PDA

View Full Version : I have zlob.downloader.vdt and cant get it off



donzilla444
2007-12-16, 21:57
I have tried everything, SB, adaware, kapersky... it gets all but this, please help, when i did HJ thisI was denied acces to hosts file, here is a log of HJ this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:51 PM, on 12/14/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Sony\SmartWi Connection Utility\ActivationManager.exe
C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony\SmartWi Connection Utility\SWGadgetServer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\Windows\xmljacodec.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SmartWiHelper] C:\Program Files\Sony\SmartWi Connection Utility\SmartWiHelper.exe /WindowsStartup
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: StanaPhone.lnk = C:\Program Files\StanaPhone\StanaClient.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{27852307-623A-4071-AC15-2B759BE64EF9}: NameServer = 68.28.50.91 68.28.58.92
O17 - HKLM\System\CS1\Services\Tcpip\..\{27852307-623A-4071-AC15-2B759BE64EF9}: NameServer = 68.28.50.91 68.28.58.92
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.ny help will
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8515 bytes


I am in vista and when I connect to net the litle orange updatestab appears on power off button and I am assuming this is zlob... kaprsky finds items but does not fix this, SB does as well... any help will be greatly appreciated... I paid those crooks 2999 for spyhunter only to find out it was spyware, I will be donating to SB and equal amount if you can fix this for me, thanks:santa:

donzilla444
2007-12-16, 22:00
here is waht is in kapersky backup area

Infected: riskware not-a-virus:Downloader.Win32.WinFixer.ba C:\Users\don\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\078GSGNU\setup_en[1].exe 6.8 KB
Infected: riskware not-a-virus:RiskTool.Win32.Reboot.f C:\$Recycle.Bin\S-1-5-21-3379563906-1322492409-1488716680-1006\$ROG5LC8\Reboot.exe 24 KB
Infected: riskware not-a-virus:RiskTool.Win32.Reboot.f c:\users\don\desktop\smitfraudfix\smitfraudfix.zip 370.4 KB
Infected: riskware not-a-virus:RiskTool.Win32.Reboot.f C:\Users\don\Desktop\SmitfraudFix.exe 1 MB
Infected: riskware not-a-virus:RiskTool.Win32.Reboot.f C:\Users\don\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWHP4314\SmitfraudFix[1].zip 370.4 KB
Infected: riskware not-a-virus:RiskTool.Win32.Reboot.f c:\$recycle.bin\s-1-5-21-3379563906-1322492409-1488716680-1006\$rlel7su.exe 1022.2 KB
Infected: riskware not-a-virus:RiskTool.Win32.Reboot.f C:\Users\don\Desktop\SmitfraudFix\Reboot.exe 24 KB

