W32.HLLW.Gaobot.gen

[AkiraBenito]

hi there, thanks in advance for helping me
my Norton internet security tells me that two files with W32.HLL.W.Gaobot.gen virus have been found, but Norton fails to remove it saying "cannot remove from an unsupported file"
i ran the gaobot removal tool fxgaobot but it says nothing was found on my computer
i really have no idea of what to do
here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:39 PM, on 1/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\DDI\AOLICON.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\benny\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AOL DDI.lnk = C:\DDI\AOLICON.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12279 bytes

[AkiraBenito]

i have switched to use Kaspersky but it has detected nothing, strange

still trying to get rid of the virus

[AkiraBenito]

ran F-secure's F-bot tool but found nothing

whats going on..?

[Pancake]

Just in case its hidding.....


This will help to identify malware on your system.
Please download Combofix from any of these locations:

Here
or
Here

Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

[AkiraBenito]

thanks Pancake

here is the Combofix log

((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-16 01:27 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-14 00:57 . 2008-01-16 01:09 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-01-14 00:57 . 2008-01-14 00:57 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-14 00:57 . 2008-01-16 01:09 <DIR> d-------- C:\PROGRA~2\Kaspersky Lab
2008-01-14 00:54 . 2008-01-14 00:54 <DIR> d-------- C:\KAV
2008-01-13 04:41 . 2008-01-13 05:00 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-01-13 04:41 . 2008-01-13 05:00 <DIR> d-------- C:\PROGRA~2\WLInstaller
2008-01-12 10:09 . 2007-08-29 12:04 <DIR> d-------- C:\Program Files\group
2008-01-10 11:04 . 2008-01-10 11:04 <DIR> d-------- C:\Users\benny\AppData\Roaming\vlc
2008-01-10 08:29 . 2008-01-10 08:31 398 --a------ C:\Windows\NJCOM.INI
2008-01-10 08:28 . 2008-01-10 08:28 <DIR> d-------- C:\Users\benny\AppData\Roaming\NJStar
2008-01-10 08:27 . 2008-01-10 08:28 <DIR> d-------- C:\Program Files\NJStar Communicator
2008-01-10 06:05 . 2008-01-16 01:59 <DIR> d-------- C:\Users\benny\AppData\Roaming\uTorrent
2008-01-10 01:52 . 2008-01-10 01:52 <DIR> d-------- C:\Users\benny\AppData\Roaming\Nero
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Videos
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Searches
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Saved Games
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Pictures
2008-01-10 01:51 . 2008-01-10 09:15 <DIR> dr------- C:\Users\benny\Music
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Links
2008-01-10 01:51 . 2008-01-16 01:50 <DIR> dr------- C:\Users\benny\Downloads
2008-01-10 01:51 . 2008-01-12 19:17 <DIR> dr------- C:\Users\benny\Documents
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> dr------- C:\Users\benny\Contacts
2008-01-10 01:51 . 2008-01-12 04:28 <DIR> d-------- C:\Users\benny\AppData\Roaming\Sony Corporation
2008-01-10 01:51 . 2006-11-02 04:37 <DIR> d-------- C:\Users\benny\AppData\Roaming\Media Center Programs
2008-01-10 01:51 . 2008-01-05 14:52 <DIR> d-------- C:\Users\benny\AppData\Roaming\Apple Computer
2008-01-10 01:51 . 2008-01-10 01:51 <DIR> d--h----- C:\Users\benny\AppData
2008-01-09 23:26 . 2008-01-09 23:26 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 23:26 . 2008-01-09 23:26 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 23:26 . 2008-01-09 23:26 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 23:26 . 2008-01-09 23:26 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 23:26 . 2008-01-09 23:26 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 23:22 . 2008-01-09 23:22 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 23:22 . 2008-01-09 23:22 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 23:21 . 2008-01-09 23:21 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 23:21 . 2008-01-09 23:21 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 23:21 . 2008-01-09 23:21 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 23:21 . 2008-01-09 23:21 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 23:21 . 2008-01-09 23:21 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 23:21 . 2008-01-09 23:21 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
2008-01-09 23:21 . 2008-01-09 23:21 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 23:21 . 2008-01-09 23:21 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-09 23:20 . 2008-01-09 23:20 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-09 23:13 . 2008-01-09 23:13 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Nero
2008-01-09 23:12 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Searches
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Videos
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Saved Games
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Pictures
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Music
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Links
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Downloads
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> dr------- C:\Users\Guest\Documents
2008-01-09 23:11 . 2008-01-09 23:11 <DIR> dr------- C:\Users\Guest\Contacts
2008-01-09 23:11 . 2008-01-09 23:13 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Sony Corporation
2008-01-09 23:11 . 2006-11-02 04:37 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Media Center Programs
2008-01-09 23:11 . 2008-01-05 14:52 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Apple Computer
2008-01-09 23:11 . 2008-01-09 23:12 <DIR> d--h----- C:\Users\Guest\AppData
2008-01-08 03:17 . 2008-01-08 03:17 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-05 14:52 . 2008-01-05 14:53 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-05 14:52 . 2008-01-05 14:53 1,409 --a------ C:\Windows\QTFont.for
2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\Users\All Users\Nero
2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\Program Files\Nero
2008-01-04 20:22 . 2008-01-04 20:25 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-04 20:22 . 2008-01-04 20:22 <DIR> d-------- C:\PROGRA~2\Nero
2008-01-04 19:26 . 2008-01-04 19:26 <DIR> d-------- C:\Program Files\uTorrent
2008-01-04 18:55 . 2008-01-04 18:55 <DIR> d-------- C:\Program Files\iPod
2008-01-04 18:54 . 2008-01-04 18:55 <DIR> d-------- C:\Program Files\iTunes
2008-01-04 18:51 . 2008-01-04 18:54 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-01-04 18:51 . 2008-01-04 18:52 <DIR> d-------- C:\Program Files\QuickTime
2008-01-04 18:51 . 2008-01-04 18:54 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-01-04 18:49 . 2008-01-04 18:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\Users\All Users\Apple
2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-04 18:43 . 2008-01-04 18:43 <DIR> d-------- C:\PROGRA~2\Apple
2008-01-04 17:44 . 2008-01-12 02:34 16 --a------ C:\Windows\System32\coh.cache
2007-12-28 01:13 . 2007-12-28 01:16 <DIR> d-------- C:\Users\l\AppData\Roaming\Corel
2007-12-27 21:35 . 2007-12-27 21:35 <DIR> d-------- C:\Users\l\AppData\Roaming\InterVideo
2007-12-26 22:14 . 2007-12-26 22:14 38,400 --a------ C:\Windows\System32\kmddsp.tsp
2007-12-26 22:14 . 2007-12-26 22:14 8,192 --a------ C:\Windows\System32\riched32.dll
2007-12-26 22:12 . 2007-12-26 22:12 2,923,520 --a------ C:\Windows\explorer.exe
2007-12-26 22:09 . 2007-12-26 22:09 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-12-26 22:09 . 2007-12-26 22:09 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-12-26 22:09 . 2007-12-26 22:09 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-12-26 22:09 . 2007-12-26 22:09 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-12-26 22:09 . 2007-12-26 22:09 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-12-26 22:07 . 2007-12-26 22:07 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-12-26 22:07 . 2007-12-26 22:07 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-12-26 22:05 . 2007-12-26 22:05 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-26 22:05 . 2007-12-26 22:05 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-26 22:05 . 2007-12-26 22:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-26 22:05 . 2007-12-26 22:05 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-26 22:04 . 2007-12-26 22:04 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-12-26 22:03 . 2007-12-26 22:03 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2007-12-26 22:03 . 2007-12-26 22:03 2,048 --a------ C:\Windows\System32\msxml6r.dll
2007-12-26 21:59 . 2007-12-26 21:59 737,792 --a------ C:\Windows\System32\inetcomm.dll
2007-12-26 21:59 . 2007-12-26 21:59 84,480 --a------ C:\Windows\System32\INETRES.dll
2007-12-26 21:54 . 2007-12-26 21:54 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-26 21:54 . 2007-12-26 21:54 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-26 21:54 . 2007-12-26 21:54 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 09:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-14 09:12 --------- d-----w C:\PROGRA~2\Symantec
2008-01-12 12:21 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-01-12 12:21 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-01-12 09:55 8,427,087 ----a-w C:\Program Files\group.rar
2008-01-10 07:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 07:22 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 07:22 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 07:22 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 07:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-05 13:24 --------- d-----w C:\PROGRA~2\Sony Corporation
2007-12-28 01:11 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 01:04 --------- d-----w C:\Program Files\Windows Calendar
2007-12-27 06:13 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-27 06:13 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-27 06:13 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-27 06:13 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-27 06:13 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-27 06:13 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-27 06:13 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-27 06:13 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-27 06:13 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-27 06:13 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-27 06:13 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-27 06:13 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-27 06:13 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-27 06:13 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-27 06:13 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-27 06:13 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-27 06:13 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-27 06:13 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-27 06:12 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-27 06:12 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-27 06:12 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-27 06:12 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-27 06:12 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-27 06:12 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-27 06:12 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-27 06:12 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-27 06:12 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-27 06:12 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-27 06:12 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-27 06:12 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-27 06:12 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-27 06:00 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-27 06:00 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-27 06:00 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-27 06:00 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-27 06:00 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-27 06:00 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-27 06:00 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-27 06:00 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-27 06:00 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-27 06:00 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-27 06:00 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-27 06:00 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-27 06:00 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-27 06:00 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-27 06:00 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-27 05:56 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-27 05:56 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-27 05:56 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-27 05:56 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Templates
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Start Menu
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Favorites
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Documents
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Desktop
2007-12-27 05:15 --------- d-sh--w C:\PROGRA~2\Application Data
2007-12-14 03:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-12-04 17:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-12-04 02:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2007-08-27 06:53 1,132,112 ----a-w C:\Users\All Users\pswi_preloaded.exe
2007-08-27 06:53 1,132,112 ----a-w C:\PROGRA~2\pswi_preloaded.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@={AB0C8BE3-041C-47d6-8195-E089D32B38DD}

