HELP!

[RoxyyC]

I have A Toshiba Satellite. It will be two years old this September.
I haven't had any problems I couldn't solve. No serious virus', etc.
2 days ago, somehow I got that annoying Trojan "Security Tool" and i got rid of it the same night. Scanned my laptop with a Anti-Virus, Anti-Spyware and Anti-Malware softwares. Restarted my laptop and was ready to surf the net again. However, when I opened FireFox, Google Chrome, Safari or IE they all gave the error message. "Cant Display Webpage". I could still sign in on MSN messenger and Skype. But I can't Browse. Today though, I cant sign in on MSN anymore. Through all this, my laptop tells me I'm connected to the Internet, all the other Wireless things in my home are connected and working.
I've scanned my laptop everyday. I've Restored it but it will only let me go as far back after I got rid of the security tool.

Notes:
Security Tool popped up when my blackberry was connected. (I think I got it from my brothers laptop. He had it before. I got rid of it and his laptops still works)
MSN stopped working after I connected my phone to my laptop again.

PLEASE HELP ME!

Thank You,

 

[AussieGuy92]

try scaning with superantispyware free edition

 

[Jacee]

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- this will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next reply.

Either Corrine or I will get to you tommorow morning ... please hang in

 

[RoxyyC]

I'm using another computer at the moment. How would I download onto my laptop?

 

[Jacee]

Download it to a non-infected flash drive or a CD. Take it to the infected computer, right click on it and run as Administrator.

 

[thathagat]

it might be a good idea to check your hosts file

 

[RoxyyC]

it might be a good idea to check your hosts file

How do you check that?

 

[thathagat]

it might be a good idea to check your hosts file

How do you check that?

Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK.

Note If you are using 64 bit version of Windows, type %systemroot% \SysWOW64\drivers\etc.

see if there are any entries other than

 

[RoxyyC]

it might be a good idea to check your hosts file

How do you check that?

Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK.

Note If you are using 64 bit version of Windows, type %systemroot% \SysWOW64\drivers\etc.

see if there are any entries other than

Its exactly that, word-for-word
and they are no other entries

 

[Darician]

Additionally, try going into Internet Explorer then to Tools --> Internet Options, then click on the "Connections" tab and click on "LAN Settings" and ensure nothing is checked there. If there is stuff checked there (apart from "Automatically Detect Settings"), go ahead and uncheck it and click OK and OK again.

Then yes, do a scan. You can use something like TrendMicro HouseCall (housecall.trendmicro.com) to scan that PC.

 

[RoxyyC]

Additionally, try going into Internet Explorer then to Tools --> Internet Options, then click on the "Connections" tab and click on "LAN Settings" and ensure nothing is checked there. If there is stuff checked there (apart from "Automatically Detect Settings"), go ahead and uncheck it and click OK and OK again.

Then yes, do a scan. You can use something like TrendMicro HouseCall (housecall.trendmicro.com) to scan that PC.

Yup, I've already done that

 

[RoxyyC]

DDS, Attach.txt is attached

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- this will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next reply.

Either Corrine or I will get to you tommorow morning ... please hang in

DDS:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 23:52:22.85 on 08/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3062.1312 [GMT -4:00]

AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Personal Vault Backup Manager\VaultClientSRV.exe
C:\Program Files\Personal Vault Backup Manager\VaultClientUpgrade.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Bell Internet Security Services\rps.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Bell\Internet Service Advisor\BISA.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSMonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\dds.com
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Zango Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\zango\bin\10.3.75.0\HostIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Update Manager] "c:\program files\rogers\update manager\UpdateManager.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRunOnce: [IndexCleaner] "c:\program files\bell\bell internet security services\IdxClnR.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [BISA.exe] "c:\program files\bell\internet service advisor\BISA.exe" /AUTORUN
mRun: [BellCanada_UninstallTracking] c:\users\owner\appdata\local\temp\InstallHelper.exe /uninstalltrackingvendor=BellCanada
mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\owner\appdata\roaming\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\opuqbe.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sb91m7ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sb91m7ao.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-2-10 25608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 Radialpoint Security Services;Bell Internet Security Services;c:\program files\bell\bell internet security services\RpsSecurityAwareR.exe [2010-4-9 166944]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\bell\bell internet security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-2-10 5832712]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 ServicepointService;ServicepointService;c:\program files\bell\internet service advisor\ServicepointService.exe [2010-2-10 689392]
R2 VaultClientSRV;Personal Vault Backup Manager Service;c:\program files\personal vault backup manager\VaultClientSRV.exe [2010-1-17 1051728]
R2 VaultClientUpgrade;Personal Vault Backup Manager Upgrade Service;c:\program files\personal vault backup manager\VaultClientUpgrade.exe [2010-1-17 56400]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-11 7168]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-2-10 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-2-10 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-2-10 21208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-29 171520]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-17 20352]
S2 gupdate1ca06e8bd91aaa0;Google Update Service (gupdate1ca06e8bd91aaa0);c:\program files\google\update\GoogleUpdate.exe [2009-7-17 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-17 937984]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-29 51512]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]

