Free Malware Removal Forum

[ebenezercm]

Dear km2357

I am just off for the weekend, but will be back at my PC on Sunday night or (more likely) Monday night; I'll do all this then.

Thank you again :-)

ebenezercm

[km2357]

Ok, thanks for letting me know.

[ebenezercm]

I am back at my computer now, but get the following error message when I attempt to run ComboFix:

"ComboFix is Offline.
Please visit http://download.bleepingcomputer.com/sUBs/ComboFix.html"

This in turn says:

"ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again.

We will also announce when ComboFix is available on our Twitter and Facebook pages."

So I won't be able to do anything until ComboFix is available for use again.
Sorry!

I will keep trying bleepingcomputer.com for further information.

Regards

ebenezercm

[km2357]

So I won't be able to do anything until ComboFix is available for use again.
Sorry!

No problem. While we wait for ComboFix to come back online, I'd like for you to do the following:


Registry Cleaners

Re. RegCure 2.0.0.0

Registry Mechanic 5.1

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners:

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

I recommend that you uninstall RegCure 2.0.0.0
and
Registry Mechanic 5.1 from your computer.



Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6u17.
• Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Remove the following old versions of Java:
  
  
• Java(TM) 6 Update 15
  
  
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
  
• From your desktop double-click on the download to install the newest version.

Step # 2 Run CCleaner

CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

• Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 24 hours
• Then select the items you wish to clean up.
  
• In the Windows Tab:
  
• Clean all entries in the Internet Explorer section except Cookies
• Clean all the entries in the Windows Explorer section
• Clean all entries in the System section
• Clean all entries in the Advanced section
• Clean any others that you choose
  
• In the Applications Tab:
  
• Clean all except cookies in the Firefox/Mozilla section if you use it
• Clean all in the Opera section if you use it
• Clean Sun Java in the Internet Section
• Clean any others that you choose
  
• Click the Run Cleaner button.
• A pop up box will appear advising this process will permanently delete files from your system.
• Click OK and it will scan and clean your system.
• Click exit when done.
• If it asks you to reboot at the end, click NO

Step # 3 Run Malwarebytes' Anti-Malware

• Launch Malwarebytes' Anti-Malware.
• Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
• Next click the Scanner tab and select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• You can also access the log by doing the following:
  
• Click on the Malwarebytes' Anti-Malware icon to launch the program.
• Click on the Logs tab.
• Click on the log at the bottom of those listed to highlight it.
• Click Open.

In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. A fresh DDS Log

[ebenezercm]

Hi km2357

I have carried out all your instructions.

The DDS logs and MalwareBytes log are given below.

Regards

ebenezercm

PS ComboFix is still unavailable.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Catherine Ebenezer at 23:34:12.57 on 15/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1356 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Catherine Ebenezer\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mytalktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search 2\toolbar\ToolbarContainer101000311.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Copernic Desktop Search - Home] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\cather~1\startm~1\programs\startup\mailwasherpro.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin wireless g desktop card client utility.lnk - c:\program files\belkin\pci f5d700f\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0000.1082\en-gb\msntb.dll/search.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\msn toolbar suite\tab\02.05.0001.1119\en-gb\msntabres.dll/229?8017d8bca7149e3af795426fbe7958a
IE: Open in new foreground tab - c:\program files\msn toolbar suite\tab\02.05.0001.1119\en-gb\msntabres.dll/230?8017d8bca7149e3af795426fbe7958a
IE: {1F958B09-3312-7f0e-9723-4C1324C57B20} - c:\program files\internet radio\Radio.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE}
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: bloglines.com\www
Trusted Zone: emeraldinsight.com\www
Trusted Zone: manchester.ac.uk\blackboard
Trusted Zone: netskills.ac.uk\server
Trusted Zone: rcm.org.uk\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cather~1\applic~1\mozilla\firefox\profiles\bgnku8kf.default\
FF - prefs.js: browser.search.selectedEngine - Copernic
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
FF - prefs.js: keyword.URL - hxxp://search.copernic.com/query21/?c=w ... addrbar&q=
FF - component: c:\program files\copernic desktop search 2\firefoxconnector\components\CSPXPCOMBridge.dll
FF - component: c:\program files\copernic desktop search 2\toolbar\firefoxcontainer\components\CCLCXPCOMBridge.dll
FF - plugin: c:\documents and settings\catherine ebenezer\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-23 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-11 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-6-11 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-6-11 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-6-11 159600]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-11-19 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-11-19 334568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-11-19 967912]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-11 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-11 1097096]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.SYS [2008-4-9 303616]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-6-11 64392]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-6-11 33056]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-7-16 2077840]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 H8042t;H8042t; [x]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
S3 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-10-19 77312]

=============== Created Last 30 ================

2009-12-15 23:04:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-10 22:24:27 0 d-sha-r- C:\cmdcons
2009-12-10 22:19:47 77312 ----a-w- c:\windows\MBR.exe
2009-12-10 22:19:47 261632 ----a-w- c:\windows\PEV.exe
2009-11-24 23:15:46 389120 ----a-w- c:\windows\system32\cmd.execf
2009-11-24 07:24:46 0 d-----w- c:\program files\Malware Removal Tool
2009-11-23 20:45:45 0 d-----w- c:\program files\iPod
2009-11-23 20:45:09 0 d-----w- c:\program files\iTunes
2009-11-23 20:32:34 0 d-----w- c:\docume~1\cather~1\applic~1\Malwarebytes
2009-11-23 20:32:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-23 20:31:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 20:31:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-23 08:45:08 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-23 01:03:37 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-23 01:02:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-23 00:59:26 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

==================== Find3M ====================

2009-12-15 23:04:16 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2001-11-23 04:08:20 712704 -c--a-w- c:\windows\inf\other\AUDIO3D.DLL
2007-11-30 00:04:58 88 -csha-r- c:\windows\system32\C30676C5FC.sys
2007-11-30 00:06:48 3140 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-17 21:59:34 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 23:37:19.17 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/06/2009 00:23:36
System Uptime: 15/12/2009 22:32:59 (1 hours ago)

Motherboard: | | P4i65GV
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | mPGA478 | 2796/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 72 GiB total, 43.319 GiB free.
D: is FIXED (NTFS) - 76 GiB total, 55.544 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT

==== System Restore Points ===================

RP69: 02/11/2009 21:23:31 - System Checkpoint
RP70: 04/11/2009 20:30:22 - System Checkpoint
RP71: 12/11/2009 23:21:49 - Software Distribution Service 3.0
RP72: 20/11/2009 12:28:17 - System Checkpoint
RP73: 20/11/2009 18:52:58 - Installed Rapport
RP74: 22/11/2009 11:51:05 - Installed Rapport
RP75: 23/11/2009 12:01:58 - System Checkpoint
RP76: 23/11/2009 21:50:53 - 231109CME
RP77: 24/11/2009 23:22:45 - Software Distribution Service 3.0
RP78: 03/12/2009 20:02:53 - System Checkpoint
RP79: 09/12/2009 01:33:42 - System Checkpoint
RP80: 09/12/2009 21:53:42 - Software Distribution Service 3.0
RP81: 15/12/2009 21:35:17 - Removed Java(TM) 6 Update 14
RP82: 15/12/2009 22:39:11 - Installed Java(TM) 6 Update 17
RP83: 15/12/2009 22:41:28 - Installed Java(TM) 6 Update 17
RP84: 15/12/2009 23:04:09 - Installed Java(TM) 6 Update 17

==== Installed Programs ======================


3 USB Modem
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe PDF IFilter 6.0
Adobe Reader 8.1.7
Adobe® Photoshop® Album Starter Edition 3.0
AM-DeadLink 3.2
AnyTV 2.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
AutoStreamer
Bayden SlickRun (remove only)
Belarc Advisor 7.1
Belkin Wireless G Desktop Card Driver and Utility
BlueSoleil
Bonjour
C-Media 3D Audio
C-Media WDM Audio Driver
Cacheman 5.50
CCleaner
CDDRV_Installer
Citeknet HLP IFilter
Clipboard Help+Spell 1.16.01
CoffeeCup Free FTP
CoffeeCup Free Zip Wizard
Compatibility Pack for the 2007 Office system
Copernic Desktop Search - Home
Debugging Tools for Windows (x86)
DebugMode Wink
deskPDF 2.5 Standard Edition
Docudesk GPL Ghostscript 8.15
Dragon NaturallySpeaking 9
DropToCD (DataCD/DVD) v3.25
EasyPHP 1.8
EPSON Copy Utility
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
EyeBrowse
Flash Designer 4
FW LiveUpdate
GIMPshop 2.2.8
Google Chrome
Graphics Converter Pro v7.9x
GTK+ 2.6.8-1 runtime environment
HDD Health v2.1 Beta
HijackThis 2.0.2
Home Media Server 4.0.0.0072
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HTML-Kit
HTML Help Workshop
i-Speeder
IBM ViaVoice 98 Executive Edition - UK English
IFilterShop Zip IFilter WE 1.2 (remove only)
Insert Table Data 1.0
Intel(R) Extreme Graphics 2 Driver
Internet Radio
IrfanView (remove only)
iTunes
Java(TM) 6 Update 17
Jing
KhalInstallWrapper
LivePerson Expert Messenger
Logitech SetPoint
Logitech Updater
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
MailWasher Pro
Malware Removal Tool
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Medium Business Guide for Backup and Recovery v1.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Expression Web Designer Beta 1
Microsoft Expression Web Designer MUI (English) Beta 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Small Business
Microsoft Office FrontPage 2003
Microsoft Office Outlook 2003 Calendar Views Add-in
Microsoft Office Outlook SMS Add-in
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007 (Beta)
Microsoft Office Proof (French) 2007 (Beta)
Microsoft Office Proof (Spanish) 2007 (Beta)
Microsoft Office Shared MUI (English) 2007 (Beta)
Microsoft Silverlight
Microsoft Speech API 3.0
Microsoft SQL Server Native Client
Microsoft Tool Web Package : EXCTRLST.EXE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
Microsoft Visual C Runtime
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2005 Express Edition - ENU
Microsoft Visual J# 2005 Express Edition - ENU Service Pack 1 (KB926750)
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 8 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
OneCare Advisor (Windows Live Toolbar)
Paint Shop Pro 6.0 (CD-ROM)
Panda NanoScan
PC Alert 4
PC Pitstop Disk MD 2.0
PC Pitstop Driver Alert 1.0
PC Pitstop Exterminate2 2.0
PC Pitstop Optimize 1.5
PC Pitstop Optimize3 3.0
Platform
Popup Blocker (Windows Live Toolbar)
PowerDVD
PremiumSoft Navicat 2004
PrepLogic CompTIA A+ Core Hardware
ProSavageDDR and Utilities
QuickTime
Rapport
RealPlayer
Remove Hidden Data Tool
RTLSetup for Realtek RTL8139/810x Family NIC 3.00
S3Display
S3Gamma2
S3Info2
S3Overlay
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
SiSoftware Sandra Lite XII.SP1
Skype web features
Skype™ 4.1
Smart Menus (Windows Live Toolbar)
Spyware Doctor 6.0
Sun(TM) Download Manager 2.0
SUPERAntiSpyware Free Edition
TalkTalk Assist & Go
The GIMP 2.2.8
UBCD4Win 3.22
Uninstall Startup Inspector
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WampServer 2.0
WebEx
WebFldrs XP
Windows Defender
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Driver Package - Realtek Semiconductor Corp. (RTL8023xp) Net (03/25/2009 5.719.0325.2009)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Local Add-in for Microsoft Office Outlook
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows Support Tools
Windows XP Service Pack 3
WinPatrol 2009
WinZip
Wise Disk Cleaner 2.9.1
XML Paper Specification Shared Components Pack 1.0
XPS Essentials Pack 1.0

==== Event Viewer Messages From Past Week ========

15/12/2009 21:32:03, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
14/12/2009 21:25:35, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
11/12/2009 17:04:49, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ThreatFire service to connect.
11/12/2009 17:04:49, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/12/2009 20:49:20, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 1 time(s).
09/12/2009 20:49:20, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
08/12/2009 23:48:20, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
08/12/2009 23:29:38, error: PSched [14103] - QoS [Adapter {4EC3314A-D210-4B86-9ACB-9B4F5E9F4F46}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
08/12/2009 22:08:36, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
08/12/2009 22:08:36, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/12/2009 22:06:06, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

==== End Of File ===========================

Malwarebytes' Anti-Malware 1.41
Database version: 3219
Windows 5.1.2600 Service Pack 3

24/11/2009 22:11:10
mbam-log-2009-11-24 (22-11-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 340320
Time elapsed: 1 hour(s), 24 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Downloads\sdm-2_0-windows-i586.exe (Adware.EShoper) -> Quarantined and deleted successfully.