here is what is in events box

12/15/2007 12:41:27 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
12/15/2007 12:41:43 PM Protection of your computer started.
12/15/2007 12:41:55 PM Update error: The updates source cannot be found.
12/15/2007 12:41:55 PM Program database is out of date. Your computer is at risk of infection. It is strongly recommended that you update your database.
12/15/2007 12:45:46 PM Update error: The updates source cannot be found.
12/15/2007 12:45:46 PM Program database is out of date. Your computer is at risk of infection. It is strongly recommended that you update your database.
12/15/2007 12:47:53 PM Update error: The updates source cannot be found.
12/15/2007 12:47:53 PM Program database is out of date. Your computer is at risk of infection. It is strongly recommended that you update your database.
12/15/2007 12:50:37 PM Please restart your computer to complete the installation of new or updated protection components.
12/15/2007 12:50:52 PM Update completed successfully
12/15/2007 12:52:03 PM Process C:\Windows\system32\svchost.exe (PID: 1112): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{68d55385-abeb-45a8-bfdd-2dd6669db4aa}, value , data ).
12/15/2007 12:52:03 PM Process C:\Windows\system32\svchost.exe (PID: 1112): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{68d55385-abeb-45a8-bfdd-2dd6669db4aa}, value , data ).
12/15/2007 12:52:12 PM Process C:\Windows\system32\svchost.exe (PID: 1112): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KLIM6\Parameters\Adapters\{795B9533-C7C5-483D-9382-8416A751098B}\{C477F579-9F31-474D-86CC-E1567F0BFD1D}-0000, value , data ).
12/15/2007 12:52:12 PM Process C:\Windows\system32\svchost.exe (PID: 1112): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KLIM6\Parameters\Adapters\{795B9533-C7C5-483D-9382-8416A751098B}\{C477F579-9F31-474D-86CC-E1567F0BFD1D}-0000, value , data ).
12/15/2007 12:52:12 PM Process C:\Windows\system32\svchost.exe (PID: 1112): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KLIM6\Parameters\Adapters\{795B9533-C7C5-483D-9382-8416A751098B}, value , data ).
12/15/2007 12:52:12 PM Process C:\Windows\system32\svchost.exe (PID: 1112): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KLIM6\Parameters\Adapters\{795B9533-C7C5-483D-9382-8416A751098B}, value , data ).
12/15/2007 12:52:13 PM Process C:\Windows\system32\svchost.exe (PID: 1112): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KLIM6\Parameters\Adapters\{9C88785A-8EC5-4BFF-BA7A-CB1C99A0AB66}\{C477F579-9F31-474D-86CC-E1567F0BFD1D}-0000, value , data ).
12/15/2007 12:52:14 PM Process C:\Windows\system32\svchost.exe (PID: 1112): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KLIM6\Parameters\Adapters\{9C88785A-8EC5-4BFF-BA7A-CB1C99A0AB66}\{C477F579-9F31-474D-86CC-E1567F0BFD1D}-0000, value , data ).
12/15/2007 1:04:58 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
12/15/2007 1:05:24 PM Protection of your computer started.
12/15/2007 1:08:40 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 4760): suspicious action. Process trying to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, value {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}, data ).
12/15/2007 1:09:12 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 4760): attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, value {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}, data ) blocked.
12/15/2007 1:09:12 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 4760): suspicious action. Process trying to delete group Explorer Settings (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\tosBtShllExt, value , data ).
12/15/2007 1:09:17 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 4760): attempt to delete group Explorer Settings (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\tosBtShllExt, value , data ) blocked.
12/15/2007 1:09:17 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 4760): suspicious action. Process trying to delete group Explorer Settings (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\tosBtShllExt, value , data ).
12/15/2007 1:09:21 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 4760): attempt to delete group Explorer Settings (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\tosBtShllExt, value , data ) blocked.
12/15/2007 1:09:21 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 4760): suspicious action. Process trying to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, value {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}, data ).
12/15/2007 1:09:22 PM Process C:\Windows\system32\svchost.exe (PID: 1208): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d8d9bce7-7df4-482e-8bad-4f276ce05539}, value , data ).
12/15/2007 1:09:24 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 4760): attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, value {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}, data ) blocked.
12/15/2007 1:09:28 PM Process C:\Windows\system32\svchost.exe (PID: 1208): attempt to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d8d9bce7-7df4-482e-8bad-4f276ce05539}, value , data ) blocked.
12/15/2007 2:04:26 PM Process C:\Windows\system32\svchost.exe (PID: 1208): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e453c580-2dc1-450b-b93f-2c8f42b19767}, value , data ).
12/15/2007 2:05:10 PM Process C:\Windows\system32\svchost.exe (PID: 1208): attempt to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e453c580-2dc1-450b-b93f-2c8f42b19767}, value , data ) blocked.
12/15/2007 2:05:21 PM Process C:\Windows\system32\svchost.exe (PID: 1208): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{01c182b0-48a7-45cf-90bf-faeb4f77b768}, value , data ).
12/15/2007 2:05:21 PM Process C:\Windows\system32\svchost.exe (PID: 1208): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{01c182b0-48a7-45cf-90bf-faeb4f77b768}, value , data ).
12/15/2007 3:36:55 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
12/15/2007 3:37:08 PM Protection of your computer started.
12/15/2007 3:39:14 PM Process C:\Windows\system32\svchost.exe (PID: 1212): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{79ff6cb9-46cb-4e9f-8c48-0b931432dcee}, value , data ).
12/15/2007 3:39:14 PM Process C:\Windows\system32\svchost.exe (PID: 1212): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{79ff6cb9-46cb-4e9f-8c48-0b931432dcee}, value , data ).
12/15/2007 3:41:39 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 6012): suspicious action. Process trying to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, value {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}, data ).
12/15/2007 3:42:03 PM Process C:\Windows\system32\svchost.exe (PID: 1212): suspicious action. Process trying to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{64e92005-0f93-4f8d-8ce5-f7c5a1e8c899}, value , data ).
12/15/2007 3:42:19 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 6012): attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, value {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}, data ) blocked.
12/15/2007 3:42:20 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 6012): suspicious action. Process trying to delete group Explorer Settings (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\tosBtShllExt, value , data ).
12/15/2007 3:43:16 PM Process C:\Windows\system32\svchost.exe (PID: 1212): attempt to delete list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{64e92005-0f93-4f8d-8ce5-f7c5a1e8c899}, value , data ) blocked.
12/15/2007 3:43:31 PM Process C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (PID: 6012): attempt to delete group Explorer Settings (key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\tosBtShllExt, value , data ) blocked.
12/15/2007 4:25:38 PM Protection of your computer is not running. You are advised to resume protection.
12/15/2007 5:38:16 PM Update error: The updates source cannot be found.
12/15/2007 5:45:20 PM Protection of your computer started.
12/15/2007 5:47:53 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
12/15/2007 5:47:55 PM Protection of your computer started.
12/15/2007 5:58:00 PM Update error: The updates source cannot be found.
12/15/2007 6:03:14 PM Protection of your computer is not running. You are advised to resume protection.
12/15/2007 6:03:22 PM Protection of your computer started.
12/15/2007 6:07:20 PM Update completed successfully
12/15/2007 6:47:33 PM Process C:\Windows\system32\rstrui.exe (PID: 9180): suspicious action. Process trying to write list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value *Restore, data C:\Windows\System32\rstrui.exe /runonce).
12/15/2007 6:50:29 PM Process C:\Windows\system32\rstrui.exe (PID: 9180): attempt to write list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value *Restore, data C:\Windows\System32\rstrui.exe /runonce) blocked.
12/15/2007 6:52:43 PM Protection of your computer is not running. You are advised to resume protection.

