Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches are redirecting to spam sites


  • This topic is locked This topic is locked
6 replies to this topic

#1 buzzorhowl

buzzorhowl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 09 February 2010 - 06:11 PM

This all started with my system being attacked by the Antivirus Plus malware. I was able to get rid of it using MalwareBytes, Spybot, and CCleaner, but have continued to have a problem with Google searches. When I click on links brought up in a Google search, instead of going to those links, my computer is redirected to any of several different spam sites. I can copy the link and paste the address into a new browser tab, but actually clicking on the link never works properly. I've tried updating and running MalwareBytes in safe mode, and a few other things, but this symptom hangs around even when every program I've used says my system is all clear. For the record, I'm on a laptop running Windows Vista, and I use Internet Explorer 7.0 as my browser.

Here is my DDS report:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Andrew at 15:28:47.70 on Tue 02/09/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1544 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 360584]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-9 20384]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-15 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-15 285392]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-6 1153368]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-9 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]

=============== Created Last 30 ================

2010-02-09 20:27:41 0 ----a-w- c:\users\andrew\defogger_reenable
2010-02-06 19:07:39 0 d-----w- C:\$RECYCLE.BIN
2010-02-06 18:52:00 98816 ----a-w- c:\windows\sed.exe
2010-02-06 18:52:00 77312 ----a-w- c:\windows\MBR.exe
2010-02-06 18:52:00 261632 ----a-w- c:\windows\PEV.exe
2010-02-06 18:52:00 161792 ----a-w- c:\windows\SWREG.exe
2010-02-06 18:51:34 0 d-----w- C:\buzzorhowl
2010-02-06 16:38:22 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 16:38:22 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 16:35:30 0 dc----w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-06 08:31:52 0 d-----w- c:\program files\backups
2010-02-06 08:10:04 0 d-----w- c:\users\andrew\appdata\roaming\Malwarebytes
2010-02-06 08:09:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-06 08:09:56 0 d-----w- c:\programdata\Malwarebytes
2010-02-06 08:09:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-06 08:09:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 08:03:11 0 d-----w- c:\program files\CCleaner
2010-02-06 08:02:23 3370400 ----a-w- c:\program files\ccsetup228.exe
2010-02-06 07:35:58 0 d-----w- c:\windows\pss
2010-02-06 07:22:43 89088 --sha-r- c:\windows\system32\comrepli.dll
2010-01-26 16:46:50 0 d-----w- c:\program files\CDisplay
2010-01-26 16:46:10 1158444 ----a-w- c:\program files\setup.zip
2010-01-22 11:06:12 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 11:06:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-16 14:37:48 144 ----a-w- c:\users\andrew\appdata\roaming\wklnhst.dat
2010-01-13 14:57:44 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 14:57:44 156672 ----a-w- c:\windows\system32\t2embed.dll

==================== Find3M ====================

2010-02-08 20:50:04 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-08 20:50:04 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-07 17:56:11 7427 ----a-w- c:\program files\hijackthis.log
2009-12-13 03:32:21 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-13 03:26:09 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-13 02:39:01 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-28 07:51:23 401720 ----a-w- c:\program files\HijackThis.exe
2009-11-27 06:31:41 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-11-15 06:27:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 20:16:50 891208 ----a-w- c:\program files\avg_free_stb_en_9_40_free.exe
2009-09-22 03:53:13 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe
2009-07-22 06:17:17 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-06-06 00:02:37 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-26 16:03:09 3081395 ----a-w- c:\program files\foobar2000_0.9.6.7.exe
2009-05-26 16:01:48 134133 ----a-w- c:\program files\foo_audioscrobbler-1.4.1.exe
2009-04-16 03:12:17 74302760 ----a-w- c:\program files\iTunesSetup.exe
2009-03-17 04:49:54 1234120 ----a-w- c:\program files\wrar380.exe
2009-03-08 00:51:31 952682 ----a-w- c:\program files\slsk157NS13c.exe
2009-03-07 22:58:07 2998830 ----a-w- c:\program files\foobar2000_0.9.6.3.exe
2009-03-07 05:34:02 19333112 ----a-w- c:\program files\DivXInstaller.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2007-02-26 16:32:54 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-01 22:02:54 313344 ----a-w- c:\program files\hjsplit.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2005-11-01 09:25:12 1014477 ----a-w- c:\program files\wrar351.exe
2009-03-06 05:30:05 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-03-06 05:30:03 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 15:29:16.32 ===============


I have attached the DDS attach.txt file and the GMER ark.txt file. Thanks in advance for any help anyone can give me.