[km2357]

You didn't update MalwareBytes', you posted your old log again.

You need to do the following step again:


Step # 1 Run Malwarebytes' Anti-Malware

• Launch Malwarebytes' Anti-Malware.
• Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
• Next click the Scanner tab and select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• You can also access the log by doing the following:
  
• Click on the Malwarebytes' Anti-Malware icon to launch the program.
• Click on the Logs tab.
• Click on the log at the bottom of those listed to highlight it.
• Click Open.

[ebenezercm]

So sorry; my silly mistake. Here is yesterday's Malwarebytes log:

Malwarebytes' Anti-Malware 1.42
Database version: 3369
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

15/12/2009 23:33:09
mbam-log-2009-12-15 (23-33-09).txt

Scan type: Quick Scan
Objects scanned: 121145
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Regards

ebenezercm

[km2357]

ComboFix has become available again. You can download it from the following link:

http://download.bleepingcomputer.com/sU ... ttyFix.exe

Be sure to save it to your Desktop.

Once its saved, drag and drop the CFScript.txt you created earlier from this post into KittyFix.exe and let ComboFix run.

Once its done, post the resulting ComboFix Log in your next post/reply.

[ebenezercm]

Hi km2357

Here is the log you asked for:

ComboFix 09-12-17.01 - Catherine Ebenezer 17/12/2009 23:39:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1448 [GMT 0:00]
Running from: c:\documents and settings\Catherine Ebenezer\Desktop\KittyFix.exe
Command switches used :: c:\documents and settings\Catherine Ebenezer\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8042T
-------\Legacy_IMAPISERVICE
-------\Service_H8042t
-------\Service_ImapiService


((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-15 22:40 . 2009-12-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-24 07:24 . 2009-11-24 07:24 -------- d-----w- c:\program files\Malware Removal Tool
2009-11-23 20:45 . 2009-11-23 20:45 -------- d-----w- c:\program files\iPod
2009-11-23 20:45 . 2009-11-23 20:47 -------- d-----w- c:\program files\iTunes
2009-11-23 20:32 . 2009-11-23 20:32 -------- d-----w- c:\documents and settings\Catherine Ebenezer\Application Data\Malwarebytes
2009-11-23 20:32 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-23 20:31 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 20:31 . 2009-11-23 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-23 08:45 . 2009-11-23 01:01 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-23 01:03 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-23 01:02 . 2009-11-23 01:01 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-23 00:59 . 2009-11-23 00:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-23 00:59 . 2009-11-23 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-20 18:53 . 2009-11-20 18:53 -------- d-----w- c:\documents and settings\Default User\Application Data\Trusteer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 23:51 . 2006-07-02 22:19 -------- d-----w- c:\documents and settings\Catherine Ebenezer\Application Data\MailWasherPro
2009-12-17 23:37 . 2006-12-13 21:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-17 23:37 . 2006-07-03 21:04 -------- d-----w- c:\program files\Spyware Doctor
2009-12-15 23:08 . 2009-06-12 05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 23:07 . 2009-12-15 23:07 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-15 23:04 . 2008-11-24 23:02 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-12-15 23:04 . 2009-06-06 18:46 -------- d-----w- c:\program files\Java
2009-12-15 23:03 . 2009-12-15 22:38 152576 ----a-w- c:\documents and settings\Catherine Ebenezer\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 21:47 . 2007-04-19 22:52 -------- d-----w- c:\program files\CCleaner
2009-12-09 22:01 . 2006-07-02 22:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-09 20:46 . 2009-06-11 21:01 117760 -c--a-w- c:\documents and settings\Catherine Ebenezer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-03 22:01 . 2006-07-02 22:34 -------- d-----w- c:\documents and settings\Catherine Ebenezer\Application Data\Lavasoft
2009-11-23 21:37 . 2006-10-11 20:27 -------- d-----w- c:\program files\PCPitstop
2009-11-23 20:45 . 2008-06-25 20:51 -------- d-----w- c:\program files\Common Files\Apple
2009-11-23 20:33 . 2008-01-16 23:06 -------- d-----w- c:\program files\QuickTime
2009-11-23 20:25 . 2009-11-23 20:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-23 00:59 . 2006-07-02 22:34 -------- d-----w- c:\program files\Lavasoft
2009-11-20 23:25 . 2006-07-05 22:22 -------- d-----w- c:\program files\Paint Shop Pro 6
2009-11-05 17:04 . 2009-10-12 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-10-21 05:38 . 2009-02-03 23:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2009-02-03 23:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2009-02-03 23:49 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 22:11 . 2008-05-12 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-10-19 21:56 . 2007-12-27 21:12 -------- d-----w- c:\program files\DIFX
2009-10-19 21:07 . 2006-07-22 11:28 -------- d-----w- c:\documents and settings\Catherine Ebenezer\Application Data\Apple Computer
2009-10-19 20:19 . 2009-10-19 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-19 20:16 . 2009-10-19 20:16 -------- d-----w- c:\program files\Bonjour
2009-10-19 20:11 . 2009-10-19 20:11 -------- d-----w- c:\program files\Apple Software Update
2009-10-13 10:30 . 2009-06-09 22:40 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2009-06-09 22:40 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2009-06-09 22:40 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-03 08:15 . 2009-11-23 00:59 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2007-11-30 00:04 . 2007-11-26 22:14 88 -csha-r- c:\windows\system32\C30676C5FC.sys
2007-11-30 00:06 . 2007-11-26 22:07 3140 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2009-03-19 1602048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-15 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-08-11 433424]

c:\documents and settings\Catherine Ebenezer\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2006-7-2 5661696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Desktop Card Client Utility.lnk - c:\program files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe [2008-4-9 1556480]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-6 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Catherine Ebenezer^Start Menu^Programs^Startup^LivePerson Expert Messenger.lnk]
backup=c:\windows\pss\LivePerson Expert Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Catherine Ebenezer^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\Catherine Ebenezer\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Catherine Ebenezer^Start Menu^Programs^Startup^WindowsSearch.exe.lnk]
backup=c:\windows\pss\WindowsSearch.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Catherine Ebenezer^Start Menu^Programs^Startup^World Community Grid Agent.lnk]
backup=c:\windows\pss\World Community Grid Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 16:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 -c--a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2009-07-15 18:40 692340 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-10 09:45 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-03-25 14:33 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2006-11-28 01:12 2658304 -c--a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
2008-03-26 16:40 2577120 -c--a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Disk MD Registration Reminder]
2008-01-17 14:07 1012952 ----a-w- c:\program files\PCPitstop\Disk MD\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-15 23:04 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
2007-10-12 09:33 202016 -c--a-w- c:\program files\TalkTalk\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2009-03-17 13:24 713744 -c--a-w- c:\windows\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtsvc.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\FireTrust\\MailWasher Pro\\MailWasher.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/11/2009 01:03 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/06/2009 18:57 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/06/2009 18:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/06/2009 18:59 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/06/2009 18:58 159600]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [19/11/2009 09:50 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [19/11/2009 09:50 334568]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 09:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 09:05 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1184912]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [19/11/2009 09:50 967912]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.SYS [09/04/2008 19:49 303616]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [16/07/2009 21:05 2077840]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/06/2009 18:57 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 09:05 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/06/2009 18:57 348752]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/06/2009 18:59 33056]
S3 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [19/10/2009 21:25 77312]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?8017d8bca7149e3af795426fbe7958a
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?8017d8bca7149e3af795426fbe7958a
IE: {{1F958B09-3312-7f0e-9723-4C1324C57B20} - c:\program files\Internet Radio\Radio.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: bloglines.com\www
Trusted Zone: emeraldinsight.com\www
Trusted Zone: manchester.ac.uk\blackboard
Trusted Zone: netskills.ac.uk\server
Trusted Zone: rcm.org.uk\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Catherine Ebenezer\Application Data\Mozilla\Firefox\Profiles\bgnku8kf.default\
FF - prefs.js: browser.search.selectedEngine - Copernic
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
FF - prefs.js: keyword.URL - hxxp://search.copernic.com/query21/?c=w ... addrbar&q=
FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - component: c:\program files\Copernic Desktop Search 2\Toolbar\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - plugin: c:\documents and settings\Catherine Ebenezer\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 23:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1072)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\brss01a.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-12-18 00:00:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 00:00
ComboFix2.txt 2009-12-10 22:35
ComboFix3.txt 2009-06-12 05:37

Pre-Run: 46,680,301,568 bytes free
Post-Run: 46,629,683,200 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 5779DAD5DEB2C5D571B90C3B23743663

[ebenezercm]

Hi km2357

Here is the log you asked for:

ComboFix 09-12-17.01 - Catherine Ebenezer 17/12/2009 23:39:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1448 [GMT 0:00]
Running from: c:\documents and settings\Catherine Ebenezer\Desktop\KittyFix.exe
Command switches used :: c:\documents and settings\Catherine Ebenezer\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8042T
-------\Legacy_IMAPISERVICE
-------\Service_H8042t
-------\Service_ImapiService


((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-15 22:40 . 2009-12-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-24 07:24 . 2009-11-24 07:24 -------- d-----w- c:\program files\Malware Removal Tool
2009-11-23 20:45 . 2009-11-23 20:45 -------- d-----w- c:\program files\iPod
2009-11-23 20:45 . 2009-11-23 20:47 -------- d-----w- c:\program files\iTunes
2009-11-23 20:32 . 2009-11-23 20:32 -------- d-----w- c:\documents and settings\Catherine Ebenezer\Application Data\Malwarebytes
2009-11-23 20:32 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-23 20:31 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 20:31 . 2009-11-23 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-23 08:45 . 2009-11-23 01:01 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-23 01:03 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-23 01:02 . 2009-11-23 01:01 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-23 00:59 . 2009-11-23 00:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-23 00:59 . 2009-11-23 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-20 18:53 . 2009-11-20 18:53 -------- d-----w- c:\documents and settings\Default User\Application Data\Trusteer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 23:51 . 2006-07-02 22:19 -------- d-----w- c:\documents and settings\Catherine Ebenezer\Application Data\MailWasherPro
2009-12-17 23:37 . 2006-12-13 21:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-17 23:37 . 2006-07-03 21:04 -------- d-----w- c:\program files\Spyware Doctor
2009-12-15 23:08 . 2009-06-12 05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 23:07 . 2009-12-15 23:07 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-15 23:04 . 2008-11-24 23:02 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-12-15 23:04 . 2009-06-06 18:46 -------- d-----w- c:\program files\Java
2009-12-15 23:03 . 2009-12-15 22:38 152576 ----a-w- c:\documents and settings\Catherine Ebenezer\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 21:47 . 2007-04-19 22:52 -------- d-----w- c:\program files\CCleaner
2009-12-09 22:01 . 2006-07-02 22:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-09 20:46 . 2009-06-11 21:01 117760 -c--a-w- c:\documents and settings\Catherine Ebenezer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-03 22:01 . 2006-07-02 22:34 -------- d-----w- c:\documents and settings\Catherine Ebenezer\Application Data\Lavasoft
2009-11-23 21:37 . 2006-10-11 20:27 -------- d-----w- c:\program files\PCPitstop
2009-11-23 20:45 . 2008-06-25 20:51 -------- d-----w- c:\program files\Common Files\Apple
2009-11-23 20:33 . 2008-01-16 23:06 -------- d-----w- c:\program files\QuickTime
2009-11-23 20:25 . 2009-11-23 20:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-23 00:59 . 2006-07-02 22:34 -------- d-----w- c:\program files\Lavasoft
2009-11-20 23:25 . 2006-07-05 22:22 -------- d-----w- c:\program files\Paint Shop Pro 6
2009-11-05 17:04 . 2009-10-12 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-10-21 05:38 . 2009-02-03 23:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2009-02-03 23:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2009-02-03 23:49 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 22:11 . 2008-05-12 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-10-19 21:56 . 2007-12-27 21:12 -------- d-----w- c:\program files\DIFX
2009-10-19 21:07 . 2006-07-22 11:28 -------- d-----w- c:\documents and settings\Catherine Ebenezer\Application Data\Apple Computer
2009-10-19 20:19 . 2009-10-19 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-19 20:16 . 2009-10-19 20:16 -------- d-----w- c:\program files\Bonjour
2009-10-19 20:11 . 2009-10-19 20:11 -------- d-----w- c:\program files\Apple Software Update
2009-10-13 10:30 . 2009-06-09 22:40 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2009-06-09 22:40 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2009-06-09 22:40 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-03 08:15 . 2009-11-23 00:59 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2007-11-30 00:04 . 2007-11-26 22:14 88 -csha-r- c:\windows\system32\C30676C5FC.sys
2007-11-30 00:06 . 2007-11-26 22:07 3140 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2009-03-19 1602048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-15 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-08-11 433424]

c:\documents and settings\Catherine Ebenezer\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2006-7-2 5661696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Desktop Card Client Utility.lnk - c:\program files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe [2008-4-9 1556480]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-6 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Catherine Ebenezer^Start Menu^Programs^Startup^LivePerson Expert Messenger.lnk]
backup=c:\windows\pss\LivePerson Expert Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Catherine Ebenezer^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\Catherine Ebenezer\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Catherine Ebenezer^Start Menu^Programs^Startup^WindowsSearch.exe.lnk]
backup=c:\windows\pss\WindowsSearch.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Catherine Ebenezer^Start Menu^Programs^Startup^World Community Grid Agent.lnk]
backup=c:\windows\pss\World Community Grid Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 16:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 -c--a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2009-07-15 18:40 692340 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-10 09:45 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-03-25 14:33 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2006-11-28 01:12 2658304 -c--a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
2008-03-26 16:40 2577120 -c--a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Disk MD Registration Reminder]
2008-01-17 14:07 1012952 ----a-w- c:\program files\PCPitstop\Disk MD\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-15 23:04 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
2007-10-12 09:33 202016 -c--a-w- c:\program files\TalkTalk\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2009-03-17 13:24 713744 -c--a-w- c:\windows\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtsvc.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\FireTrust\\MailWasher Pro\\MailWasher.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/11/2009 01:03 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/06/2009 18:57 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/06/2009 18:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/06/2009 18:59 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/06/2009 18:58 159600]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [19/11/2009 09:50 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [19/11/2009 09:50 334568]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 09:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 09:05 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1184912]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [19/11/2009 09:50 967912]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.SYS [09/04/2008 19:49 303616]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [16/07/2009 21:05 2077840]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/06/2009 18:57 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 09:05 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/06/2009 18:57 348752]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/06/2009 18:59 33056]
S3 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [19/10/2009 21:25 77312]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?8017d8bca7149e3af795426fbe7958a
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?8017d8bca7149e3af795426fbe7958a
IE: {{1F958B09-3312-7f0e-9723-4C1324C57B20} - c:\program files\Internet Radio\Radio.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: bloglines.com\www
Trusted Zone: emeraldinsight.com\www
Trusted Zone: manchester.ac.uk\blackboard
Trusted Zone: netskills.ac.uk\server
Trusted Zone: rcm.org.uk\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Catherine Ebenezer\Application Data\Mozilla\Firefox\Profiles\bgnku8kf.default\
FF - prefs.js: browser.search.selectedEngine - Copernic
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
FF - prefs.js: keyword.URL - hxxp://search.copernic.com/query21/?c=w ... addrbar&q=
FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - component: c:\program files\Copernic Desktop Search 2\Toolbar\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - plugin: c:\documents and settings\Catherine Ebenezer\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 23:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1072)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\brss01a.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-12-18 00:00:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 00:00
ComboFix2.txt 2009-12-10 22:35
ComboFix3.txt 2009-06-12 05:37

Pre-Run: 46,680,301,568 bytes free
Post-Run: 46,629,683,200 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 5779DAD5DEB2C5D571B90C3B23743663

[km2357]

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

• First, go to Add/Remove Programs and uninstall Adobe Reader 8.1.6.
• Please go to this link Adobe Acrobat Reader Download Link
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.2.0 is a large program and if you prefer a smaller program you can get Foxit 3.1.4 instead from http://www.foxitsoftware.com/pdf/rd_intro.php

If you decide to install Foxit 3.1.4 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay



Step # 2: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

In your next post/reply, I need to see the following:

1. Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?

[km2357]

ebenezercm? How are things coming along?

[NonSuch]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.