here is what is in detected box

deleted: riskware not-a-virus:RiskTool.Win32.Reboot.f File: C:\$Recycle.Bin\S-1-5-21-3379563906-1322492409-1488716680-1006\$RLEL7SU.exe//data.rar/SmitfraudFix\Reboot.exe
deleted: riskware not-a-virus:RiskTool.Win32.Reboot.f File: C:\$Recycle.Bin\S-1-5-21-3379563906-1322492409-1488716680-1006\$ROG5LC8\Reboot.exe
not found: riskware not-a-virus:RiskTool.Win32.Reboot.f File: C:\$Recycle.Bin\S-1-5-21-3379563906-1322492409-1488716680-1006\$ROG5LC8\Reboot.exe
deleted: riskware not-a-virus:RiskTool.Win32.Reboot.f File: C:\Users\don\Desktop\SmitfraudFix.exe//data.rar/SmitfraudFix\Reboot.exe
deleted: riskware not-a-virus:RiskTool.Win32.Reboot.f File: C:\Users\don\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWHP4314\SmitfraudFix[1].zip/SmitfraudFix/Reboot.exe
not found: riskware not-a-virus:RiskTool.Win32.Reboot.f File: C:\Users\don\Desktop\SmitfraudFix\Reboot.exe
deleted: riskware not-a-virus:RiskTool.Win32.Reboot.f File: C:\Users\don\Desktop\SmitfraudFix\Reboot.exe
not found: riskware not-a-virus:Downloader.Win32.WinFixer.ba File: C:\Users\don\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\078GSGNU\setup_en[1].exe
deleted: riskware not-a-virus:Downloader.Win32.WinFixer.ba File: C:\Users\don\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\078GSGNU\setup_en[1].exe
deleted: riskware not-a-virus:RiskTool.Win32.Reboot.f File: C:\Users\don\Desktop\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe
detected: virus Heur.Invader (modification) URL: http://download.bleepingcomputer.com/sUBs/ComboFix.exe//PE_Patch.UPX//catchme.cfexe//PE_Patch.UPX
:clown: