WiredWX Hobby Weather ToolsLog in

 


alpha anitvirus!

2 posters

descriptionalpha anitvirus! Emptyalpha anitvirus!

more_horiz
please get this off my computer, its driving me bonkers Smile...

i have copied and pasted from the hijack this like yu requested

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:46 PM, on 23/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AlphaAV\Alpha Antivirus.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msnaoladdon.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9493 bytes

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
and this is the log from malware

Malwarebytes' Anti-Malware 1.41
Database version: 2851
Windows 6.0.6002 Service Pack 2

23/09/2009 12:35:18 PM
mbam-log-2009-09-23 (12-35-18).txt

Scan type: Quick Scan
Objects scanned: 89350
Time elapsed: 8 minute(s), 48 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 115

Memory Processes Infected:
C:\Program Files\AlphaAV\Alpha Antivirus.exe (Rogue.AlphaAV) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adware_Pro (Rogue.AdwarePro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Owner\AppData\Roaming\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\Adware_Pro (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AlphaAV (Rogue.AlphaAV) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Owner\AppData\Roaming\ErrorFix\Logs\2009-03-28 15-31-330.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-100.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-101.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-102.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-103.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-104.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-105.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-93.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-94.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-95.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-96.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-97.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-98.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\QuarantineW\2009-03-28 15-40-360\regb-99.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\Adware_Pro\APSchedule.txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AlphaAV\Alpha Antivirus.exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ErrorFix Scan.job (Rogue.ErrorFix) -> Quarantined and deleted successfully.

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
its asks me to disable on board script blocking tools? im not sure what this means?

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 8:19:36.56 on 24/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.2.1033.18.1013.95 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Windows Media Player\wmplayer.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H37251CM\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2009-9-23 202872]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-2 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2007-11-2 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2007-11-2 109992]

=============== Created Last 30 ================

2009-09-23 12:17 --d----- c:\program files\Trend Micro
2009-09-23 12:14 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 12:14 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-23 12:14 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 11:41 0 a------- c:\windows\system32\msnaoladdon.dll.tmp
2009-09-23 09:37 --d----- c:\program files\Norton Internet Security
2009-09-23 09:35 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-23 09:35 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-23 09:35 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-23 09:30 --d----- c:\program files\Symantec
2009-09-23 08:03 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-23 08:03 506,368 a------- c:\windows\system32\msxml.dll
2009-09-22 14:05 61,440 a------- c:\windows\system32\ndisapi.dll
2009-09-22 14:05 13,312 a------- c:\windows\system32\drivers\snetcfg.exe
2009-09-22 14:05 --d----- c:\program files\common files\Uninstall
2009-09-11 14:27 --d----- c:\windows\system32\eu-ES
2009-09-11 14:27 --d----- c:\windows\system32\ca-ES
2009-09-11 14:27 --d----- c:\windows\system32\vi-VN
2009-09-11 13:28 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-09-11 13:27 978,944 a------- c:\windows\system32\crypt32.dll
2009-09-09 08:53 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 08:53 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 08:53 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 08:53 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 08:53 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 08:53 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 08:53 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 08:53 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 08:53 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 08:53 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 08:53 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 08:52 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 08:52 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-09 08:52 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 08:52 68,096 a------- c:\windows\system32\wlanhlp.dll
2009-09-09 08:52 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 08:52 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 08:52 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-09 08:51 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-09 08:51 98,816 a------- c:\windows\system32\mfps.dll
2009-09-09 08:51 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-09-09 08:51 24,576 a------- c:\windows\system32\mfpmp.exe
2009-09-09 08:51 2,048 a------- c:\windows\system32\mferror.dll
2009-09-03 13:49 --d----- c:\windows\system32\EventProviders
2009-09-03 13:44 164,352 a------- c:\windows\system32\spwizui.dll
2009-09-03 13:43 754,688 a------- c:\windows\system32\propsys.dll
2009-09-03 13:42 738,816 a------- c:\windows\system32\inetcomm.dll
2009-09-03 13:41 74,752 a------- c:\windows\system32\newdev.exe
2009-09-03 13:40 52,992 a------- c:\windows\system32\drivers\stream.sys
2009-09-03 13:40 1,009 a------- c:\windows\system32\wbem\wcnwiz2.mof
2009-09-03 13:40 334 a------- c:\windows\system32\wbem\WscEapPr.mof
2009-09-03 13:40 93,696 a------- c:\windows\system32\drivers\bridge.sys
2009-09-03 13:40 15,872 a------- c:\windows\system32\drivers\usb8023.sys
2009-09-03 13:40 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-09-03 13:40 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-09-03 13:40 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-09-03 13:40 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-09-03 13:40 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-09-03 13:40 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-09-03 13:40 247,808 a------- c:\windows\system32\drvstore.dll
2009-09-03 13:18 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-03 12:42 --d----- c:\users\owner\appdata\roaming\OpenOffice.org
2009-09-02 11:11 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 11:11 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 08:46 --d----- c:\program files\JRE
2009-08-27 08:45 --d----- c:\program files\OpenOffice.org 3
2009-08-27 08:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-08-27 08:04 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 07:23 1,696,768 a------- c:\windows\system32\gameux.dll

==================== Find3M ====================

2009-09-11 14:38 86,016 a------- c:\windows\inf\infstor.dat
2009-09-11 14:38 51,200 a------- c:\windows\inf\infpub.dat
2009-09-11 14:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-11 14:27 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 20:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 20:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 20:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 20:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-07-21 15:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 15:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 15:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 14:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 07:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 06:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 06:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 06:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 06:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-30 13:02 3,190,688 a------- c:\users\owner\ccsetup218.exe
2008-10-21 13:52 174 a--sh--- c:\program files\desktop.ini
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-23 07:30 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-23 07:30 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-23 07:30 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-23 07:30 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 8:24:59.37 ===============

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft®️ Windows Vista™️ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/10/2007 1:02:14 PM
System Uptime: 24/09/2009 4:16:19 AM (4 hours ago)

Motherboard: TOSHIBA | | ISKAE
Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz | U2E1 | 800/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 148 GiB total, 82.36 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP499: 18/09/2009 7:25:12 AM - Windows Update
RP500: 21/09/2009 7:24:34 AM - Installed Java(TM) 6 Update 15
RP501: 21/09/2009 8:48:14 AM - Windows Update
RP503: 22/09/2009 8:59:08 AM - Avira AntiVir Personal - 22/09/2009 8:58
RP505: 23/09/2009 12:02:49 PM - Windows Defender Checkpoint
RP506: 24/09/2009 7:40:45 AM - Windows Update

==== Installed Programs ======================


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Adobe®️ Photoshop®️ Album Starter Edition 3.2
Advanced SystemCare 3
ALPS Touch Pad Driver
AppCore
Apple Software Update
AV
Camera Assistant Software for Toshiba
ccCommon
CD/DVD Drive Acoustic Silencer
DVD MovieFactory for TOSHIBA
ESET Online Scanner v3
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 13
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OpenOffice.org 3.1
PaperPort
PowerISO
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for Windows Media Encoder (KB954156)
Smart Defrag 1.20
Smart Menus (Windows Live Toolbar)
Sony Ericsson Media Manager 1.1
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Sims™️ 2 Double Deluxe
TIPCI
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utility Common Driver
VideoLAN VLC media player 0.8.6e
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Encoder 9 Series
WinDVD for TOSHIBA
Yahoo! Toolbar

==== End Of File ===========================

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 8:29:01.10 on 24/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.2.1033.18.1013.176 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Windows Media Player\wmplayer.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VQJ1B4H\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2009-9-23 202872]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-2 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2007-11-2 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2007-11-2 109992]

=============== Created Last 30 ================

2009-09-23 12:17 --d----- c:\program files\Trend Micro
2009-09-23 12:14 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 12:14 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-23 12:14 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 11:41 0 a------- c:\windows\system32\msnaoladdon.dll.tmp
2009-09-23 09:37 --d----- c:\program files\Norton Internet Security
2009-09-23 09:35 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-23 09:35 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-23 09:35 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-23 09:30 --d----- c:\program files\Symantec
2009-09-23 08:03 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-23 08:03 506,368 a------- c:\windows\system32\msxml.dll
2009-09-22 14:05 61,440 a------- c:\windows\system32\ndisapi.dll
2009-09-22 14:05 13,312 a------- c:\windows\system32\drivers\snetcfg.exe
2009-09-22 14:05 --d----- c:\program files\common files\Uninstall
2009-09-11 14:27 --d----- c:\windows\system32\eu-ES
2009-09-11 14:27 --d----- c:\windows\system32\ca-ES
2009-09-11 14:27 --d----- c:\windows\system32\vi-VN
2009-09-11 13:28 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-09-11 13:27 978,944 a------- c:\windows\system32\crypt32.dll
2009-09-09 08:53 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 08:53 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 08:53 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 08:53 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 08:53 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 08:53 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 08:53 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 08:53 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 08:53 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 08:53 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 08:53 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 08:52 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 08:52 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-09 08:52 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 08:52 68,096 a------- c:\windows\system32\wlanhlp.dll
2009-09-09 08:52 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 08:52 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 08:52 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-09 08:51 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-09 08:51 98,816 a------- c:\windows\system32\mfps.dll
2009-09-09 08:51 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-09-09 08:51 24,576 a------- c:\windows\system32\mfpmp.exe
2009-09-09 08:51 2,048 a------- c:\windows\system32\mferror.dll
2009-09-03 13:49 --d----- c:\windows\system32\EventProviders
2009-09-03 13:44 164,352 a------- c:\windows\system32\spwizui.dll
2009-09-03 13:43 754,688 a------- c:\windows\system32\propsys.dll
2009-09-03 13:42 738,816 a------- c:\windows\system32\inetcomm.dll
2009-09-03 13:41 74,752 a------- c:\windows\system32\newdev.exe
2009-09-03 13:40 52,992 a------- c:\windows\system32\drivers\stream.sys
2009-09-03 13:40 1,009 a------- c:\windows\system32\wbem\wcnwiz2.mof
2009-09-03 13:40 334 a------- c:\windows\system32\wbem\WscEapPr.mof
2009-09-03 13:40 93,696 a------- c:\windows\system32\drivers\bridge.sys
2009-09-03 13:40 15,872 a------- c:\windows\system32\drivers\usb8023.sys
2009-09-03 13:40 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-09-03 13:40 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-09-03 13:40 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-09-03 13:40 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-09-03 13:40 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-09-03 13:40 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-09-03 13:40 247,808 a------- c:\windows\system32\drvstore.dll
2009-09-03 13:18 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-03 12:42 --d----- c:\users\owner\appdata\roaming\OpenOffice.org
2009-09-02 11:11 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 11:11 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 08:46 --d----- c:\program files\JRE
2009-08-27 08:45 --d----- c:\program files\OpenOffice.org 3
2009-08-27 08:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-08-27 08:04 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 07:23 1,696,768 a------- c:\windows\system32\gameux.dll

==================== Find3M ====================

2009-09-11 14:38 86,016 a------- c:\windows\inf\infstor.dat
2009-09-11 14:38 51,200 a------- c:\windows\inf\infpub.dat
2009-09-11 14:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-11 14:27 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 20:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 20:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 20:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 20:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-07-21 15:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 15:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 15:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 14:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 07:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 06:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 06:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 06:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 06:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-30 13:02 3,190,688 a------- c:\users\owner\ccsetup218.exe
2008-10-21 13:52 174 a--sh--- c:\program files\desktop.ini
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-23 07:30 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-23 07:30 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-23 07:30 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-23 07:30 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 8:34:13.11 ===============

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
Thank You! i dont really know anything about computers, i iknd of feel lost. I hope everything you need is here for you! I really appreciate EVERYTHING!! Hooray!

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
Hello.


  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Java(TM) 6 Update 13
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6

  • Click on the Uninstall/Change button at the top.

Next, delete this file in bold:
c:\windows\system32\msnaoladdon.dll.tmp

How is the machine running now?

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
Next, delete this file in bold:
c:\windows\system32\msnaoladdon.dll.tmp

what does this mean?

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
Find the file in bold using Windows Exporer (Windows key + E) then right click, and hit delete.

Or we can use a tool to do it automatically for us.

Please download the OTMoveIt by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    c:\windows\system32\msnaoladdon.dll.tmp


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
========== FILES ==========
c:\windows\system32\msnaoladdon.dll.tmp moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09252009_074921

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
its running pretty good. is there anything you would recommend me to do?
do i have alot of problems with my computer? should i just get a new one. or does this one work fine?

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
Hello.
No, the machine is fine, luckily this malware is just the fraud type and not one that does serious damage.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionalpha anitvirus! EmptyRe: alpha anitvirus!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum