juliamail

OK, I was told to run dds.scr and gmer.exe. Here are the results.
I've attached ark.zip and attach.zip

I bought a laptop of ebay, at first I could access the internet OK by installing Mozilla firefox and Proxim wifi card, then 2 weeks later, I had problems. I think the previous owner sold it because he could not fix the virus problem. I did install and delete Comodo Firewall (browsing was so slow after Comodo install), then install FireZone alarm. This is HP Omnibook 900, no CD drive, no floppy drive. Windows XP Home, File system is FAT32, so every user account is an administrator.
I could get into yahoo.com, but when I click on a link, it open yahoo.com/8 inches of garbled text and displayed no page found. Same thing with gmail, cnn. I could get into the main page and then anything after that, link would be "page not found" error. I could get into ebay OK at first, but not anymore. If I delete all browsing history and type yahoo, it will find yahoo again, but it will display the same error when I click on a link. Spybot program cannot load and Malwarebytes full scan stated no virus found. I mainly surf and update websites, and I"m using the library computer right now. What to do?

This is the DDS.txt content


DDS (Ver_09-07-30.01) - FAT32x86
Run by Joe at 18:42:01.84 on Mon 09/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191.55 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skyline\Skyline.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joe\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://home.peoplepc.com/search
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\skylin~1.lnk - c:\program files\skyline\Skyline.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: download.com\www
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186162708075

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joe\applic~1\mozilla\firefox\profiles\yyb3w4kg.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R3 Maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\essm2e.sys [2006-6-21 137600]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2009-3-14 46108]
S3 cem56;Xircom CreditCard 10/100 + Modem 56 Network;c:\windows\system32\drivers\cem56n5.sys [2006-6-21 49182]
S3 PROX11A;Skyline 802.11a Network Adapter Service;c:\windows\system32\drivers\Prox11a.sys [2009-9-20 237367]

=============== Created Last 30 ================

2009-09-20 15:56 3,240 a------- c:\windows\system32\PerfStringBackup.TMP
2009-09-20 15:49 237,367 a----r-- c:\windows\system32\drivers\Prox11a.sys
2009-09-20 15:44 61,440 a------- c:\windows\system32\W32N50.dll
2009-09-20 15:44 16,292 a------- c:\windows\system32\Pcandis5.sys
2009-09-20 15:44 16,112 a------- c:\windows\system32\PCANDIS4.sys
2009-09-20 15:44 <DIR> --d----- c:\program files\Skyline
2009-09-20 15:39 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-20 15:25 <DIR> --d----- c:\program files\Qwest
2009-09-20 15:25 <DIR> --d----- c:\program files\PhoTags Express
2009-09-15 00:39 <DIR> --d----- c:\windows\pss
2009-09-10 09:41 <DIR> --dsh--- C:\FOUND.008
2009-09-08 13:39 256,192 a------- c:\windows\winhelp.exe
2009-09-01 19:03 <DIR> --d----- c:\program files\Advanced PDF to HTML converter
2009-09-01 18:57 <DIR> --d----- c:\program files\SomePDF
2009-09-01 17:15 <DIR> --d----- c:\docume~1\joe\applic~1\GetRightToGo
2009-08-31 17:38 <DIR> --d----- c:\program files\Runtime Software
2009-08-31 10:53 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-31 10:52 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-31 10:52 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-31 10:52 <DIR> --d----- c:\program files\Zone Labs
2009-08-31 10:52 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-31 10:50 <DIR> --d----- c:\windows\Internet Logs
2009-08-30 15:09 16,664 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-30 15:04 272 a------- c:\windows\system32\drivers\sfi.dat
2009-08-30 14:15 <DIR> --d----- c:\program files\Skyline(2)
2009-08-24 21:09 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-24 20:57 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-24 20:46 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-24 20:37 <DIR> --d----- c:\program files\Mozilla Firefox(2)

==================== Find3M ====================

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-19 07:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 07:33 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-29 05:07 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 05:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 02:35 634,632 a------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 02:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 02:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 18:43:00.78 ===============

Attached Files

	ark.zip (112 Bytes, 1 views)
	Attach.zip (3.2 KB, 1 views)

juliamail

Bumped topic, can somebody take a look at the log and tell me what to do next. Thanks

juliamail

Bumped again, can somebody take a look at the logs and tell me what to do next

Ried

Hello juliamail,

As mentioned in our pre-posting topic, do not repeatedly bump your own thread. Patience for this free service is appreciated.
The ark.txt you posted is empty. Please run a new scan with gmer using the configuration as mentioned in the pre-posting topic. You'll have to save the scan as "ark2.txt" or you'll receive an error when you try to attach it.

I'd also like to see a fresh dds.txt please.

juliamail

Attached is the second run for dds, ark and attach
The ark.txt file is empty.



DDS (Ver_09-07-30.01) - FAT32x86
Run by Joe at 18:45:30.77 on Mon 10/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191.70 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skyline\Skyline.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joe\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://home.peoplepc.com/search
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\skylin~1.lnk - c:\program files\skyline\Skyline.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: download.com\www
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186162708075

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R3 Maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\essm2e.sys [2006-6-21 137600]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2009-3-14 46108]
S3 cem56;Xircom CreditCard 10/100 + Modem 56 Network;c:\windows\system32\drivers\cem56n5.sys [2006-6-21 49182]
S3 PROX11A;Skyline 802.11a Network Adapter Service;c:\windows\system32\drivers\Prox11a.sys [2009-9-20 237367]

=============== Created Last 30 ================

2009-09-20 15:56 3,240 a------- c:\windows\system32\PerfStringBackup.TMP
2009-09-20 15:49 237,367 a----r-- c:\windows\system32\drivers\Prox11a.sys
2009-09-20 15:44 61,440 a------- c:\windows\system32\W32N50.dll
2009-09-20 15:44 16,292 a------- c:\windows\system32\Pcandis5.sys
2009-09-20 15:44 16,112 a------- c:\windows\system32\PCANDIS4.sys
2009-09-20 15:44 <DIR> --d----- c:\program files\Skyline
2009-09-20 15:39 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-20 15:25 <DIR> --d----- c:\program files\Qwest
2009-09-20 15:25 <DIR> --d----- c:\program files\PhoTags Express
2009-09-15 00:39 <DIR> --d----- c:\windows\pss
2009-09-10 09:41 <DIR> --dsh--- C:\FOUND.008
2009-09-08 13:39 256,192 a------- c:\windows\winhelp.exe

==================== Find3M ====================

2009-08-31 10:53 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-30 15:09 16,664 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-30 15:04 272 a------- c:\windows\system32\drivers\sfi.dat
2009-07-19 07:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 07:33 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll

============= FINISH: 18:46:28.41 ===============

Attached Files

	Attachtxt.zip (2.3 KB, 0 views)
	ark.zip (112 Bytes, 0 views)

Ried

Thank you, juliamail.

I'm not seeing any malware in the logs. You mentioned Spybot won't load - what happens when you try to launch it? Do these same symptoms occur in Safe Mode or Safe Mode with networking?

juliamail

I read instructions from other websites, so I ran the comedian, some other software, pc tools antivirus and then malwarebyte. Malwarebyte removed 1 program. So far, yahoo mail comes up OK. I will have to install a firewall and update PC tools antivirus before browsing more websites. Laptop seems OK now.

Ried

What 'some other software' did you run?