=============== Created Last 30 ================

2010-08-08 15:53 280 a------- c:\windows\system32\PDBootState
2010-08-04 22:49 8,192 a------- c:\windows\system32\opuqbe.dll
2010-08-04 22:49 <DIR> --d----- c:\users\owner\appdata\roaming\65DEC236D132C3CBF0FB939CADDDD2B4
2010-07-23 22:19 <DIR> --d----- c:\program files\iPod
2010-07-23 22:19 <DIR> --d----- c:\program files\iTunes
2010-07-23 22:13 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2010-05-21 14:14 221,568 -------- c:\windows\system32\MpSigStub.exe
2010-05-18 16:35 107,808 a------- c:\windows\system32\dns-sd.exe
2010-05-18 16:35 91,424 a------- c:\windows\system32\dnssd.dll
2009-11-23 22:55 56 a---h--- c:\programdata\ezsidmv.dat
2009-11-23 22:55 56 a---h--- c:\progra~2\ezsidmv.dat
2009-09-19 23:30 2,113 a------- c:\program files\INSTALL.LOG
2009-07-14 00:56 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 00:56 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 00:56 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 00:56 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 00:41 174 a--sh--- c:\program files\desktop.ini
2009-07-13 20:34 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-13 20:34 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-13 20:34 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-13 20:34 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 17:26 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2010-01-23 14:44 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-21 09:41 1,025,326,880 a--sh--- c:\windows\system32\drivers\fidbox(3629).dat
2009-07-13 21:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:54:22.84 ===============

 

[thathagat]

hmmm........i guess jacee's dds advice is the way to go ..but.. try flushing your dns cache........

Start > All Programs > Accessories > Command Prompt. Rt-click on it and 'Run As Administrator'. Type the following and hit enter:

ipconfig /flushdns

remember there is a space b/w ipconfig & /

 

[RoxyyC]

hmmm........i guess jacee's dds advice is the way to go ..but.. try flushing your dns cache........

Start > All Programs > Accessories > Command Prompt. Rt-click on it and 'Run As Administrator'. Type the following and hit enter:

ipconfig /flushdns

remember there is a space b/w ipconfig & /

I flushed it, and still not working.
Thanks for your help

 

[Corrine]

Hi, RoxyyC.

After getting things cleaned up, it will be very important to address the outdated, vulnerable software (Adobe and Java) on your computer as well as your cell phone. For the time being, do not attach your cell phone to any of the computers.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

As you did with DDS, please go to an uninfected computer to download the tool to a flash drive or other removable media, and transfer it to the infected computer. Then, as indicated below, place ComboFix.exe on the desktop of the infected computer and continue with the instructions.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
  
  Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
• If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
• Double-click ComboFix.exe on your desktop and follow the prompts.
• As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  
  
  
• After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
• Click "Yes" to continue scanning for malware.
• When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

 

[Jacee]

Did you run Malwarebyte's and check items to be deleted?

If you did, I'm surprised it didn't delete "Zango"
Uninstall from Programs and Features (if found):
Zango Search Assistant
Zango Shoppingreports
Hotbar

Next, Navigate to c:\program files\zango <---delete this folder

Reboot

 

[RoxyyC]

Corrine & Jacee

thank you for the help so far.
I've just opened the ComboFix
However, they're asking me to disable 'Norton Security Online'
I didnt even know I had that till the DDS.txt and i don't know how to disable it.

 

[Jacee]

1

Start Norton Internet Security or Norton Personal Firewall.



2

In the left pane, click Status & Settings.



3

In the right pane, click Security.



4
Click turn off

 

[RoxyyC]

1

Start Norton Internet Security or Norton Personal Firewall.



2

In the left pane, click Status & Settings.



3

In the right pane, click Security.



4
Click turn off

I dont have either. I have never had any Norton products on this laptop.

 

[RoxyyC]

Can I just start ComboFix?