[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-08-15 08:42 303104 --a------ C:\DDI\overicon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:20 1232896]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-06-29 12:38 258048]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-26 13:23 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 13:41 4489216 C:\Windows\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-29 05:45 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-29 05:44 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-29 05:45 133656]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 04:35 118784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 17:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-26 13:43 77824]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 15:54 53248]
"VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 10:31 45056]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 22:24 620152]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe" [ ]
"VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 14:30 577536]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-08-26 22:30:26]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 23:01:50]
AOL DDI.lnk - C:\DDI\AOLICON.exe [2007-08-26 13:14:13]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-03-01 02:55:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 18:26 98304 C:\Windows\System32\VESWinlogon.dll

R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-06-29 12:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-01 05:16]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-13 05:05]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 05:45]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 04:17]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-24 04:53]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-13 09:55]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 16:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 01:15:05 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - benny.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 02:02:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 2:03:45
ComboFix2.txt 2008-01-16 09:37:31
.
2008-01-10 07:27:17 --- E O F ---

[AkiraBenito]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:58 AM, on 1/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\DDI\AOLICON.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Sony\VAIO Security Center\VSC.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\benny\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AOL DDI.lnk = C:\DDI\AOLICON.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10926 bytes

[Pancake]

No.I can find nothing there.Its all clear.

[AkiraBenito]

would it be fine if i manually delete the file in windows explorer?

[Pancake]

Yes no problem just delete it if you know where it is.