New
#11
DDS:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 23:52:22.85 on 08/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3062.1312 [GMT -4:00]
AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Personal Vault Backup Manager\VaultClientSRV.exe
C:\Program Files\Personal Vault Backup Manager\VaultClientUpgrade.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Bell Internet Security Services\rps.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Bell\Internet Service Advisor\BISA.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSMonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\dds.com
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Zango Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\zango\bin\10.3.75.0\HostIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Update Manager] "c:\program files\rogers\update manager\UpdateManager.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRunOnce: [IndexCleaner] "c:\program files\bell\bell internet security services\IdxClnR.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [BISA.exe] "c:\program files\bell\internet service advisor\BISA.exe" /AUTORUN
mRun: [BellCanada_UninstallTracking] c:\users\owner\appdata\local\temp\InstallHelper.exe /uninstalltrackingvendor=BellCanada
mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\owner\appdata\roaming\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\opuqbe.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sb91m7ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sb91m7ao.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-2-10 25608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 Radialpoint Security Services;Bell Internet Security Services;c:\program files\bell\bell internet security services\RpsSecurityAwareR.exe [2010-4-9 166944]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\bell\bell internet security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-2-10 5832712]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 ServicepointService;ServicepointService;c:\program files\bell\internet service advisor\ServicepointService.exe [2010-2-10 689392]
R2 VaultClientSRV;Personal Vault Backup Manager Service;c:\program files\personal vault backup manager\VaultClientSRV.exe [2010-1-17 1051728]
R2 VaultClientUpgrade;Personal Vault Backup Manager Upgrade Service;c:\program files\personal vault backup manager\VaultClientUpgrade.exe [2010-1-17 56400]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-11 7168]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-2-10 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-2-10 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\bell\bell internet security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-2-10 21208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-29 171520]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-17 20352]
S2 gupdate1ca06e8bd91aaa0;Google Update Service (gupdate1ca06e8bd91aaa0);c:\program files\google\update\GoogleUpdate.exe [2009-7-17 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-17 937984]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-29 51512]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
=============== Created Last 30 ================
2010-08-08 15:53 280 a------- c:\windows\system32\PDBootState
2010-08-04 22:49 8,192 a------- c:\windows\system32\opuqbe.dll
2010-08-04 22:49 <DIR> --d----- c:\users\owner\appdata\roaming\65DEC236D132C3CBF0FB939CADDDD2B4
2010-07-23 22:19 <DIR> --d----- c:\program files\iPod
2010-07-23 22:19 <DIR> --d----- c:\program files\iTunes
2010-07-23 22:13 <DIR> --d----- c:\program files\Bonjour
==================== Find3M ====================
2010-05-21 14:14 221,568 -------- c:\windows\system32\MpSigStub.exe
2010-05-18 16:35 107,808 a------- c:\windows\system32\dns-sd.exe
2010-05-18 16:35 91,424 a------- c:\windows\system32\dnssd.dll
2009-11-23 22:55 56 a---h--- c:\programdata\ezsidmv.dat
2009-11-23 22:55 56 a---h--- c:\progra~2\ezsidmv.dat
2009-09-19 23:30 2,113 a------- c:\program files\INSTALL.LOG
2009-07-14 00:56 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 00:56 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 00:56 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 00:56 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 00:41 174 a--sh--- c:\program files\desktop.ini
2009-07-13 20:34 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-13 20:34 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-13 20:34 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-13 20:34 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 17:26 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2010-01-23 14:44 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-21 09:41 1,025,326,880 a--sh--- c:\windows\system32\drivers\fidbox(3629).dat
2009-07-13 21:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 23:54:22.84 ===============
hmmm........i guess jacee's dds advice is the way to go ..but.. try flushing your dns cache........
Start > All Programs > Accessories > Command Prompt. Rt-click on it and 'Run As Administrator'. Type the following and hit enter:
ipconfig /flushdns
remember there is a space b/w ipconfig & /
Hi, RoxyyC.
After getting things cleaned up, it will be very important to address the outdated, vulnerable software (Adobe and Java) on your computer as well as your cell phone. For the time being, do not attach your cell phone to any of the computers.
Please follow these instructions carefully.
Download ComboFix from one of the following locations:
Link 1
Link 2
As you did with DDS, please go to an uninfected computer to download the tool to a flash drive or other removable media, and transfer it to the infected computer. Then, as indicated below, place ComboFix.exe on the desktop of the infected computer and continue with the instructions.
!!! IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.- If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.
Did you run Malwarebyte's and check items to be deleted?
If you did, I'm surprised it didn't delete "Zango"
Uninstall from Programs and Features (if found):
Zango Search Assistant
Zango Shoppingreports
Hotbar
Next, Navigate to c:\program files\zango <---delete this folder
Reboot
Corrine & Jacee
thank you for the help so far.
I've just opened the ComboFix
However, they're asking me to disable 'Norton Security Online'
I didnt even know I had that till the DDS.txt and i don't know how to disable it.
1
Start Norton Internet Security or Norton Personal Firewall.
2
In the left pane, click Status & Settings.
3
In the right pane, click Security.
4
Click turn off