I installed Norton and ran the scan. it detects that my computer has w32.spybot.worm virus. How can i remove it? I am using windows vista. thank you in advance!

Infamous Norton has the manual removal here: http://www.symantec.com/security_re... Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

i tried that manual removal on symantec.com, but it doesn't work. also, whenever i tried to open windows explorer, it crashes. My desktop and taskbar everything r gone.

Go to the this link: Disable Realtime Protection Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required. Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running, it may cause your system to hang.) Please post the log it produces.

Hijack This log:: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:08:49, on 8/3/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\System32\rundll32.exe C:\Program Files\Internet Explorer\IEUser.exe c:\program files\aol\aol toolbar 4.0\AolTbServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\Explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\helppane.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe c:\Users\cheapiedevil\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayxuss.dll,#1 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\CHEAPI~1\AppData\Local\Temp\byvsr.dll,#1 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKCU\..\Run: [BMb5094cf6] Rundll32.exe "C:\Users\CHEAPI~1\AppData\Local\Temp\ilueougo.dll",s O4 - HKCU\..\Run: [b63a7f6a] rundll32.exe "C:\Users\CHEAPI~1\AppData\Local\Temp\fntrrjpk.dll",b O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/res... O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls... O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls... O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Drive... O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_ins... O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HWXZYTouchPad - Unknown owner - C:\Windows\jwpad.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod ?? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12542 bytes ComboFix log:: ComboFix 08-03-08.1 - cheapiedevil 2008-03-08 19:11:25.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1005 [GMT -8:00] Running from: C:\Users\cheapiedevil\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\#SharedObjects\5UH49CYL\www.broadcaster.com C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\#SharedObjects\5UH49CYL\www.broadcaster.com\played_list.sol C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\#SharedObjects\5UH49CYL\www.broadcaster.com\video_queue.sol C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Users\cheapiedevil\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Windows\system32\fcyxwxv.dll C:\Windows\system32\iifeefe.dll C:\Windows\system32\yayxuss.dll . ((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))) . 2008-03-08 16:05 . 2007-12-24 17:37 138,384 --a------ C:\Windows\System32\drivers\tmcomm.sys 2008-03-08 16:05 . 2007-12-24 17:37 52,496 --a------ C:\Windows\System32\drivers\tmactmon.sys 2008-03-08 16:05 . 2007-12-24 17:37 52,240 --a------ C:\Windows\System32\drivers\tmevtmgr.sys 2008-03-08 16:00 . 2008-03-08 16:06 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Registry Booster 2008-03-08 15:51 . 2008-03-08 15:51 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Uniblue 2008-03-08 14:47 . 2008-03-08 14:47 <DIR> d-------- C:\ProgramData\Trend Micro 2008-03-08 14:47 . 2008-03-08 14:48 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP 2008-03-08 12:51 . 2008-03-08 13:01 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Symantec 2008-03-08 12:04 . 2008-03-08 12:16 <DIR> d-------- C:\Program Files\RegCure 2008-03-08 11:58 . 2008-03-08 11:58 <DIR> d-------- C:\Program Files\Uniblue 2008-03-07 15:54 . 2008-03-07 15:54 0 --a------ C:\Windows\Irremote.ini 2008-03-07 13:25 . 2008-03-07 13:30 167,936 --a------ C:\Windows\System32\drivers\riode32.sys 2008-03-07 13:25 . 2008-03-07 13:30 159,744 --a------ C:\onhtp.exe 2008-03-07 13:25 . 2008-03-07 13:30 51,200 --a------ C:\rsvlqer.exe 2008-03-07 13:25 . 2008-03-07 13:25 37,376 --a------ C:\Windows\mrofinu1535.exe.tmp 2008-03-07 13:25 . 2008-03-07 13:30 2 --a------ C:\-1237680187 2008-03-07 13:06 . 2008-03-07 13:06 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Nero 2008-03-07 13:02 . 2008-03-07 16:36 <DIR> d-------- C:\ProgramData\Nero 2008-03-07 13:02 . 2008-03-07 13:51 <DIR> d-------- C:\Program Files\Nero 2008-03-07 13:02 . 2008-03-07 16:39 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-03-07 12:18 . 2008-03-07 12:18 26 --a------ C:\Windows\dvdSanta.INI 2008-03-07 12:15 . 2008-03-07 12:15 <DIR> d-------- C:\TempDVD 2008-03-07 12:14 . 2008-03-07 12:21 <DIR> d-------- C:\Program Files\dvdSanta 2008-03-07 12:07 . 2008-03-07 12:07 <DIR> d-------- C:\Click to DVD 2 2008-03-03 21:25 . 2008-03-03 21:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 21:24 . 2008-03-03 21:24 <DIR> d-------- C:\ProgramData\WLInstaller 2008-03-03 21:24 . 2008-03-03 21:24 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-02-15 21:30 . 2008-01-09 21:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-14 08:26 . 2008-02-14 08:26 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\EPSON 2008-02-13 03:11 . 2008-02-13 03:11 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-13 03:11 . 2008-02-13 03:11 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-13 03:06 . 2008-02-13 03:06 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-13 03:06 . 2008-02-13 03:06 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe 2008-02-13 03:06 . 2008-02-13 03:06 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-02-13 03:06 . 2008-02-13 03:06 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-02-13 03:06 . 2008-02-13 03:06 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-02-13 03:06 . 2008-02-13 03:06 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-02-13 03:06 . 2008-02-13 03:06 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-02-13 03:05 . 2008-02-13 03:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 03:05 . 2008-02-13 03:05 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-13 03:05 . 2008-02-13 03:05 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-02-13 03:05 . 2008-02-13 03:05 216,632 --a------ C:\Windows\System32\drivers\netio.sys 2008-02-13 03:05 . 2008-02-13 03:05 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-02-13 03:05 . 2008-02-13 03:05 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-02-13 03:05 . 2008-02-13 03:05 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-02-13 03:01 . 2008-02-13 03:01 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl 2008-02-13 03:01 . 2008-02-13 03:01 56,320 --a------ C:\Windows\System32\iesetup.dll 2008-02-13 03:01 . 2008-02-13 03:01 26,624 --a------ C:\Windows\System32\ieUnatt.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 22:13 --------- d-----w C:\ProgramData\Symantec 2008-03-08 22:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-08 22:02 --------- d-----w C:\Program Files\Symantec 2008-03-07 20:07 --------- d-----w C:\Users\cheapiedevil\AppData\Roaming\Sony Corporation 2008-03-04 05:40 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-04 05:27 --------- d-----w C:\Program Files\MSN Messenger 2008-03-04 05:25 --------- d-----w C:\Program Files\Windows Live 2008-03-04 05:22 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-24 22:07 --------- d-----w C:\ProgramData\Roxio 2008-02-23 02:18 10,992 ----a-w C:\Users\cheapiedevil\AppData\Roaming\wklnhst.dat 2008-02-19 09:47 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-02-18 01:42 --------- d-----w C:\Program Files\Java 2008-02-13 11:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 11:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 11:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 11:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 11:02 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 11:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-01-29 20:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll 2008-01-29 20:01 16,168 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys 2008-01-15 05:53 --------- d-----w C:\Users\cheapiedevil\AppData\Roaming\Move Networks 2008-01-09 06:38 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-09 06:38 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 06:29 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-09 06:29 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-01-09 06:28 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-12-12 23:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-12 23:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-12 23:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-08-30 10:10 174 --sha-w C:\Program Files\desktop.ini 2006-12-28 00:47 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:28 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-09-20 15:35 