0

As long as you are not running from there, it should be ok. Once cleaned up, hook it up and run a scan on that drive to check if it is infected.
Thanks for confirming that Adaware was no help too.

Once you have located those combofix logs (if they are there), have a go at running and updating MBA-M too, please.

0

I found the combofix log an have copied it below. When I ran combofix, I did not relize I did not have the recovery console installed, but I do now. With your help, we're making progress, but this thing is still doing some weird things - like not being able to change the background, and one of our accounts cannot start firefox. Weird.

Here's the log:

ComboFix 09-07-29.04 - Charlie 07/31/2009 0:43:45.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2003 [GMT -4:00]
Running from: C:\Documents and Settings\Charlie\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\autorun.inf
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\UACkvordnmppvuoxjcbf.sys
C:\WINDOWS\system32\UACafysvenqnlwhxdikl.db
C:\WINDOWS\system32\UACirnskatldwyblmify.dll
C:\WINDOWS\system32\UACnjlkyaeohnmatwdxr.dll
C:\WINDOWS\system32\UACnkltoyuokttbrfqqi.dat
C:\WINDOWS\system32\UACoyfuwjdraeujcwgjo.dll
C:\WINDOWS\system32\UACsskyicootjgxjntts.dll
C:\WINDOWS\system32\uactmp.db
C:\WINDOWS\system32\UACwqmfesnxmairrnyox.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-31 03:10:47 . 2009-07-31 03:10:32 410984 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-07-31 02:35:29 . 2009-07-31 02:35:29 0 d-----w- C:\Documents and Settings\Charlie\Application Data\Malwarebytes
2009-07-30 21:50:58 . 2009-07-30 21:50:58 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-30 21:49:04 . 2009-07-13 17:36:34 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-07-30 21:49:02 . 2009-07-30 21:50:55 0 d-----w- C:\Program Files\charliestuff
2009-07-30 21:49:02 . 2009-07-13 17:36:12 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-07-30 21:46:44 . 2009-07-30 21:46:56 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2009-07-30 20:35:29 . 2009-07-30 20:35:29 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
2009-07-30 20:15:55 . 2009-02-16 04:10:12 69000 ----a-w- C:\WINDOWS\system32\zlcomm.dll
2009-07-30 20:15:55 . 2009-02-16 04:10:12 103816 ----a-w- C:\WINDOWS\system32\zlcommdb.dll
2009-07-30 20:15:46 . 2009-02-16 04:10:14 1221512 ----a-w- C:\WINDOWS\system32\zpeng25.dll
2009-07-29 03:47:43 . 2009-07-29 03:47:48 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
2009-07-29 03:47:43 . 2009-07-29 03:47:43 0 d-----w- C:\Program Files\NOS
2009-07-24 17:17:05 . 2009-07-24 17:17:05 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2009-07-22 03:02:54 . 2009-07-22 03:02:54 0 d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\SupportSoft
2009-07-22 03:02:43 . 2009-02-27 10:57:28 36400 ----a-r- C:\WINDOWS\system32\drivers\SymIM.sys
2009-07-22 02:42:29 . 2009-07-22 02:42:29 0 d-----w- C:\Documents and Settings\Chubz'\Local Settings\Application Data\Symantec
2009-07-22 00:27:17 . 2009-07-22 00:27:17 0 d-----w- C:\Program Files\ESET
2009-07-22 00:10:14 . 2009-07-30 21:25:26 0 d-----w- C:\Program Files\bytemal
2009-07-21 23:00:26 . 2009-07-21 23:00:27 0 d-----w- C:\Program Files\Norton Support
2009-07-21 23:00:19 . 2009-07-21 23:00:19 0 d-----w- C:\Documents and Settings\Charlie\Local Settings\Application Data\Symantec
2009-07-21 23:00:14 . 2009-07-21 23:00:14 0 d-----w- C:\Documents and Settings\Charlie\Application Data\Symantec
2009-07-21 22:49:50 . 2009-07-21 23:59:34 60808 ----a-w- C:\WINDOWS\system32\S32EVNT1.DLL
2009-07-21 22:49:50 . 2009-07-21 23:59:34 124464 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2009-07-21 22:49:50 . 2009-07-21 23:59:34 0 d-----w- C:\Program Files\Symantec
2009-07-21 22:49:50 . 2009-07-21 22:52:22 0 d-----w- C:\Program Files\Common Files\Symantec Shared
2009-07-21 22:49:18 . 2009-07-21 23:59:20 0 d-----w- C:\WINDOWS\system32\drivers\NAV
2009-07-21 22:49:15 . 2009-07-21 22:50:16 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
2009-07-21 22:49:15 . 2009-07-21 22:49:27 0 d-----w- C:\Program Files\Norton AntiVirus
2009-07-21 22:49:15 . 2009-07-21 22:49:15 0 d-----w- C:\Program Files\Windows Sidebar
2009-07-21 22:43:12 . 2009-07-21 22:48:59 0 d-----w- C:\Program Files\NortonInstaller
2009-07-21 22:29:56 . 2009-07-21 22:29:56 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
2009-07-18 23:08:40 . 2009-07-18 23:08:40 0 d-----w- C:\Program Files\Trend Micro
2009-07-18 23:01:38 . 2009-07-18 23:01:38 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-15 04:29:53 . 2009-07-15 04:29:53 0 d-----w- C:\Program Files\Alwil Software
2009-07-12 23:07:54 . 2009-07-12 23:07:54 0 d-----w- C:\Program Files\ParetoLogic
2009-07-12 23:07:54 . 2009-07-12 23:07:54 0 d-----w- C:\Program Files\Common Files\ParetoLogic
2009-07-12 23:07:54 . 2009-07-12 23:07:54 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Virus PLUS
2009-07-12 23:07:54 . 2009-07-12 23:07:54 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic
2009-07-12 23:07:22 . 2009-07-12 23:07:22 0 d-----w- C:\Documents and Settings\Charlie\Local Settings\Application Data\Downloaded Installations
2009-07-12 22:44:12 . 2009-07-12 22:44:12 9088 ---hatw- C:\WINDOWS\system32\drivers\CrucialSMBusScan.sys
2009-07-12 22:36:43 . 2009-07-12 22:36:43 0 d-----w- C:\Documents and Settings\Charlie\Application Data\Sammsoft
2009-07-12 22:36:26 . 2009-07-12 22:36:26 0 d-----w- C:\Program Files\Advanced Registry Optimizer
2009-07-12 22:25:18 . 2009-07-12 22:25:22 0 d-----w- C:\Program Files\Spybot - Search & Destroy_3
2009-07-12 15:16:00 . 2009-07-12 15:16:00 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SITEguard
2009-07-12 15:14:51 . 2009-07-12 15:14:51 0 d-----w- C:\Program Files\STOPzilla!
2009-07-12 15:14:50 . 2009-07-31 05:02:51 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2009-07-12 15:14:50 . 2009-07-12 15:14:50 0 d-----w- C:\Program Files\Common Files\iS3
2009-07-12 13:54:16 . 2009-07-12 14:04:09 0 d-----w- C:\Program Files\Spybot - Search & Destroy_2
2009-07-12 02:36:24 . 2009-07-12 02:36:24 0 d-s---w- C:\Documents and Settings\Administrator\UserData
2009-07-12 02:36:21 . 2009-07-12 02:36:21 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2009-07-11 23:49:05 . 2009-07-11 23:49:05 102240 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-11 22:26:35 . 2009-07-11 22:26:35 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
2009-07-11 20:15:20 . 2009-07-11 20:15:20 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-11 19:54:25 . 2009-07-12 13:51:19 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-11 19:17:55 . 2009-07-11 19:17:56 0 d-----w- C:\Program Files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 04:20:49 . 2009-07-31 04:20:49 168 ----a-w- C:\Program Files\xykow.txt
2009-07-31 03:10:24 . 2005-04-23 12:20:11 0 d-----w- C:\Program Files\Java
2009-07-31 02:35:23 . 2008-07-06 00:58:15 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-30 21:32:52 . 2009-07-30 21:32:52 37217 ----a-w- C:\WINDOWS\Internet Logs\vsmon_2nd_2009_07_30_16_44_37_small.dmp.zip
2009-07-30 20:16:36 . 2009-04-15 00:41:38 0 d-----w- C:\Program Files\AskBarDis
2009-07-30 20:16:02 . 2005-12-23 14:05:11 4212 ---ha-w- C:\WINDOWS\system32\zllictbl.dat
2009-07-21 23:59:34 . 2009-07-21 22:49:50 805 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.INF
2009-07-21 23:59:34 . 2009-07-21 22:49:50 7386 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2009-07-15 22:57:25 . 2006-10-31 01:15:48 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-12 03:09:37 . 2006-08-19 13:42:09 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-11 22:30:23 . 2005-04-23 12:29:38 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2009-07-11 16:34:58 . 2006-07-14 20:01:08 632107 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.Zip
2009-07-07 01:48:51 . 2009-06-11 00:57:28 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
2009-07-07 01:46:57 . 2005-07-28 00:05:41 0 d-----w- C:\Program Files\Electronic Arts
2009-07-07 01:46:57 . 2005-04-23 12:21:28 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-26 16:50:05 . 2004-08-10 17:51:29 666624 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-06-26 16:50:04 . 2004-08-10 17:51:09 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-16 14:36:30 . 2004-08-10 17:51:26 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-16 14:36:30 . 2004-08-10 17:51:07 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-15 13:15:40 . 2009-05-25 13:45:10 15688 ----a-w- C:\WINDOWS\system32\lsdelete.exe
2009-06-11 03:30:30 . 2006-07-02 21:50:15 0 d-----w- C:\Program Files\Oberon Media
2009-06-11 03:28:28 . 2008-08-15 01:44:00 0 d-----w- C:\Program Files\Common Files\Blizzard Entertainment
2009-06-11 02:08:28 . 2009-06-11 02:07:48 0 d-----w- C:\Program Files\iTunes
2009-06-11 02:07:52 . 2006-04-04 01:45:42 0 d-----w- C:\Program Files\iPod
2009-06-11 02:07:50 . 2007-06-29 23:28:42 0 d-----w- C:\Program Files\Common Files\Apple
2009-06-11 02:05:30 . 2006-04-04 01:47:57 0 d-----w- C:\Program Files\QuickTime
2009-06-11 00:27:27 . 2009-06-11 00:27:27 0 d-----w- C:\Program Files\Microsoft WSE
2009-06-03 19:09:37 . 2004-08-10 17:51:20 1291264 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-05-28 18:16:24 . 2009-05-28 18:16:24 17408 ----a-r- C:\WINDOWS\system32\SZIO5.dll
2009-05-28 18:15:22 . 2009-05-28 18:15:22 294912 ----a-r- C:\WINDOWS\system32\SZBase5.dll
2009-05-28 18:14:56 . 2009-05-28 18:14:56 540672 ----a-r- C:\WINDOWS\system32\SZComp5.dll
2009-05-25 13:14:25 . 2009-05-25 13:15:14 64160 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys
2009-05-12 18:13:12 . 2009-05-12 18:13:12 61328 ----a-r- C:\WINDOWS\system32\drivers\SZKG.sys
2009-05-10 20:51:21 . 2009-05-10 20:51:21 81900 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2009-05-07 15:32:35 . 2004-08-10 17:51:11 345600 ----a-w- C:\WINDOWS\system32\localspl.dll
1999-05-29 12:08:54 . 2008-07-20 01:42:50 90112 ------r- C:\Program Files\rctrec.exe
1999-05-29 12:08:54 . 2008-07-20 01:42:50 45568 ------r- C:\Program Files\UniFish3.exe
1999-05-29 12:08:54 . 2008-07-20 01:42:50 40678 ------r- C:\Program Files\SLOGO.BMP
1999-05-29 12:08:54 . 2008-07-20 01:42:50 308120 ------r- C:\Program Files\SCR256.BMP
1999-05-29 12:08:54 . 2008-07-20 01:42:50 307288 ------r- C:\Program Files\SCR16.BMP
1999-05-29 12:08:54 . 2008-07-20 01:42:50 104398 ------r- C:\Program Files\Llogo.bmp
2009-07-19 10:54:01 . 2009-07-12 05:35:21 137208 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
.
Thanks again for your help.

0

No worries for the help, but that combofix log is incomplete. Can you please post the entire log.

0

Looking at the log combofix created again, this is all that is there. I was worried it did not finish properly, as it appeared to have hung during one of the later steps.

0

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Kaspersky Online Scanner Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

====

Download DDS from the following location:


DDS Tool

Save dds.scr to the desktop

Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

Once you double-click the icon a Windows security warning may also appear asking if you are sure you would like to run the program. Click on the Run button to start DDS. If no warning appeared, then you should just continue.

DDS will now display a small black window providing information as to what DDS is doing on your computer.

DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer. When DDS has finished scanning, all of this information will be compiled and be displayed in two Notepad windows named dds.txt and attach.txt.

You will then be shown a small box giving instructions as to what you should do with these files. Feel free to close this message box by pressing the OK button.

We now need to save the two log files that were created. First click on the DDS.txt window and click on the File menu and then select Save As... menu option.

Save DDS.txt to the desktop. Now click on the Attach.txt Notepad window and save that to the desktop also.

Copy the contents of the DDS.txt log and paste it into your reply here.
Attach the attach.txt log with your reply using Reply to Thread button, then the Manage Attachments button.

0

Ran the EST Scanner and this is the log file it created:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=be83510e6997674c9fec6bbebc7c2602
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-04 03:40:18
# local_time=2009-08-03 11:40:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 37 100 94 11364573906250
# compatibility_mode=5889 61 66 100 737968285312500
# scanned=184240
# found=4
# cleaned=4
# scan_time=6124
C:\Documents and Settings\Administrator\Desktop\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Charlie\My Documents\download\zlsSetup_70_462_000_en.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Charlie\My Documents\download\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SightSpeed\images\AskToolbarInstaller.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I also ran the DDS tool. The DDS.txt log file is below:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Charlie at 23:47:26.35 on Mon 08/03/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1580 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy_2\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\Charlie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;hxxp://localhost;
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~3\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy_2\TeaTimer.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: &AIM Search
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~3\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.pcpitstop.com/pestscan/pestscan.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148755037578
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4650/mcfscan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charlie\applic~1\mozilla\firefox\profiles\i63wfsyi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-25 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-7-21 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-7-21 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-7-21 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090730.003\IDSXpx86.sys [2009-7-30 276344]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-30 353672]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-7-30 464264]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-7-21 115560]
R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-1 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090803.037\NAVENG.SYS [2009-8-3 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090803.037\NAVEX15.SYS [2009-8-3 875728]
S2 boInd;boInd;c:\windows\system32\drivers\dxrtu.sys --> c:\windows\system32\drivers\dxrtu.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-28 66056]
S4 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\drivers\ifp300.sys [2005-5-6 14531]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-08-03 21:43 744 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-01 11:19 <DIR> --dshr-- C:\cmdcons
2009-08-01 11:19 <DIR> --d----- c:\windows\setup.pss
2009-08-01 11:18 <DIR> --d----- c:\windows\setupupd
2009-07-31 00:35 219,648 a------- c:\windows\PEV.exe
2009-07-31 00:35 161,792 a------- c:\windows\SWREG.exe
2009-07-31 00:35 98,816 a------- c:\windows\sed.exe
2009-07-31 00:35 389,120 a------- c:\windows\system32\CF25944.exe
2009-07-31 00:35 <DIR> --d----- C:\ComboFix
2009-07-30 23:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-30 23:10 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-30 22:35 <DIR> --d----- c:\docume~1\charlie\applic~1\Malwarebytes
2009-07-30 17:49 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 17:49 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-30 17:49 <DIR> --d----- c:\program files\charliestuff
2009-07-30 16:15 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-07-30 16:15 350,192 a------- c:\windows\system32\vsconfig.xml
2009-07-24 13:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-07-21 23:02 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-21 20:27 <DIR> --d----- c:\program files\ESET
2009-07-21 20:10 <DIR> --d----- c:\program files\bytemal
2009-07-21 19:00 <DIR> --d----- c:\program files\Norton Support
2009-07-21 19:00 <DIR> --d----- c:\docume~1\charlie\applic~1\Symantec
2009-07-21 18:49 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-21 18:49 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-21 18:49 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-21 18:49 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-21 18:49 <DIR> --d----- c:\program files\Symantec
2009-07-21 18:49 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-07-21 18:49 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-07-21 18:49 <DIR> --d----- c:\program files\Norton AntiVirus
2009-07-21 18:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-21 18:43 <DIR> --d----- c:\program files\NortonInstaller
2009-07-21 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-18 19:08 <DIR> --d----- c:\program files\Trend Micro
2009-07-18 19:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-12 19:56 2,936 a------- C:\rollback.ini
2009-07-12 19:07 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-07-12 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-07-12 18:44 9,088 a---h--t c:\windows\system32\drivers\CrucialSMBusScan.sys
2009-07-12 18:36 <DIR> --d----- c:\docume~1\charlie\applic~1\Sammsoft
2009-07-12 18:36 <DIR> --d----- c:\program files\Advanced Registry Optimizer
2009-07-12 18:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy_3
2009-07-12 11:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-07-12 11:14 <DIR> --d----- c:\program files\STOPzilla!
2009-07-12 11:14 <DIR> --d----- c:\program files\common files\iS3
2009-07-12 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-07-12 09:54 <DIR> --d----- c:\program files\Spybot - Search & Destroy_2
2009-07-11 15:54 <DIR> --d----- c:\program files\Spybot - Search & Destroy

==================== Find3M ====================

2009-07-31 00:20 168 a------- c:\program files\xykow.txt
2009-07-30 16:16 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-18 12:05 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 12:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-06-26 12:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 12:50 666,624 -------- c:\windows\system32\dllcache\wininet.dll
2009-06-26 12:50 620,032 -------- c:\windows\system32\dllcache\urlmon.dll
2009-06-26 12:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-26 12:50 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-15 09:15 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-05-10 16:51 81,900 a---h--- c:\windows\system32\mlfcache.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
1999-05-29 08:08 308,120 -----r-- c:\program files\SCR256.BMP
1999-05-29 08:08 307,288 -----r-- c:\program files\SCR16.BMP
1999-05-29 08:08 104,398 -----r-- c:\program files\Llogo.bmp
1999-05-29 08:08 90,112 -----r-- c:\program files\rctrec.exe
1999-05-29 08:08 45,568 -----r-- c:\program files\UniFish3.exe
1999-05-29 08:08 40,678 -----r-- c:\program files\SLOGO.BMP

============= FINISH: 23:48:51.56 ===============

Here is the attach.txt file:

0

I can see the file you pointed out in the log, but I cannot find it at that location. I have hidden and system files visable, and I let windows search for the file itself and it could not find it. Maybe one of my virus/spyware programs deleted it on this most recent boot??

0

That is possible. The question mark indicates as much, but I wanted to be certain :).

How is the pc going at the moment?

0

It's been generally behaving itself, other than on one of our accounts, the background wallpaper cannot be changed - it's always solid blue. Looking online for a solution, I have found it's a common problem after people clean up an infection. Not a big problem. Is there some anti-virus, anti-adware, or firewall you might recommend so we don't go thru this again?

0

Run Mbam within that account. Also, keep Mbam on your system and run it regularly.

0

Thanks to you all for your help. It still seems to be OK.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.