDOWS\system32\drivers\KID_SYS.sys

23 - [Kensington Technology Group] : C:\WINDOWS\system32\drivers\ntxpusb.sys

23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe

23 - : C:\WINDOWS\system32\DRIVERS\OREANS32.SYS

23 - [VSO Software] : C:\WINDOWS\system32\Drivers\pcouffin.sys

23 - [Elaborate Bytes] : C:\WINDOWS\system32\Drivers\RegKill.sys

23 - : C:\Program Files\SUPERANTISPYWARE\SASDIFSV.SYS

23 - : C:\Program Files\SUPERANTISPYWARE\SASKUTIL.SYS

23 - [Windows ® 2000 DDK provider] : C:\WINDOWS\system32\speedfan.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\Teefer.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg3n.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg4n.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg5n.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg6n.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\WPSDRVNT.SYS

23 - [Marvell] : C:\WINDOWS\system32\DRIVERS\yk51x86.sys

23 - [EnTech Taiwan] : C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

Winlogon Notify

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon, DLLName : [sUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

Link to comment
Share on other sites


Do all of the scans from the sticky link posted in this thread in Safe Mode. Then boot back into Normal Mode, run HijackThis and post a log.

will do later thanks.

[q]Originally posted by: John

Upload it to virustotal.com to see if it's detected.[/q]

i cant find the file on my computer but it said it was running weird.

and something turned on my system restore even though ive always had it off.

installed a program prevx. and it found 3 issues ill update lata

Link to comment
Share on other sites

ok this is hijack log after doing some more cleanup on my own. ill run the following Do all of the scans from the sticky list posted in this thread in Safe Mode. Then boot back into Normal Mode, run HijackThis and post a log.

Edit: Removed text taken from the wiki at Lunarsoft.

Edited by Tarun
Removed copied wiki text.
Link to comment
Share on other sites

and here is hijack log 1. before another safemode scan and fix.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:42:13 PM, on 9/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Prevx2\PXAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Documents and Settings\user\Desktop\HiJackThis v.200b.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)

O4 - HKLM\..\Run: [smcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--

End of file - 7372 bytes

Link to comment
Share on other sites

http://support.microsoft.com/default.aspx?...kb;en-us;555130

Menu bar/Toolbar Missing in Windows Explorer and/or Internet Explorer

View products that this article applies to.

Author: Doug Knox MVP

Community Solutions Content Disclaimer

Article ID : 555130

Last Review : July 28, 2005

Revision : 1.0

SUMMARY

The Menu bar and/or Toolbar may be missing when you open Windows Explorer and/or Internet Explorer.

Back to the top

SYMPTOMS

When you open Windows Explorer or Internet Explorer you may find that your Menu bar and/or Toolbar is missing.

Back to the top

CAUSE

For Windows Explorer and Internet Explorer, this behavior is caused by one or more corrupt values in the Windows Registry

Back to the top

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this problem, edit the registry to remove the corrupt value(s).

Close all open Internet Explorer and Windows Explorer windows. Start the Registry Editor (Click Start, Run and enter REGEDIT.EXE).

Go to the following Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

For Windows Explorer: In the right pane, locate the Explorer sub-key and open it. In the right pane, locate the ITBarLayout value. Right click this value and select Delete.

For Internet Explorer: In the right pane, locate the WebBrowser sub-key and open it. In the right pane, locate the ITBarLayout value. Right click this value and select Delete.

Quit Registry Editor.

Open the affected program (Windows Explorer or Internet Explorer) and verify that you're Menu bar/Toolbar has been restored. If not, close all open Windows Explorer and Internet Explorer Windows and repeat the above step. Then locate the ShellBrowser sub-key, open it and delete the ITBarLayout value there.

Back to the top

MORE INFORMATION

Notes: Any Toolbar layout customizations will be undone, and the affected Toolbar will be reset to its default configuration. For Windows Explorer, in Windows XP Home Edition, it may be necessary to re-enable the Address bar in Windows Explorer. To do this open Windows Explorer. Then right click a blank area of the Toolbar or Menu bar and select the Address bar item.

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry

Link to comment
Share on other sites

the file ITBarLayout doesnt exist in my registry. soo problemo.

this is all i got.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

"LinksFolderName"="Links"

"Locked"=dword:00000001

"ShowDiscussionButton"="Yes"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Explorer]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\

aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\

aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00

"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,\

aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,\

00,00,46,81,00,00,00,10,20,00,00,b6,cb,53,42,c5,dc,c6,01,5c,0f,66,75,69,dc,\

c6,01,5c,0f,66,75,69,dc,c6,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,4b,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,\

08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,5c,00,31,00,00,00,00,00,24,37,a4,1e,10,20,44,4f,43,55,4d,\

45,7e,31,00,00,44,00,03,00,04,00,ef,be,34,35,17,55,24,37,a4,1e,14,00,00,00,\

44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,\

00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,34,00,\

31,00,00,00,00,00,24,37,6f,81,10,20,75,73,65,72,00,00,20,00,03,00,04,00,ef,\

be,34,35,52,77,24,37,6f,81,14,00,00,00,75,00,73,00,65,00,72,00,00,00,14,00,\

56,00,31,00,00,00,00,00,34,35,31,20,11,20,46,41,56,4f,52,49,7e,31,00,00,3e,\

00,03,00,04,00,ef,be,34,35,52,77,34,35,31,20,14,00,28,00,46,00,61,00,76,00,\

6f,00,72,00,69,00,74,00,65,00,73,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,\

6c,2c,2d,31,32,36,39,33,00,18,00,36,00,31,00,00,00,00,00,34,35,31,20,10,20,\

4c,69,6e,6b,73,00,22,00,03,00,04,00,ef,be,34,35,55,77,34,35,31,20,14,00,00,\

00,4c,00,69,00,6e,00,6b,00,73,00,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,\

58,00,00,00,00,00,00,00,6e,65,77,62,69,65,00,00,00,00,00,00,00,00,00,00,8a,\

60,c4,a9,2a,da,fc,43,8a,f7,47,d3,fc,d3,87,e7,e4,9f,91,72,57,48,db,11,9f,4a,\

00,16,e6,80,e2,8d,8a,60,c4,a9,2a,da,fc,43,8a,f7,47,d3,fc,d3,87,e7,e4,9f,91,\

72,57,48,db,11,9f,4a,00,16,e6,80,e2,8d,00,00,00,00

"{F4D76F09-7896-458A-890F-E1F05C46069F}"=hex:09,6f,d7,f4,96,78,8a,45,89,0f,e1,\

f0,5c,46,06,9f

Link to comment
Share on other sites

current hijack log.

run hijackthis and post the log

for sure brotha

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:47:10 AM, on 9/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Prevx2\PXAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\Program Files\Pidgin\pidgin.exe

C:\Program Files\Outlook Express\msimn.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\regedit.exe

C:\Documents and Settings\user\Desktop\HiJackThis v.200b.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)

O4 - HKLM\..\Run: [smcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--

End of file - 7477 bytes

O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

those two things i dont like look of otherwise everything i am familiar with.

just checked

bdoscandel.exe is the uninstaller for BitDefender Online Scanner. It is located at %WinDir% directory. This is a non-essential program. You can safely remove it.

Link to comment
Share on other sites

Sophos Anti-Virus

Version 4.21.0

Virus data version 4.21E, September 2007

Includes detection for 291211 viruses, trojans and worms

Copyright © 1989-2007 Sophos Plc, www.sophos.com

System time 14:11:09, System date 17 September 2007

Command line qualifiers are: -f -extensive -all -nc -nb -remove -archive -cab -loopback -mime -oe -tnef -pua -mbr -mac

Full Scanning

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer10.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer10.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer10.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer11.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer11.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer11.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer12.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer12.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer12.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer13.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer13.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer13.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer14.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer14.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer14.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer2.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer2.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer2.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer3.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer3.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer3.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer4.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer4.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer4.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer5.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer5.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer5.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer6.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer6.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer6.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer7.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer7.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer7.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer8.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer8.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer8.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer9.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer9.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetExplorer9.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSDirectDraw.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSDirectDraw.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSDirectDraw.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSManagementConsole.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSManagementConsole.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSManagementConsole.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer10.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer10.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer10.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer11.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer11.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer11.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer12.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer12.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer12.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer13.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer13.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer13.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer2.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer2.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer2.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer3.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer3.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer3.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer4.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer4.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer4.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer5.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer5.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer5.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer6.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer6.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer6.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer7.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer7.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer7.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer8.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer8.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer8.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer9.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer9.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer9.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows1.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows1.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows1.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows2.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows2.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Windows2.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer1.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer1.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer1.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer10.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer10.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer10.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer2.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer2.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer2.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer3.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer3.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer3.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer4.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer4.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer4.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer5.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer5.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer5.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer6.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer6.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer6.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer7.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer7.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer7.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer8.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer8.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer8.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer9.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer9.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsExplorer9.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK1.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK1.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK1.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK10.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK10.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK10.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK11.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK11.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK11.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK12.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK12.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK12.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK13.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK13.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK13.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK14.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK14.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK14.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK15.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK15.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK15.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK16.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK16.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK16.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK17.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK17.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK17.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK18.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK18.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK18.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK19.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK19.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK19.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK2.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK2.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK2.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK20.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK20.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK20.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK21.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK21.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK21.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK3.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK3.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK3.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK4.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK4.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK4.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK5.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK5.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK5.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK6.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK6.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK6.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK7.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK7.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK7.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK8.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK8.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK8.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK9.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK9.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaSDK9.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith1.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith1.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith1.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith10.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith10.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith10.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith11.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith11.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith11.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith12.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith12.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith12.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith13.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith13.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith13.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith2.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith2.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith2.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith3.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith3.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith3.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith4.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith4.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith4.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith5.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith5.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith5.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith6.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith6.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith6.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith7.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith7.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith7.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith8.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith8.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith8.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith9.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith9.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsOpenWith9.zip\comment

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini

Password protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\comment

Could not open C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Could not open C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Could not check C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5pfrjjr.default\CacheAFB9CCFd01\Gzip (corrupt)

>>> Virus 'Mal/Dorf-A' found in file C:\Documents and Settings\user\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Documents and Settings\user\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe

Removal successful

Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-10-2007 - 17-49-17.SBU\{2098F008-8CFE-4491-B2DD-B87774FF4B09}

Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-10-2007 - 17-49-17.SBU\{28220B1F-237F-474A-9922-3BD112494632}

Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-10-2007 - 17-49-17.SBU\backup.db

Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-12-2007 - 16-00-13.SBU\{63A246B4-3B17-43F2-8E27-9F4EA0F61ECC}

Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-12-2007 - 16-00-13.SBU\backup.db

Password protected file C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-12-2007 - 22-35-49.SBU\backup.db

Could not open C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Could not open C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

>>> Virus 'Mal/Dorf-A' found in file C:\Documents and Settings\user\Local Settings\Apps\2.0\JHWCEDC8.09RHQC76CR.LYK\wowa..tion_4d89fb8d52541cc9_0001.0009_0cd1b5f8e4698fd6\WowAceUpdater.exe

Removal successful

Could not open C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_5f0.dat

Could not open C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_704.dat

>>> Virus 'Mal/HckPk-A' found in file C:\hbwpb.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AC3Filter\dialog_patch.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AIM\Patcher.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AIM\SendFile.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AIM\ShareFile.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\AIM\Sysfiles\AolOnDesktop.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmcdlg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Avira\AntiVir PersonalEdition Premium\guardgui.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Avira\AntiVir PersonalEdition Premium\licmgr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Avira\AntiVir PersonalEdition Premium\preupd.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\DVD Decrypter\DVDDecrypter.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\FDRLab\YouTube Downloader\ffmpeg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\FixVTS.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\GIGABYTE\ET5Pro\ETcall.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Gravis\Xperience\Setup\grxp4exe.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Gravis\Xperience\Setup\xp_run.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\GRETECH\GomPlayer\GrLauncher.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\GRETECH\GomPlayer\KillGom.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\GRETECH\GomPlayer\srt2smi.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\Helexis\Drive Health\dhreport.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\ImgBurn\ImgBurn.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\InfraRecorder\ckEffects.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Battlefield 1942_uninst.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\IrfanView\iv_uninstall.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\IrfanView\Plugins\Slideshow.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\ktab.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\orbd.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\pack200.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\policytool.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\rmid.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\rmiregistry.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\servertool.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Java\jre1.6.0_02\bin\tnameserv.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\jv16 PowerTools 2007\Backups013E9\PXL.exe

Removal successful

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp

Password protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\NetMeeting\cb32.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\nLite\7z.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\gengal.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\msfontextract.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\nsplugin.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\odbcconfig.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\pkgchk.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\scalc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\senddoc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\setofficelang.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\swriter.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\uno.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\OpenOffice.org 2.3\program\unopkg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Outlook Express\msimn.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Outlook Express\oemig50.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Outlook Express\wabmig.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\peazip.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\gwrap.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\pea.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\unace\unace.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\upx\strip.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\PeaZip\res\upx\upx.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Pmcc\Baku\sdelete.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\PowerISO\dvdburn.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\PowerISO\piso.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\RaimaRadio\lame.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Realtek\InstallShield\SoundMan.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\Replay Converter\ffmpeg2theora.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Replay Converter\RegSvr32.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Replay Converter\ReplayConverterv20_Crack.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\SUPERAntiSpyware\BootSafe.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Teamspeak2_RC2\client_sdk\tsControl.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Unlocker\UnlockerAssistant.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\VistaCodecPack\filters\ac3config.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Winamp\Plugins\reporter.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Winamp\WampEnq.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\Windows Media Player\mplayer2.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\Program Files\WinRAR\patch.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\WinRAR\RarExtLoader.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\Program Files\WinRAR\Uninstall.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\WINDOWS\erdnt\subs\ERDNT.EXE

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\hh.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\msistub.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\System32\Macromed\Shockwave 10\SwInit.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{103906AD-C60E-4E65-BC84-CE980D19CE41}\ARPPRODUCTICON.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{7CCEBC24-62DB-4280-A8EC-BFA49F167920}\places.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\ffdshowraw_F9FD80CE04484D4F8BCD77FC514C3F99.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\Haali_F9FD80CE04484D4F8BCD77FC514C3F99.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\QuickTime_F9FD80CE04484D4F8BCD77FC514C3F99.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\iedw.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\SoundMan.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\actmovie.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ahui.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\alg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\asr_fmt.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\asr_ldm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\at.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\atmadm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\auditusr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\bootcfg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\bootok.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\cipher.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\comp.exe

Removal successful

Could not open C:\WINDOWS\system32\config\system.LOG

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\alg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\arp.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\asr_fmt.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\asr_ldm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\asr_pfu.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\at.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\atmadm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\compact.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\comrepl.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\comrereg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\convlog.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\davcdata.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\dcomcnfg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\defrag.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\dllhost.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\drvqry.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\dumprep.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\dvdupgrd.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\esentutl.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\evcreate.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\eventvwr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\expand.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\extrac32.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\fc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\find.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\findstr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\flattemp.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\fltmc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\gpupdate.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\grpconv.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\help.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\hh.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\hostname.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\hrtzzm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\icwtutor.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\ie4uinit.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\iedw.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\iexplore.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\iisreset.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\iisrstas.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\iissync.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\inetmgr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\inetwiz.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\ipconfig.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\ipsec6.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\ipv6.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\ipxroute.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\isignup.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\label.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\lights.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\lodctr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\logman.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\logoff.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\logon.scr

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\lpq.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\lpr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\lsass.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\migload.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\migregdb.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\mofcomp.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\mountvol.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\mqbkup.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\mqsvc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\mrinfo.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\msdtc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\msg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\mshta.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\msiexec.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\msimn.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\msiregmv.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\msoobe.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\mstinit.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\nbtstat.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\nddeapir.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\net.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\netsh.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\nppagent.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\query.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\rasautou.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\regsvr32.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\regwiz.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\relog.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\rundll32.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\runonce.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\rvsezm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\rwinsta.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\sapisvr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\savedump.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\sc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\scrcons.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\scrnsave.scr

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\secedit.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\ssmypics.scr

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\ssmyst.scr

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\ssstars.scr

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\stimon.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\subst.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\svchost.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\sysinfo.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\taskkill.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\tasklist.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\taskman.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dllcache\tcmsetup.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dmremote.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\dplaysvr.exe

Removal successful

Could not open C:\WINDOWS\system32\drivers\sptd.sys

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\fltmc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\fontview.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\getmac.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\grpconv.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ie4uinit.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\mrinfo.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\msdtc.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\msiexec.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\mstinit.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\nddeapir.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\netsh.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\netstat.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\npp\nppagent.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\nslookup.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\odbcconf.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\oobe\msoobe.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\oobe\oobebaln.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\openfiles.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\pathping.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\pentnt.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\perfmon.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ping.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ping6.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\WINDOWS\system32\pipmon.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\powercfg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\progman.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\qprocess.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\rasphone.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\rcp.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\rdpclip.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\rdsaddin.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\reg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\regedt32.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\regini.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\regsvr32.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\rsnotify.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\rsopprov.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\spoolsv.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ssbezier.scr

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ssmarque.scr

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ssmypics.scr

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\ssmyst.scr

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\WINDOWS\system32\swreg.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\taskkill.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\taskman.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\telnet.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\tlntsvr.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\tracert6.exe

Removal successful

>>> Virus 'Mal/HckPk-A' found in file C:\WINDOWS\system32\udefrag.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\w32tm.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\wbem\mofcomp.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\winhlp32.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\winver.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\wpabaln.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\wpnpinst.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\wscntfy.exe

Removal successful

Could not open C:\WINDOWS\system32\xpdx.sys

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\system32\xp_run.exe

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\TASKMAN.EXE

Removal successful

>>> Virus 'Mal/Dorf-A' found in file C:\WINDOWS\twunk_32.exe

Removal successful

Memory was swept.

Registry was swept.

2 master boot records swept.

35702 files swept in 3 hours, 26 minutes and 12 seconds.

309 errors were encountered.

290 viruses were discovered.

No PUAs were discovered.

290 files out of 35702 were infected.

Please send infected samples to Sophos for analysis.

For advice consult www.sophos.com, email support@sophos.com

or telephone +44 1235 559933

299 encrypted files were not checked.

Ending Sophos Anti-Virus.

Link to comment
Share on other sites

Wow, that box should not be considered safe for use :).

tru that. but its still going ! haha. outlook express wont work grrrrr so far my biggest problem

i reinstalled 1by1 to get music going and reinstalled AV program

notepad doesnt even work gahh haha using alt free program.

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:36:34 PM, on 9/17/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Comodo\Firewall\CPF.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Pidgin\pidgin.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\user\Desktop\HiJackThis v.200b.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)

O2 - BHO: Editor plugin - {6C8DE14D-EF92-492f-BBF7-B61F1405F328} - smuhdd.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe (file missing)

O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--

End of file - 6976 bytes

Link to comment
Share on other sites

well just to update everyone.

my computer got totally screwed up it was fine for a week or so. then files started getting corrupted and other stuff. i tried fixing things but nothing worked so i gaveup and reformated.

things to note.

1. learn how to setup an admin account and only use limited user account (gotta figure that out)

2. antivirus programs and spyware scanners only find 70-90percent of issues out today dont rely on them

3. when in doubt reformat much faster then i did cuz i think the virus thing started corrupting my other harddrive files. im worried about that now its my data drive and im trying to see howmany files are messed up. the thing started changing all my exe files and then my AV would delete it. soo yea stinks.

anyways just wnated to update ya all

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...