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:09 PM

Posted 16 February 2010 - 11:09 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 buzzorhowl

buzzorhowl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 17 February 2010 - 09:12 PM

Since my initial post, I got attacked again by Antivirus Plus, this time so badly my computer went Blue Screen Of Death on me. I used an online tutorial to figure out how to get rid of it, and basically did the same things that I did the first time, with one additional step. The tutorial told me that Antivirus Plus modifies the Hosts file, which is what causes the redirected Google searches. It told me that I should modify it back, but not what to change it back to. I decided to restore it to default, using the tool on microsoft.com that allows you to do so. Which may have been a bad idea, and if I screwed things up so bad that I should just reinstall my OS, let me know (although my machine is a laptop that didn't come with reinstall discs, so I don't know how I'll do so if I have to...) Anyway, the result of resetting the hosts file to default is that the Google redirects don't happen every time now, but still happen occasionally. Also, sometimes a new browser window will randomly open and go to a spam site. This always happens when I have my browser open but not necessarily due to me clicking anything--sometimes it just happens randomly when I'm sitting there reading something. It only happens once per internet session or thereabouts, so it's not a huge problem, but it is a nuisance, as are the occasional Google search redirects (which I'd say only happen about 25% of the time now).

Here is the dds report I just ran:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Andrew at 20:37:54.65 on Wed 02/17/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1955 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 360584]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-9 20384]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-15 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-15 285392]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-6 1153368]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-9 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]

=============== Created Last 30 ================

2010-02-18 01:37:22 0 ----a-w- c:\users\andrew\defogger_reenable
2010-02-15 20:40:25 0 d-----w- c:\programdata\Office Genuine Advantage
2010-02-15 20:36:33 0 d-----w- c:\program files\Windows Portable Devices
2010-02-15 20:36:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-15 20:34:31 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-15 20:25:43 0 d-----w- c:\program files\common files\Windows Live
2010-02-15 20:24:45 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-02-15 20:23:26 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-15 20:23:26 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-15 20:23:26 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-15 20:22:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-02-15 20:21:15 0 d-----w- c:\program files\Microsoft
2010-02-15 20:20:22 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-02-15 20:20:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-02-15 20:19:56 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-02-15 20:19:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-15 20:19:51 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-11 06:13:10 0 d-----w- C:\06971f8677f27ec7b0526c800bda59
2010-02-06 19:07:39 0 d-----w- C:\$RECYCLE.BIN
2010-02-06 18:52:00 98816 ----a-w- c:\windows\sed.exe
2010-02-06 18:52:00 77312 ----a-w- c:\windows\MBR.exe
2010-02-06 18:52:00 261632 ----a-w- c:\windows\PEV.exe
2010-02-06 18:52:00 161792 ----a-w- c:\windows\SWREG.exe
2010-02-06 18:51:34 0 d-----w- C:\buzzorhowl
2010-02-06 16:38:22 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 16:38:22 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 16:35:30 0 dc----w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-06 08:31:52 0 d-----w- c:\program files\backups
2010-02-06 08:10:04 0 d-----w- c:\users\andrew\appdata\roaming\Malwarebytes
2010-02-06 08:09:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-06 08:09:56 0 d-----w- c:\programdata\Malwarebytes
2010-02-06 08:09:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-06 08:09:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 08:03:11 0 d-----w- c:\program files\CCleaner
2010-02-06 08:02:23 3370400 ----a-w- c:\program files\ccsetup228.exe
2010-02-06 07:35:58 0 d-----w- c:\windows\pss
2010-02-06 07:22:43 89088 --sha-r- c:\windows\system32\comrepli.dll
2010-01-26 16:46:50 0 d-----w- c:\program files\CDisplay
2010-01-26 16:46:10 1158444 ----a-w- c:\program files\setup.zip

==================== Find3M ====================

2010-02-16 02:44:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-16 02:44:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-15 20:36:29 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-15 20:36:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-07 17:56:11 7427 ----a-w- c:\program files\hijackthis.log
2010-01-16 14:37:55 144 ----a-w- c:\users\andrew\appdata\roaming\wklnhst.dat
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 15:53:32 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-13 02:39:01 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-12-08 20:01:02 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01:02 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-03 14:27:28 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-03 14:27:28 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-28 07:51:23 401720 ----a-w- c:\program files\HijackThis.exe
2009-11-27 06:31:41 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-11-07 20:16:50 891208 ----a-w- c:\program files\avg_free_stb_en_9_40_free.exe
2009-09-22 03:53:13 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe
2009-07-22 06:17:17 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-06-06 00:02:37 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-26 16:03:09 3081395 ----a-w- c:\program files\foobar2000_0.9.6.7.exe
2009-05-26 16:01:48 134133 ----a-w- c:\program files\foo_audioscrobbler-1.4.1.exe
2009-04-16 03:12:17 74302760 ----a-w- c:\program files\iTunesSetup.exe
2009-03-17 04:49:54 1234120 ----a-w- c:\program files\wrar380.exe
2009-03-08 00:51:31 952682 ----a-w- c:\program files\slsk157NS13c.exe
2009-03-07 22:58:07 2998830 ----a-w- c:\program files\foobar2000_0.9.6.3.exe
2009-03-07 05:34:02 19333112 ----a-w- c:\program files\DivXInstaller.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2007-02-26 16:32:54 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-01 22:02:54 313344 ----a-w- c:\program files\hjsplit.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2005-11-01 09:25:12 1014477 ----a-w- c:\program files\wrar351.exe
2009-03-06 05:30:05 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-03-06 05:30:03 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 20:39:28.39 ===============


I'm also attaching the attach.txt file from that report, and the ark.txt report generated by running gmer.

Thanks so much for your help on this matter.

Attached Files



#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:09 PM

Posted 18 February 2010 - 07:10 PM

Hello buzzorhowl

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:09 PM

Posted 20 February 2010 - 05:51 AM

Hello buzzorhowl,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


Thanks!!
PW

#6 buzzorhowl

buzzorhowl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 22 February 2010 - 10:50 AM

Wow. Well, in that case, I think I will go ahead and do an OS reinstall. Which I guess I will have to figure out how to do since my computer didn't come with OS reinstall discs, but if the situation is as bad as you say, I would rather not take the chance.

Thanks for your help.

#7 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:09 PM

Posted 23 February 2010 - 08:04 PM

Hello buzzorhowl,

QUOTE
Which I guess I will have to figure out how to do since my computer didn't come with OS reinstall discs,

Most computer manufacturers, including Toshiba, will have documentatation that give instructions about how to reinstall your operating system back to factory defaults.

Here is some advice about backing up your data.

When you backup data you need to save any files that you want to keep as a clean install and in your case a reinstall of the operating system will completely erase those files.

You can backup or save your files by burning them to CD, saving to a floppy disk, an external drive, flash or thumb drive. These might include word documents, .pdf files, music and pictures. Do not backup any programs or applications. If you use an external drive to save your data you will need to run FlashDisinfector prior to backing up.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Note that the files with the following extensions should not be backed up: This is because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

.exe
.scr
.htm
.html
.xml
.zip
.rar
.asp
.php


After you reinstall visit the Microsoft Update here for the latest updates.

New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Two good free Antivirus solutions are Avira Antivir and Avast

For most users the built in Windows Firewall is sufficient. If you would like a third party firewall some good free firewalls are (While installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage". Uncheck "Install Comodo Antivirus".)

Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.

Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware by Miekiemoes

If you have any more questions please don't hesitate to ask.

Thanks!!
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users