1410344] "Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-02-01 10:51 99608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-27 19:23 1006264] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 10:46 411768] "AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2006-11-15 15:48 415864] "VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 14:30 2150400] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-04 05:15 7757824] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-04 05:15 81920] "VAIOSurvey"="C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe" [2006-12-06 17:08 577536] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-28 00:13 185896] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 12:16 1393928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2006-11-24 10:36 73728 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{658B904B-6626-427A-9B5E-9E4364682C98}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{467D397E-228C-4CF3-9FE0-DCDFC61AA586}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D069AB18-5B93-4FB7-BF41-B92C8346A01D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{ABA100D1-6F45-4DD2-BAA3-660E1804EDC7}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "TCP Query User{1F6F2174-2FA5-4BEB-994D-E4FC02CAB5F4}C:\program files\bitcomet\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client "UDP Query User{89825BF8-BB66-48DA-97F3-AFA9706E6E74}C:\program files\bitcomet\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client "{90FC2A52-031D-4F1B-BF9C-34CD5479D011}"= UDP:25291:BitComet 25291 TCP "{AB2BC3E8-2B9F-4D2B-891D-60BD154AA6C0}"= TCP:25291:BitComet 25291 UDP "{04BC0947-B020-403E-A5D3-8F7B79EDC4F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{0FF845F1-DE16-4784-A348-D6E7A682C19F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{5CB73472-A71A-4B76-B240-906B257E2C9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 HWXZYTouchPad;HWXZYTouchPad;C:\Windows\jwpad.exe [2006-11-16 09:19] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB [] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-13 19:07] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-11-28 17:58] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-11-28 17:58] R3 slim;Sony Lucid Integrated Mpeg encoder;C:\Windows\system32\drivers\slim.sys [2006-11-16 05:10] R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2006-11-08 05:00] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2006-11-10 13:50] R3 VHWDrawing;HanWang Drawing Tablet;C:\Windows\system32\DRIVERS\HWDrawing.sys [2007-03-26 09:09] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-01 23:30] S2 riode32;riode32;C:\Windows\system32\drivers\riode32.sys [2008-03-07 13:30] S3 HWTouchPad;HanWang Touch Pad;C:\Windows\system32\DRIVERS\HWXZYPad.sys [2007-03-27 16:15] S3 USBAVCap;AVerMedia USB TV Tuner Device;C:\Windows\system32\drivers\USBAVCap.sys [2006-11-27 17:46] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-11 18:36] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 15:52] . Contents of the 'Scheduled Tasks' folder "2008-03-09 01:54:24 C:\Windows\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-03-08 20:27:20 C:\Windows\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2008-03-08 23:37:13 C:\Windows\Tasks\User_Feed_Synchronization-{7A7EA5C8-7F37-4470-824F-58B858336092}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-08 19:15:00 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-08 19:16:00 ComboFix-quarantined-files.txt 2008-03-09 03:15:57 . 2008-03-07 07:13:22 --- E O F --- thanks!

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP C:\onhtp.exe C:\rsvlqer.exe C:\Windows\mrofinu1535.exe.tmp C:\Users\CHEAPI~1\AppData\Local\Temp\ilueougo.dll C:\Users\CHEAPI~1\AppData\Local\Temp\byvsr.dll C:\Users\CHEAPI~1\AppData\Local\Temp\fntrrjpk.dll Folder:: C:\-1237680187 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run". Run an online scan with Kaspersky from the following link: Kaspersky Online Scanner Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component Click Yes, when prompted to install its ActiveX component. (Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.) The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Base Click OK and, under select a target to scan, select My Computer When the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As (above - red blinking arrow) Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply. Post a new Combofix log and a new Hijack This log. .

KScran Report:: --------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, March 09, 2008 5:57:52 AM Operating System: Microsoft Windows Vista Home Edition, (Build 6000) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 9/03/2008 Kaspersky Anti-Virus database records: 617086 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 100680 Number of viruses found: 8 Number of infected objects: 22 Number of suspicious objects: 0 Duration of the scan process: 01:25:09 Infected Object Name / Virus Name / Last Action C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080308-191906.log Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_103.trc Object is locked skipped C:\Program Files\Nero\Nero8\keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped C:\Program Files\Nero\Nero8\Nero\keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped C:\Program Files\Nero\Nero8\Nero BackItUp\BIUAB5B.txt Object is locked skipped C:\Program Files\Trend Micro\Internet Security\Quarantine\ffdcahl.exe Infected: Trojan.Win32.Agent.giy skipped C:\Program Files\Uniblue\RegistryBooster 2\keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped C:\Program Files\Uniblue\RegistryBooster 2\serial.exe Infected: Trojan-Downloader.Win32.Small.snf skipped C:\ProgramData\avg7\Log\emc.log Object is locked skipped C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7eb9f80f8172c3b63c6469b30d8679b7_6e48b03c-3d39-4141-8b6b-e27cd6a2e003 Object is locked skipped C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.268.Crwl Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.268.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010028.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002B.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\000100DC.ci Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\000100DC.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\000100DC.wsb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy1201.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5284.tmp Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5285.tmp Object is locked skipped C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped C:\ProgramData\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped C:\ProgramData\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.ldf Object is locked skipped C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.mdf Object is locked skipped C:\ProgramData\Symantec\LiveUpdate\2008-03-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\QooBox\Quarantine\C\d.exe.vir Infected: Trojan.Win32.Pakes.chm skipped C:\QooBox\Quarantine\C\onhtp.exe.vir Infected: Trojan.Win32.Pakes.chp skipped C:\QooBox\Quarantine\C\rsvlqer.exe.vir Infected: Trojan-Dropper.Win32.FriJoiner.ms skipped C:\QooBox\Quarantine\C\Windows\mrofinu1535.exe.tmp.vir Infected: Trojan-Downloader.Win32.Agent.krh skipped C:\QooBox\Quarantine\C\Windows\System32\fcyxwxv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\Windows\System32\iifeefe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\Windows\System32\yayxuss.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\InputPersonalization\edb.log Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\InputPersonalization\tmp.edb Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Working\database_BAB6_3AC3_B63A_7FC5\dfsr.db Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Working\database_BAB6_3AC3_B63A_7FC5\fsr.log Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Working\database_BAB6_3AC3_B63A_7FC5\fsrtmp.log Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Messenger\cheapiedevil@hotmail.com\SharingMetadata\Working\database_BAB6_3AC3_B63A_7FC5\tmp.edb Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008030920080310\index.dat Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.snf skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe/data.rar Infected: Trojan-Downloader.Win32.Small.snf skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster[1].exe RarSFX: infected - 4 skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.snf skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe/data.rar Infected: Trojan-Downloader.Win32.Small.snf skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6K7373EW\registry_booster_all[1].exe RarSFX: infected - 4 skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat{78e334c5-0cc3-11dc-9af3-0013a94c341a}.TM.blf Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat{78e334c5-0cc3-11dc-9af3-0013a94c341a}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows\UsrClass.dat{78e334c5-0cc3-11dc-9af3-0013a94c341a}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows Live Contacts\cheapiedevil@hotmail.com\real\members.stg Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows Live Contacts\cheapiedevil@hotmail.com\shadow\members.stg Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Temp\~DF4AAB.tmp Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Temp\~DF4B57.tmp Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Temp\~DFC4A7.tmp Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Temp\~DFDEA0.tmp Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Temp\~DFE0EE.tmp Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Temp\~DFFB88.tmp Object is locked skipped C:\Users\cheapiedevil\AppData\Local\Temp\~DFFD19.tmp Object is locked skipped C:\Users\cheapiedevil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Users\cheapiedevil\Music\iTunes\iTunes Library.itl Object is locked skipped C:\Users\cheapiedevil\NTUSER.DAT Object is locked skipped C:\Users\cheapiedevil\ntuser.dat.LOG1 Object is locked skipped C:\Users\cheapiedevil\ntuser.dat.LOG2 Object is locked skipped C:\Users\cheapiedevil\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Users\cheapiedevil\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\cheapiedevil\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\Debug\PASSWD.LOG Object is locked skipped C:\Windows\Debug\sam.log Object is locked skipped C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehmsdri.log Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehRecvr.log Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\catroot2\edb.log Object is locked skipped C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\config\COMPONENTS Object is locked skipped C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped C:\Windows\System32\config\DEFAULT Object is locked skipped C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped C:\Windows\System32\config\RegBack\SAM Object is locked skipped C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped C:\Windows\System32\config\SAM Object is locked skipped C:\Windows\System32\config\SAM.LOG1 Object is locked skipped C:\Windows\System32\config\SAM.LOG2 Object is locked skipped C:\Windows\System32\config\SECURITY Object is locked skipped C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped C:\Windows\System32\config\SOFTWARE Object is locked skipped C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped C:\Windows\System32\config\SYSTEM Object is locked skipped C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped C:\Windows\System32\drivers\sptd.sys Object is locked skipped C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped C:\Windows\System32\LogFiles\WMI\WdiContextLog.etl.002 Object is locked skipped C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped C:\Windows\Temp\JET5D2C.tmp Object is locked skipped Scan process completed. ComboFix Log:: ComboFix 08-03-08.1 - cheapiedevil 2008-03-08 21:01:13.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.840 [GMT -8:00] Running from: C:\Users\cheapiedevil\Desktop\ComboFix.exe Command switches used :: C:\Users\cheapiedevil\Desktop\CFScript.txt FILE :: C:\onhtp.exe C:\rsvlqer.exe C:\Users\CHEAPI~1\AppData\Local\Temp\byvsr.dll C:\Users\CHEAPI~1\AppData\Local\Temp\fntrrjpk.dll C:\Users\CHEAPI~1\AppData\Local\Temp\ilueougo.dll C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP C:\Windows\mrofinu1535.exe.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1237680187\ C:\onhtp.exe C:\rsvlqer.exe C:\Windows\mrofinu1535.exe.tmp . ((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))) . 2008-03-08 20:19 . 2008-03-08 20:19 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\AVG7 2008-03-08 20:18 . 2008-03-08 20:18 9,216 --a------ C:\Windows\System32\avgwlntf.dll 2008-03-08 20:17 . 2008-03-08 20:17 <DIR> d-------- C:\ProgramData\Grisoft 2008-03-08 20:17 . 2008-03-08 20:19 <DIR> d-------- C:\ProgramData\avg7 2008-03-08 20:17 . 2008-03-08 20:17 47,104 --a------ C:\Windows\System32\drivers\avgwfp.sys 2008-03-08 16:05 . 2007-12-24 17:37 138,384 --a------ C:\Windows\System32\drivers\tmcomm.sys 2008-03-08 16:05 . 2007-12-24 17:37 52,496 --a------ C:\Windows\System32\drivers\tmactmon.sys 2008-03-08 16:05 . 2007-12-24 17:37 52,240 --a------ C:\Windows\System32\drivers\tmevtmgr.sys 2008-03-08 16:00 . 2008-03-08 16:06 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Registry Booster 2008-03-08 15:51 . 2008-03-08 15:51 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Uniblue 2008-03-08 14:47 . 2008-03-08 14:47 <DIR> d-------- C:\ProgramData\Trend Micro 2008-03-08 14:47 . 2008-03-08 14:48 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP 2008-03-08 12:51 . 2008-03-08 13:01 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Symantec 2008-03-08 12:04 . 2008-03-08 12:16 <DIR> d-------- C:\Program Files\RegCure 2008-03-08 11:58 . 2008-03-08 11:58 <DIR> d-------- C:\Program Files\Uniblue 2008-03-07 15:54 . 2008-03-07 15:54 0 --a------ C:\Windows\Irremote.ini 2008-03-07 13:25 . 2008-03-07 13:30 167,936 --a------ C:\Windows\System32\drivers\riode32.sys 2008-03-07 13:25 . 2008-03-07 13:30 2 --a------ C:\-1237680187 2008-03-07 13:06 . 2008-03-07 13:06 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\Nero 2008-03-07 13:02 . 2008-03-07 16:36 <DIR> d-------- C:\ProgramData\Nero 2008-03-07 13:02 . 2008-03-07 13:51 <DIR> d-------- C:\Program Files\Nero 2008-03-07 13:02 . 2008-03-07 16:39 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-03-07 12:18 . 2008-03-07 12:18 26 --a------ C:\Windows\dvdSanta.INI 2008-03-07 12:15 . 2008-03-07 12:15 <DIR> d-------- C:\TempDVD 2008-03-07 12:14 . 2008-03-07 12:21 <DIR> d-------- C:\Program Files\dvdSanta 2008-03-07 12:07 . 2008-03-07 12:07 <DIR> d-------- C:\Click to DVD 2 2008-03-03 21:25 . 2008-03-03 21:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 21:24 . 2008-03-03 21:24 <DIR> d-------- C:\ProgramData\WLInstaller 2008-03-03 21:24 . 2008-03-03 21:24 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-02-15 21:30 . 2008-01-09 21:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-14 08:26 . 2008-02-14 08:26 <DIR> d-------- C:\Users\cheapiedevil\AppData\Roaming\EPSON 2008-02-13 03:11 . 2008-02-13 03:11 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-13 03:11 . 2008-02-13 03:11 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-13 03:06 . 2008-02-13 03:06 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-13 03:06 . 2008-02-13 03:06 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe 2008-02-13 03:06 . 2008-02-13 03:06 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-02-13 03:06 . 2008-02-13 03:06 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-02-13 03:06 . 2008-02-13 03:06 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-02-13 03:06 . 2008-02-13 03:06 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-02-13 03:06 . 2008-02-13 03:06 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-02-13 03:05 . 2008-02-13 03:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 03:05 . 2008-02-13 03:05 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-13 03:05 . 2008-02-13 03:05 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-02-13 03:05 . 2008-02-13 03:05 216,632 --a------ C:\Windows\System32\drivers\netio.sys 2008-02-13 03:05 . 2008-02-13 03:05 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-02-13 03:05 . 2008-02-13 03:05 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-02-13 03:05 . 2008-02-13 03:05 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-02-13 03:01 . 2008-02-13 03:01 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl 2008-02-13 03:01 . 2008-02-13 03:01 56,320 --a------ C:\Windows\System32\iesetup.dll 2008-02-13 03:01 . 2008-02-13 03:01 26,624 --a------ C:\Windows\System32\ieUnatt.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 22:13 --------- d-----w C:\ProgramData\Symantec 2008-03-08 22:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-08 22:02 --------- d-----w C:\Program Files\Symantec 2008-03-07 20:07 --------- d-----w C:\Users\cheapiedevil\AppData\Roaming\Sony Corporation 2008-03-04 05:40 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-04 05:27 --------- d-----w C:\Program Files\MSN Messenger 2008-03-04 05:25 --------- d-----w C:\Program Files\Windows Live 2008-03-04 05:22 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-24 22:07 --------- d-----w C:\ProgramData\Roxio 2008-02-23 02:18 10,992 ----a-w C:\Users\cheapiedevil\AppData\Roaming\wklnhst.dat 2008-02-19 09:47 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-02-18 01:42 --------- d-----w C:\Program Files\Java 2008-02-13 11:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 11:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 11:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 11:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 11:02 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 11:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-01-29 20:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll 2008-01-29 20:01 16,168 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys 2008-01-15 05:53 --------- d-----w C:\Users\cheapiedevil\AppData\Roaming\Move Networks 2008-01-09 06:38 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-09 06:38 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 06:29 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-09 06:29 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-01-09 06:28 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-12-12 23:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-12 23:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-12 23:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-08-30 10:10 174 --sha-w C:\Program Files\desktop.ini 2006-12-28 00:47 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-08_19.15.34.44 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-09 01:54:10 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-03-09 03:18:56 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-03-09 02:34:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-03-09 04:18:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-03-09 02:35:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-03-09 04:18:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-03-09 03:02:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-03-09 04:53:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-03-09 03:02:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-03-09 04:53:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-03-09 03:02:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-03-09 04:53:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-03-09 04:17:47 821,856 ----a-w C:\Windows\System32\drivers\avg7core.sys + 2008-03-09 04:17:47 4,224 ----a-w C:\Windows\System32\drivers\avg7rsw.sys + 2008-03-09 04:17:47 27,776 ----a-w C:\Windows\System32\drivers\avg7rsxp.sys + 2008-03-09 04:18:01 3,968 ----a-w C:\Windows\System32\drivers\avgclean.sys + 2008-03-09 04:17:47 19,904 ----a-w C:\Windows\System32\drivers\avgmfx86.sys - 2008-03-09 02:00:40 125,090 ----a-w C:\Windows\System32\perfc009.dat + 2008-03-09 03:25:18 125,090 ----a-w C:\Windows\System32\perfc009.dat - 2008-03-09 02:00:40 673,446 ----a-w C:\Windows\System32\perfh009.dat + 2008-03-09 03:25:18 673,446 ----a-w C:\Windows\System32\perfh009.dat - 2008-03-09 01:25:06 8,296 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1217593345-662086654-1042257533-1005_UserData.bin + 2008-03-09 03:22:11 8,344 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1217593345-662086654-1042257533-1005_UserData.bin - 2008-03-09 01:56:11 79,668 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-03-09 03:22:11 79,890 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-03-09 01:56:00 44,252 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-03-09 03:22:06 44,348 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:28 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-09-20 15:35 1410344] "Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-02-01 10:51 99608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-27 19:23 1006264] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 10:46 411768] "AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2006-11-15 15:48 415864] "VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 14:30 2150400] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-04 05:15 7757824] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-04 05:15 81920] "VAIOSurvey"="C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe" [2006-12-06 17:08 577536] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-28 00:13 185896] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 12:16 1393928] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-08 20:17 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 20:17 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2008-03-08 20:18 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2006-11-24 10:36 73728 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{658B904B-6626-427A-9B5E-9E4364682C98}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{467D397E-228C-4CF3-9FE0-DCDFC61AA586}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D069AB18-5B93-4FB7-BF41-B92C8346A01D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{ABA100D1-6F45-4DD2-BAA3-660E1804EDC7}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "TCP Query User{1F6F2174-2FA5-4BEB-994D-E4FC02CAB5F4}C:\program files\bitcomet\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client "UDP Query User{89825BF8-BB66-48DA-97F3-AFA9706E6E74}C:\program files\bitcomet\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client "{90FC2A52-031D-4F1B-BF9C-34CD5479D011}"= UDP:25291:BitComet 25291 TCP "{AB2BC3E8-2B9F-4D2B-891D-60BD154AA6C0}"= TCP:25291:BitComet 25291 UDP "{04BC0947-B020-403E-A5D3-8F7B79EDC4F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{0FF845F1-DE16-4784-A348-D6E7A682C19F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{5CB73472-A71A-4B76-B240-906B257E2C9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 HWXZYTouchPad;HWXZYTouchPad;C:\Windows\jwpad.exe [2006-11-16 09:19] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB [] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-13 19:07] R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-08 20:17] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-11-28 17:58] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-11-28 17:58] R3 slim;Sony Lucid Integrated Mpeg encoder;C:\Windows\system32\drivers\slim.sys [2006-11-16 05:10] R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2006-11-08 05:00] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2006-11-10 13:50] R3 VHWDrawing;HanWang Drawing Tablet;C:\Windows\system32\DRIVERS\HWDrawing.sys [2007-03-26 09:09] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-01 23:30] S2 riode32;riode32;C:\Windows\system32\drivers\riode32.sys [2008-03-07 13:30] S3 HWTouchPad;HanWang Touch Pad;C:\Windows\system32\DRIVERS\HWXZYPad.sys [2007-03-27 16:15] S3 USBAVCap;AVerMedia USB TV Tuner Device;C:\Windows\system32\drivers\USBAVCap.sys [2006-11-27 17:46] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-11 18:36] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 15:52] *Newly Created Service* - AVGCLEAN *Newly Created Service* - AVGMFX86 *Newly Created Service* - AVGWFP . Contents of the 'Scheduled Tasks' folder "2008-03-09 03:19:32 C:\Windows\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-03-08 20:27:20 C:\Windows\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2008-03-08 23:37:13 C:\Windows\Tasks\User_Feed_Synchronization-{7A7EA5C8-7F37-4470-824F-58B858336092}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-08 21:06:11 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-08 21:07:24 ComboFix-quarantined-files.txt 2008-03-09 05:07:20 ComboFix2.txt 2008-03-09 03:16:02 . 2008-03-07 07:13:22 --- E O F --- Hijack This Log:: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:58:47, on 9/3/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe C:\Windows\System32\mobsync.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\cheapiedevil\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa... O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/res... O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls... O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls... O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Drive... O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_ins... O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HWXZYTouchPad - Unknown owner - C:\Windows\jwpad.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod ?? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13346 bytes