Thứ Tư, 22 tháng 6, 2016

HELP! part 1


RoxyyC

I have A Toshiba Satellite. It will be two years old this September.
I haven't had any problems I couldn't solve. No serious virus', etc.
2 days ago, somehow I got that annoying Trojan "Security Tool" and i got rid of it the same night. Scanned my laptop with a Anti-Virus, Anti-Spyware and Anti-Malware softwares. Restarted my laptop and was ready to surf the net again. However, when I opened FireFox, Google Chrome, Safari or IE they all gave the error message. "Cant Display Webpage". I could still sign in on MSN messenger and Skype. But I can't Browse. Today though, I cant sign in on MSN anymore. Through all this, my laptop tells me I'm connected to the Internet, all the other Wireless things in my home are connected and working.
I've scanned my laptop everyday. I've Restored it but it will only let me go as far back after I got rid of the security tool.

Notes:
Security Tool popped up when my blackberry was connected. (I think I got it from my brothers laptop. He had it before. I got rid of it and his laptops still works)
MSN stopped working after I connected my phone to my laptop again.

PLEASE HELP ME!

Thank You,




AussieGuy92

try scaning with superantispyware free edition

Jacee

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- this will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next reply.

Either Corrine or I will get to you tommorow morning ... please hang in

RoxyyC

I'm using another computer at the moment. How would I download onto my laptop?

Jacee

Download it to a non-infected flash drive or a CD. Take it to the infected computer, right click on it and run as Administrator.

thathagat

it might be a good idea to check your hosts file

RoxyyC

Quote�� Quote: Originally Posted by thathagat View Post
it might be a good idea to check your hosts file
How do you check that?

thathagat

Quote�� Quote: Originally Posted by RoxyyC View Post
Quote�� Quote: Originally Posted by thathagat View Post
it might be a good idea to check your hosts file
How do you check that?
Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK.

Note If you are using 64 bit version of Windows, type %systemroot% \SysWOW64\drivers\etc.

see if there are any entries other than

RoxyyC

Quote�� Quote: Originally Posted by thathagat View Post
Quote�� Quote: Originally Posted by RoxyyC View Post
Quote�� Quote: Originally Posted by thathagat View Post
it might be a good idea to check your hosts file
How do you check that?
Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK.

Note If you are using 64 bit version of Windows, type %systemroot% \SysWOW64\drivers\etc.

see if there are any entries other than
Its exactly that, word-for-word
and they are no other entries

Darician

Additionally, try going into Internet Explorer then to Tools --> Internet Options, then click on the "Connections" tab and click on "LAN Settings" and ensure nothing is checked there. If there is stuff checked there (apart from "Automatically Detect Settings"), go ahead and uncheck it and click OK and OK again.

Then yes, do a scan. You can use something like TrendMicro HouseCall (housecall.trendmicro.com) to scan that PC.

RoxyyC

Quote�� Quote: Originally Posted by Darician View Post
Additionally, try going into Internet Explorer then to Tools --> Internet Options, then click on the "Connections" tab and click on "LAN Settings" and ensure nothing is checked there. If there is stuff checked there (apart from "Automatically Detect Settings"), go ahead and uncheck it and click OK and OK again.

Then yes, do a scan. You can use something like TrendMicro HouseCall (housecall.trendmicro.com) to scan that PC.
Yup, I've already done that



RoxyyC

Quote�� Quote: Originally Posted by Jacee View Post
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- this will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next reply.

Either Corrine or I will get to you tommorow morning ... please hang in
DDS:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 23:52:22.85 on 08/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3062.1312 [GMT -4:00]

AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Personal Vault Backup Manager\VaultClientSRV.exe
C:\Program Files\Personal Vault Backup Manager\VaultClientUpgrade.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Bell Internet Security Services\rps.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Bell\Internet Service Advisor\BISA.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSMonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\dds.com
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Zango Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\zango\bin\10.3.75.0\HostIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Update Manager] "c:\program files\rogers\update manager\UpdateManager.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRunOnce: [IndexCleaner] "c:\program files\bell\bell internet security services\IdxClnR.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [BISA.exe] "c:\program files\bell\internet service advisor\BISA.exe" /AUTORUN
mRun: [BellCanada_UninstallTracking] c:\users\owner\appdata\local\temp\InstallHelper.exe /uninstalltrackingvendor=BellCanada
mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\owner\appdata\roaming\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\opuqbe.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sb91m7ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sb91m7ao.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-2-10 25608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 Radialpoint Security Services;Bell Internet Security Services;c:\program files\bell\bell internet security services\RpsSecurityAwareR.exe [2010-4-9 166944]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\bell\bell internet security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-2-10 5832712]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 ServicepointService;ServicepointService;c:\program files\bell\internet service advisor\ServicepointService.exe [2010-2-10 689392]
R2 VaultClientSRV;Personal Vault Backup Manager Service;c:\program files\personal vault backup manager\VaultClientSRV.exe [2010-1-17 1051728]
R2 VaultClientUpgrade;Personal Vault Backup Manager Upgrade Service;c:\program files\personal vault backup manager\VaultClientUpgrade.exe [2010-1-17 56400]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-11 7168]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-2-10 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-2-10 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-2-10 21208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-29 171520]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-17 20352]
S2 gupdate1ca06e8bd91aaa0;Google Update Service (gupdate1ca06e8bd91aaa0);c:\program files\google\update\GoogleUpdate.exe [2009-7-17 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-17 937984]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-29 51512]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]

=============== Created Last 30 ================

2010-08-08 15:53 280 a------- c:\windows\system32\PDBootState
2010-08-04 22:49 8,192 a------- c:\windows\system32\opuqbe.dll
2010-08-04 22:49 <DIR> --d----- c:\users\owner\appdata\roaming\65DEC236D132C3CBF0FB939CADDDD2B4
2010-07-23 22:19 <DIR> --d----- c:\program files\iPod
2010-07-23 22:19 <DIR> --d----- c:\program files\iTunes
2010-07-23 22:13 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2010-05-21 14:14 221,568 -------- c:\windows\system32\MpSigStub.exe
2010-05-18 16:35 107,808 a------- c:\windows\system32\dns-sd.exe
2010-05-18 16:35 91,424 a------- c:\windows\system32\dnssd.dll
2009-11-23 22:55 56 a---h--- c:\programdata\ezsidmv.dat
2009-11-23 22:55 56 a---h--- c:\progra~2\ezsidmv.dat
2009-09-19 23:30 2,113 a------- c:\program files\INSTALL.LOG
2009-07-14 00:56 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 00:56 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 00:56 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 00:56 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 00:41 174 a--sh--- c:\program files\desktop.ini
2009-07-13 20:34 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-13 20:34 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-13 20:34 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-13 20:34 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 17:26 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2010-01-23 14:44 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-21 09:41 1,025,326,880 a--sh--- c:\windows\system32\drivers\fidbox(3629).dat
2009-07-13 21:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:54:22.84 ===============

thathagat

hmmm........i guess jacee's dds advice is the way to go ..but.. try flushing your dns cache........

Start > All Programs > Accessories > Command Prompt. Rt-click on it and 'Run As Administrator'. Type the following and hit enter:

ipconfig /flushdns

remember there is a space b/w ipconfig & /

RoxyyC

Quote�� Quote: Originally Posted by thathagat View Post
hmmm........i guess jacee's dds advice is the way to go ..but.. try flushing your dns cache........

Start > All Programs > Accessories > Command Prompt. Rt-click on it and 'Run As Administrator'. Type the following and hit enter:

ipconfig /flushdns

remember there is a space b/w ipconfig & /
I flushed it, and still not working.
Thanks for your help

Corrine

Hi, RoxyyC.

After getting things cleaned up, it will be very important to address the outdated, vulnerable software (Adobe and Java) on your computer as well as your cell phone. For the time being, do not attach your cell phone to any of the computers.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

As you did with DDS, please go to an uninfected computer to download the tool to a flash drive or other removable media, and transfer it to the infected computer. Then, as indicated below, place ComboFix.exe on the desktop of the infected computer and continue with the instructions.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

Jacee

Did you run Malwarebyte's and check items to be deleted?

If you did, I'm surprised it didn't delete "Zango"
Uninstall from Programs and Features (if found):
Zango Search Assistant
Zango Shoppingreports
Hotbar

Next, Navigate to c:\program files\zango <---delete this folder

Reboot

RoxyyC

Corrine & Jacee

thank you for the help so far.
I've just opened the ComboFix
However, they're asking me to disable 'Norton Security Online'
I didnt even know I had that till the DDS.txt and i don't know how to disable it.

Jacee

1

Start Norton Internet Security or Norton Personal Firewall.



2

In the left pane, click Status & Settings.



3

In the right pane, click Security.



4
Click turn off

RoxyyC

Quote�� Quote: Originally Posted by Jacee View Post
1

Start Norton Internet Security or Norton Personal Firewall.



2

In the left pane, click Status & Settings.



3

In the right pane, click Security.



4
Click turn off
I dont have either. I have never had any Norton products on this laptop.

RoxyyC

Can I just start ComboFix?

Jacee

Sure.... if it works.

Norton/Symantec may be bundled with your Internet service
\Bell Internet Security Services\Fws.exe



RoxyyC

ohhhhh, I see.
Thanks again for the help.

RoxyyC

ComboFix 10-08-08.03 - Owner 09/08/2010 12:44:53.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3062.1262 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\system32\system
.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.
2010-08-09 17:02 . 2010-08-09 17:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-09 17:02 . 2010-08-09 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-05 02:49 . 2010-08-05 02:49 8192 ----a-w- c:\windows\system32\opuqbe.dll
2010-08-05 02:49 . 2010-08-05 04:21 -------- d-----w- c:\users\Owner\AppData\Roaming\65DEC236D132C3CBF0FB939CADDDD2B4
2010-08-05 00:39 . 2010-08-05 00:39 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.24464.exe.dir\SPDFileCopier.exe
2010-08-04 20:39 . 2010-08-04 20:39 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.26962.exe.dir\SPDFileCopier.exe
2010-08-04 04:16 . 2010-08-04 04:16 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.29358.exe.dir\SPDFileCopier.exe
2010-08-03 23:16 . 2010-08-03 23:16 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.11478.exe.dir\SPDFileCopier.exe
2010-08-03 18:32 . 2010-08-03 18:32 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.15724.exe.dir\SPDFileCopier.exe
2010-08-03 05:33 . 2010-08-03 05:33 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.19169.exe.dir\SPDFileCopier.exe
2010-08-03 01:33 . 2010-08-03 01:33 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.26500.exe.dir\SPDFileCopier.exe
2010-07-31 05:34 . 2010-07-31 05:34 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.6334.exe.dir\SPDFileCopier.exe
2010-07-29 19:12 . 2010-07-29 19:12 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.18467.exe.dir\SPDFileCopier.exe
2010-07-24 02:19 . 2010-07-24 02:19 -------- d-----w- c:\program files\iPod
2010-07-24 02:19 . 2010-07-24 02:20 -------- d-----w- c:\program files\iTunes
2010-07-24 02:13 . 2010-07-24 02:13 -------- d-----w- c:\program files\Bonjour
2010-07-24 02:10 . 2010-07-24 02:10 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 16:31 . 2009-11-25 23:57 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-09 16:26 . 2009-11-24 02:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-08-09 15:31 . 2009-11-24 02:55 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-08-05 04:43 . 2010-01-30 18:12 -------- d-----w- c:\users\Guest\AppData\Roaming\IMVU
2010-07-24 03:09 . 2008-11-10 04:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2010-07-24 02:19 . 2008-11-10 04:33 -------- d-----w- c:\program files\Common Files\Apple
2010-07-23 19:15 . 2010-02-18 22:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-28 22:37 . 2010-01-30 21:29 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-06-27 23:46 . 2010-01-30 21:41 123048 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-24 21:22 . 2009-10-30 01:48 123048 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-24 20:46 . 2010-06-24 20:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-06-24 20:44 . 2010-06-24 20:44 -------- d-----w- c:\programdata\ALM
2010-06-24 20:43 . 2008-02-12 00:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-22 16:51 . 2010-06-22 16:51 -------- d-----w- c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-15 18:50 . 2010-02-11 03:36 -------- d-----w- c:\programdata\Radialpoint
2010-05-28 21:11 . 2010-05-28 21:11 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-21 18:14 . 2009-10-02 19:41 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-08-21 13:41 . 2009-05-17 02:32 1025326880 --sha-w- c:\windows\System32\drivers\fidbox(3629).dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Va ultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2010-01-17 23:08 503808 ----a-w- c:\program files\Personal Vault Backup Manager\VaultClientMenu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"Update Manager"="c:\program files\Rogers\Update Manager\UpdateManager.exe" [2006-01-06 131072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-04-03 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-29 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 663552]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-08-14 417792]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 150552]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2010-01-19 1565696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-23 202256]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
R2 gupdate1ca06e8bd91aaa0;Google Update Service (gupdate1ca06e8bd91aaa0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 Radialpoint Security Services;Bell Internet Security Services;c:\program files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe [2010-04-09 166944]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
S2 VaultClientSRV;Personal Vault Backup Manager Service;c:\program files\Personal Vault Backup Manager\VaultClientSRV.exe [2010-01-17 1051728]
S2 VaultClientUpgrade;Personal Vault Backup Manager Upgrade Service;c:\program files\Personal Vault Backup Manager\VaultClientUpgrade.exe [2010-01-17 56400]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 21208]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-05 171520]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - 8030872F
*Deregistered* - 8030872f
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 14:10]
2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 14:10]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\opuqbe.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sb91m7ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sb91m7ao.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel

.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000020
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-09 13:10:01
ComboFix-quarantined-files.txt 2010-08-09 17:10
Pre-Run: 71,377,874,944 bytes free
Post-Run: 71,443,492,864 bytes free
- - End Of File - - C23254101B6F688FEE279856F93E7D7E

Jacee

You have a couple of files that I'd like you to upload to Virus total VirusTotal - Free Online Virus and Malware Scan

Scan each one individually and save to results to copy and past back here.

c:\windows\system32\opuqbe.dll
c:\users\Owner\AppData\Roaming\65DEC236D132C3CBF0FB939CADDDD2B4

You may have to unhide 'hidden files and folders' to find/see them
From the control panel, click on 'Folder Options" > View tab > check 'show hidden files', uncheck 'hide extentions'.

RoxyyC

Opuqbe.dll it says:
File has already been analysed:


MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071
MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5: b3efb184d5762dabce4c0ac7b6e188bf
first recieved: 2010.07.23 13:18:23 UTC
Date: 2010.08.06 14:14:31 UTC [>3D]
Results: 4/42
permalink: analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071

then I reanalysed it and got:

Antivirus Version Last Update Result

AhnLab-V32010.08.10.002010.08.09-
AntiVir8.2.4.342010.08.09-
Antiy-AVL2.0.3.72010.08.09-
Authentium5.2.0.52010.08.09-
Avast4.8.1351.02010.08.09-
Avast55.0.332.02010.08.09-
AVG9.0.0.8512010.08.09-
BitDefender7.22010.08.09-
CAT-QuickHeal11.002010.08.09-
ClamAV0.96.0.3-git2010.08.09-
Comodo56982010.08.09-
DrWeb5.0.2.033002010.08.09Trojan.Click1.25301
Emsisoft5.0.0.362010.08.09-
eSafe7.0.17.02010.08.09-
eTrust-Vet36.1.77782010.08.09-
F-Prot4.6.1.1072010.08.09-
F-Secure9.0.15370.02010.08.09-
Fortinet4.1.143.02010.08.09-
GData212010.08.09-
IkarusT3.1.1.87.02010.08.09-
Jiangmin13.0.9002010.08.07-
McAfee5.400.0.11582010.08.09Artemis!B3EFB184D576
McAfee-GW-Edition2010.12010.08.09Artemis!B3EFB184D576
Microsoft1.60042010.08.09-NOD3253532010.08.09-Norman6.05.112010.08.09-nProtect2010-08-09.022010.08.09-Panda10.0.2.72010.08.09-PCTools7.0.3.52010.08.09-Prevx3.02010.08.09High Risk Cloaked Malware
Rising22.60.00.042010.08.09-
Sophos4.56.02010.08.09Troj/Agent-OFJ
Sunbelt67052010.08.09Trojan.Win32.Browser-Winsock.Hijacker
SUPERAntiSpyware4.40.0.10062010.08.09-Symantec20101.1.1.72010.08.09-TheHacker6.5.2.1.3392010.08.09-TrendMicro9.120.0.10042010.08.09-TrendMicro-HouseCall9.120.0.10042010.08.09-VBA323.12.12.82010.08.04-ViRobot2010.8.9.39782010.08.09-VirusBuster5.0.27.02010.08.09-

Additional information

File size: 8192 bytesMD5...: b3efb184d5762dabce4c0ac7b6e188bf
SHA1..: e6dc04c8c5a4965e093b9a96c219b998bb86e9b1
SHA256: 7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a
ssdeep: 192:/wjHWy8YkntA5huI/2NLEFYjf+8AFup3e:4L7/kGXuI/aL5pu<BR>PEiD..: -PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1410<BR>timedatestamp.....: 0x4c46f543 (Wed Jul 21 13:25:23 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x12b2 0x1400 6.07 cb94cf75c209beb01a273ed5c7516c86<BR>.rdata 0x3000 0x2fd 0x400 3.88 0b75dd81c6aa12ea35fb354c4887ef81<BR>.data 0x4000 0x78 0x200 0.31 f0f4f53dfd61aa2546d9fbcee5627038<BR>.reloc 0x5000 0x130 0x200 2.93 a77c08f6b71b7d67beede025f13d8027<BR><BR>( 2 imports ) <BR>&gt; WS2_32.dll: WSCEnumProtocols, getnameinfo, -, -, WSCGetProviderPath<BR>&gt; KERNEL32.dll: LoadLibraryW, ExpandEnvironmentStringsA, LoadLibraryA, LeaveCriticalSection, EnterCriticalSection, FindAtomA, DeleteCriticalSection, FreeLibrary, InitializeCriticalSection, WideCharToMultiByte, HeapAlloc, ExpandEnvironmentStringsW, HeapFree, GetProcAddress, GetLastError, HeapCreate<BR><BR>( 2 exports ) <BR>GetLspGuid, WSPStartup<BR>RDS...: NSRL Reference Data Set<BR>-pdfid.: -sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_res...3-0550-99&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=735DB25700952011205C0036C52BF8009271D5EB' target='_blank'&gt;http://info.prevx.com/aboutprogramte...D5EB&lt;/a&gt;

RoxyyC

The Other file is an empty folder, so I cant scan it.

Jacee

Are you able to get online? Let's do this ...

Open a command prompt, right click and run as Administrator. Type
netsh winsock reset

Reboot and it should be fixed.

Next, download DrWeb Curit! and run a complete scan.
http://www.freedrweb.com/cureit/

RoxyyC

Thank you soooooo much!! This means sooo much to me.
I've been trying find out what was wrong for 2 days!!
Your help is very appreciated, everyone!
I was able to access the net and download DrWeb Cureit!
and my laptop is being scanned (complete scan).

Thanks a lot!!

Jacee

Please, if you can save the log, post it! Also let me know How your compter is running.

Corrine

Hi, RoxyyC.

In addition to the Dr. Web Cureit log, there is vulnerable software on your computer that needs to be dealt with.

RoxyyC

My laptop just shut down and restarted to blue screen during the scan. So I will be re-scanning it again. It should be done in a day. And Vulnerable software do you mean the updates to Adobe & Java?



Jacee

Yes, both of those are quite outdated.

Go into safe mode and delete
c:\windows\system32\opuqbe.dll <---this file
c:\users\Owner\AppData\Roaming\65DEC236D132C3CBF0FB939CADDDD2B4 <--this application

Now reboot normally and try to run Drweb again

RoxyyC

Soo, the files have been deleted. For the second time however, my laptop shutdown during the complete scan. I did an express scan (before the second complete scan attempt) and it deleted the *opuqbe.dll* file. And I deleted the other on safe mode manually. Right now, I'm just trying to updating the out-dated things. Laptops running well other wise.

madtownidiot

This method has worked for me in the past:


Start your computer in safe mode with networking
Download MalwareBytes Anti-Malware.

Download rkill.com ( rkill.exe ) and run it

Install the mbam-setup.exe file. You'll have to monitor the install folder as it's running and as soon as you see mbam.exe file, select it and click ctrl+x, paste it to the desktop, wait a few minutes, then paste it back into the install folder..
Go to the Scan tab, select �Perform Quick Scan� and press �Scan.�
MalwareBytes Anti Malware will now scan all your PC for malware, including the Security Tool.
You will see a �The Scan completed successfully. Click �Show Results� to display all objects found� prompt once the scan is finished. Press OK.
Now press �Show Results.�
You will see a list of malware applications, including the Rogue.SecurityTool. Be sure to select them all and press �Remove Selected.�
After MalwareBytes Anti Malware finishes the cleaning, you can close the program and be sure your PC is clean.
As a caution, you should also use rkill.com ( rkill.exe ) to terminate malicious processes.

Corrine

While you're updating Adobe products, in addition to Adobe Reader, there was a critical update to Adobe Flash and Adobe Air today. (Additional information is available in the Security Bulletin. Remember to update for both IE and Firefox.)

With Java, go to Add/Remove Programs and uninstall the following:

Java(TM) 6 Update 13
Java(TM) 6 Update 3

Next, please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.


Then download and install Java SE Runtime Environment (JRE) 6 Update 21.

Download Link: Java SE Runtime Environment 6u21

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Since it seem you're having a problem with the Dr.Cureit full scan, how about an MBAM scan?
  • Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  • Once the update has been installed and the program has loaded, select [b]Quick scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.


** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

RoxyyC

Quote�� Quote: Originally Posted by Corrine View Post
While you're updating Adobe products, in addition to Adobe Reader, there was a critical update to Adobe Flash and Adobe Air today. (Additional information is available in the Security Bulletin. Remember to update for both IE and Firefox.)

With Java, go to Add/Remove Programs and uninstall the following:

Java(TM) 6 Update 13
Java(TM) 6 Update 3

Next, please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.


Then download and install Java SE Runtime Environment (JRE) 6 Update 21.

Download Link: Java SE Runtime Environment 6u21

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Since it seem you're having a problem with the Dr.Cureit full scan, how about an MBAM scan?
  • Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  • Once the update has been installed and the program has loaded, select [b]Quick scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.


** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Done, done and done!
MBAM found nothing.

madtownidiot

Good to hear it. I have a quite a few friends who've gotten hit by that Security Tool, and it's really annoying, but at least it doesn't do a lot of damage by itself.

Corrine

Good news, RoxyyC!

If everything is back to normal, the following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Having a firewall, anti-virus and anti-malware software are not enough. You also need to stay current with security updates. If you don't have your computer set to automatically install the Microsoft Security Updates, please check for updates now. For additional information, see my blog post Understanding Microsoft Updates

To check if your system is missing security updates or has any additional insecure applications installed, visit OSI - Consumer - Products . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications


Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: SpywareBlaster� | Prevent spyware and malware. Free download.

My favorite security software is WinPatrol which includes the features described at WinPatrol Features

Please let me know if you have any questions.

RoxyyC

Quote�� Quote: Originally Posted by madtownidiot View Post
Good to hear it. I have a quite a few friends who've gotten hit by that Security Tool, and it's really annoying, but at least it doesn't do a lot of damage by itself.
yes, exactly! I got rid of it on my brothers laptop easy. But my laptop was acting up. Thanks from the help here though, I was able to fix other things as well.

madtownidiot

Stick around.. you'll learn a lot.. I certainly have

Jacee

Quote�� Quote: Originally Posted by RoxyyC View Post
Soo, the files have been deleted. For the second time however, my laptop shutdown during the complete scan. I did an express scan (before the second complete scan attempt) and it deleted the *opuqbe.dll* file. And I deleted the other on safe mode manually. Right now, I'm just trying to updating the out-dated things. Laptops running well other wise.
Very good!

After installing the updates that Corrine noted, download
ATF Cleaner Welcome to the Frontpage - www.atribune.org
Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

Next, go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

Download, install Auslogics Disk Defrag - Fast and Safe Defragmenter for Your Disks
Run .... then reboot.

Let us know how your computer is doing.



RoxyyC

I just wanted to update and thank you !
Everything is running smoothly, and I've been on top of my updates. I scan regularly . And so far, soo GOOD!
So thank you for the help, its really appreciated. I've even recommended the site to people! (:
Người đăng: vào lúc

Không có nhận xét nào:

Đăng nhận xét