Had a problem at the weekend when Norton 360 upgrade went a bit funny. Then I couldn't get access to update, and then found that I could not get internet access to microsoft.com, and access to all anti-virus sites was blocked. All other site OK - e.g. amazon, bbc.
If I am in safe mode I can access all sites, and download.

Some threads (not here) say it could be the firewall settings, so thinking it might be Norton, I completely removed Norton using the removal tool.

From another machine I downloaded Malwarebytes, installed, and updated in safe mode. Also downloaded Superantivirus, and installed.

Re-booted machine, and ran full scan of Malwarebytes nothing found. Then ran Superantivirus - nothing found.

I now see from a previous post that I should have run both programs in safe mode.

Are there any other instructions I should try.

Thanks.

Only Super should be run in Safe Mode.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Download HijackThis:
HijackThis - Trend Micro USA
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

Hi Broni,

I've followed your instructions, and produced two logs (combofix and hijackthis).

I'm not home at the moment and linked in remotely (using logmein). Will that cause a problem with the data as it will have been running while combofix was running.

Rannoch

I hope not. Post the logs, please.

ComboFix 09-12-07.09 - Rannoch 08/12/2009 17:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.575 [GMT 0:00]
Running from: c:\documents and settings\Rannoch\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-08 15:05 . 2009-12-08 15:05 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-08 15:05 . 2009-12-08 15:05 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-08 15:05 . 2009-12-08 15:05 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-08 15:05 . 2009-12-08 15:05 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-08 15:05 . 2009-12-08 15:05 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-08 15:02 . 2009-12-08 15:02 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\oeas.dll
2009-12-08 15:02 . 2009-12-08 15:02 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\fssync.dll
2009-12-08 14:50 . 2009-12-08 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-08 14:38 . 2009-12-08 14:38 -------- d-----w- c:\program files\Trend Micro
2009-12-07 17:19 . 2009-12-07 17:19 -------- d-----w- c:\documents and settings\Rannoch\Local Settings\Application Data\ICS
2009-12-07 15:09 . 2009-12-07 15:09 -------- d-----w- c:\documents and settings\Rannoch\Local Settings\Application Data\LogMeIn
2009-12-07 15:09 . 2009-12-07 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-12-07 15:09 . 2009-12-07 15:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-12-07 15:09 . 2009-09-28 19:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc. dll
2009-12-07 15:09 . 2009-09-28 19:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-12-07 15:09 . 2009-09-28 19:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-12-07 15:09 . 2008-08-11 12:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-12-07 15:08 . 2009-09-28 19:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-12-07 15:08 . 2009-12-08 12:29 -------- d-----w- c:\program files\LogMeIn
2009-12-07 14:48 . 2009-12-07 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-07 14:48 . 2009-12-08 14:19 -------- d-----w- c:\documents and settings\Rannoch\Application Data\SUPERAntiSpyware.com
2009-12-07 14:48 . 2009-12-08 14:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-07 13:09 . 2009-12-07 13:09 -------- d-----w- c:\documents and settings\Rannoch\Application Data\AVG8
2009-12-07 12:30 . 2009-12-07 12:32 -------- d-----w- c:\program files\CA
2009-12-07 11:55 . 2009-12-07 11:55 -------- d-----w- c:\documents and settings\Rannoch\Application Data\Malwarebytes
2009-12-07 11:55 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 11:55 . 2009-12-07 13:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 11:55 . 2009-12-07 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-07 11:55 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 00:13 . 2009-12-05 00:13 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-08 17:13 . 2009-12-08 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-08 15:48 . 2006-01-13 21:04 -------- d-----w- c:\program files\Google
2009-12-08 15:02 . 2009-12-08 15:02 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\sys\i386\5.1\klif.sys
2009-12-08 15:02 . 2009-12-08 15:02 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\kloehk.dll
2009-12-08 15:02 . 2009-12-08 15:02 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\mzvkbd3.dll
2009-12-08 15:02 . 2009-12-08 15:02 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\oeas.dll
2009-12-08 15:02 . 2009-12-08 15:02 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\kloehk.dll
2009-12-08 15:02 . 2009-12-08 15:02 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\mzvkbd3.dll
2009-12-08 15:01 . 2009-12-08 15:01 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\fssync.dll
2009-12-08 15:01 . 2009-12-08 15:01 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\sys\i386\5.1\klif.sys
2009-12-08 14:53 . 2009-12-08 14:53 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-08 14:53 . 2009-12-08 14:53 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-08 14:51 . 2009-12-08 14:51 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-08 14:19 . 2006-03-20 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-07 13:04 . 2005-12-04 14:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-07 13:04 . 2008-11-01 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-07 12:17 . 2005-08-24 02:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-07 12:17 . 2005-08-24 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 14:01 . 2009-12-04 16:59 142796 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_ 32_1033.dat
2009-11-27 09:59 . 2009-09-23 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-27 09:54 . 2009-09-23 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-11-26 14:23 . 2005-08-24 02:02 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-11-17 16:00 . 2005-12-17 23:50 1774 -c--a-w- c:\documents and settings\Rannoch\Application Data\wklnhst.dat
2009-11-04 19:28 . 2007-05-29 13:24 -------- d-----w- c:\program files\Java
2009-11-04 19:27 . 2009-11-04 19:27 152576 ----a-w- c:\documents and settings\Rannoch\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-20 20:34 . 2009-10-20 20:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-16 10:05 . 2005-08-24 02:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-14 21:18 . 2009-10-14 21:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-11 04:17 . 2008-12-22 09:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 19:39 . 2009-10-02 19:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-30 16:18 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-14 14:42 . 2009-09-14 14:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-09-11 14:18 . 2005-02-14 23:48 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 19:01 . 2009-09-09 19:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-03-31 21:47 . 2008-11-01 15:27 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-05-15 19:55 . 2007-06-05 12:42 66672 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-15 19:55 . 2007-06-05 12:42 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-15 19:55 . 2007-06-05 12:42 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-05-15 19:55 . 2007-06-05 12:42 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-05-15 19:55 . 2007-06-05 12:42 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-08_14.35.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-08 17:11 . 2009-12-08 17:11 40960 c:\windows\Temp\rtdrvmon.exe
+ 2009-12-08 17:11 . 2009-12-08 17:11 16384 c:\windows\Temp\Perflib_Perfdata_78c.dat
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A 4CDCBDCF41F6A74_1.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A 4CDCBDCF41F6A74.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe1_F6A848FB884248E6A4C DCBDCF41F6A74.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe_F6A848FB884248E6A4CD CBDCF41F6A74.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ARPPRODUCTICON.exe
+ 2009-12-08 14:51 . 2009-12-08 15:02 315408 c:\windows\system32\drivers\klif.sys
+ 2009-09-01 15:29 . 2009-09-01 15:29 128016 c:\windows\system32\drivers\kl1.sys
+ 2009-12-08 14:53 . 2009-12-08 14:53 3419136 c:\windows\Installer\40fee.msi
+ 2009-12-08 15:51 . 2009-12-08 15:51 1258496 c:\windows\Installer\21e5d0.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-24 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-11-16 77824]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-04 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-30 198160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-3 113664]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2005-12-3 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 19:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2004-08-25 00:16 61440 -c----w- c:\program files\Lexmark P910 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-12-18 06:20 278528 -c----w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 18:43 57344 ------w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbymon.exe]
2004-08-20 18:31 188416 -c----w- c:\program files\Lexmark P910 Series\lxbymon.exE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-04 22:32 98304 ------w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"7207:TCP"= 7207:TCP:rdfckd

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]
R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [01/06/2005 22:40 97920]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 12:41 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [07/12/2009 15:09 47640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472]
S2 gupdate1c9acb488443252;Google Update Service (gupdate1c9acb488443252);c:\program files\Google\Update\GoogleUpdate.exe [24/03/2009 19:12 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.orange.co.uk
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} - hxxps://north.home-access.co.uk/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\documents and settings\Rannoch\Application Data\Mozilla\Firefox\Profiles\x3txq88t.default\
FF - prefs.js: browser.search.selectedEngine - Orange Web Search
FF - prefs.js: keyword.URL - hxxp://search.orange.co.uk/all?brand=ouk&p=_ffadr&pt=ffmob&tab=web&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Orange Toolbar UK\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\co mponents\nprpffbrowserrecordext.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 17:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\slserv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
.
************************************************** ************************
.
Completion time: 2009-12-08 17:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 17:17
ComboFix2.txt 2009-12-08 14:37

Pre-Run: 132,658,249,728 bytes free
Post-Run: 132,548,935,680 bytes free

- - End Of File - - 4052FA6A6610C70E3BDD6E204AA96742



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:54, on 08/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer255.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-2179886029-3196023381-2828398254-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} (InstallerWeb Control) - https://north.home-access.co.uk/CACH...es/instweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate1c9acb488443252) (gupdate1c9acb488443252) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9055 bytes

I don't see any security threats, but let's clean some Norton's leftovers....


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::

Folder::
c:\program files\CA
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\NortonInstaller


Driver::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"=-


RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Hi Broni,

First an apology.
Originally at the start of this problem I had uninstalled Norton as I thought it might be a firewall problem. Of course it wasn't, but Norton wouldn't let me re-install without a connection to its site.
I followed your instructions, and created logs for combifix and hijackthis, but afterwards because I was unable to link to any anti-virus sites, and I couldn't re-install Norton I installed Kaspersky from a previously downloaded copy to give me some protection.
Reason for apology is that I then ran a full scan and left for work. Even more stupid was that I then re-ran combifix and hijackthis remotely, and posted those logs to you. It didn't even register until you said you had found no security problems.
Sorry for causing you a problem.

I am now able to access anti-virus sites, so the problem has been fixed.
Thanks for your help.

Below are the latest logs created using your instructions.

Regards,

Rannoch

ComboFix 09-12-09.04 - Rannoch 10/12/2009 13:10:16.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.495 [GMT 0:00]
Running from: c:\documents and settings\Rannoch\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rannoch\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\0000034c\cltLMS1.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\0000034c\cltLMS2.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\cltupgrade.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\key.txt
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h47m54s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h47m54s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h47m54s\NortonInstall-09-23-2009-19h47m54s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h52m26s\BHCA-0x0E2C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h52m26s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h52m26s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h52m26s\NortonInstall-09-23-2009-19h52m26s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h52m26s\SymIMexe-0x0E4C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-19h52m26s\tuIH-0x0A4C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-27-2009-09h52m41s\BHCA-0x0858.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-27-2009-09h52m41s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-27-2009-09h52m41s\NortonInstall-11-27-2009-09h52m41s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-27-2009-09h52m41s\OCSCtl-0x0314.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-27-2009-09h52m41s\SymIMexe-0x0A28.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\Url.txt
c:\documents and settings\All Users\Application Data\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\SubEng\platformid.dat
c:\program files\CA
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\DecABI\dec3F50.tmp
c:\program files\Common Files\Symantec Shared\Support Controls\sdcnetck.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sprtctlbr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sprtctlln.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sprtctlwmi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssextern.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssrunsa.exe
c:\program files\Common Files\Symantec Shared\Support Controls\SymaDataDelivery\ccL70U.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymaDataDelivery\SymAData.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymControlChecker.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlpr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\wificfg.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-08 15:05 . 2009-12-08 15:05 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-08 15:05 . 2009-12-08 15:05 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-08 15:05 . 2009-12-08 15:05 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-08 15:05 . 2009-12-08 15:05 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-08 15:05 . 2009-12-08 15:05 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-08 15:02 . 2009-12-08 15:02 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\oeas.dll
2009-12-08 15:02 . 2009-12-08 15:02 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\fssync.dll
2009-12-08 14:50 . 2009-12-08 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-08 14:38 . 2009-12-08 14:38 -------- d-----w- c:\program files\Trend Micro
2009-12-07 17:19 . 2009-12-07 17:19 -------- d-----w- c:\documents and settings\Rannoch\Local Settings\Application Data\ICS
2009-12-07 15:09 . 2009-12-07 15:09 -------- d-----w- c:\documents and settings\Rannoch\Local Settings\Application Data\LogMeIn
2009-12-07 15:09 . 2009-12-07 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-12-07 15:09 . 2009-12-07 15:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-12-07 15:09 . 2009-09-28 19:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc. dll
2009-12-07 15:09 . 2009-09-28 19:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-12-07 15:09 . 2009-09-28 19:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-12-07 15:09 . 2008-08-11 12:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-12-07 15:08 . 2009-09-28 19:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-12-07 15:08 . 2009-12-10 11:08 -------- d-----w- c:\program files\LogMeIn
2009-12-07 14:48 . 2009-12-07 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-07 14:48 . 2009-12-08 14:19 -------- d-----w- c:\documents and settings\Rannoch\Application Data\SUPERAntiSpyware.com
2009-12-07 14:48 . 2009-12-08 14:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-07 13:09 . 2009-12-07 13:09 -------- d-----w- c:\documents and settings\Rannoch\Application Data\AVG8
2009-12-07 11:55 . 2009-12-07 11:55 -------- d-----w- c:\documents and settings\Rannoch\Application Data\Malwarebytes
2009-12-07 11:55 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 11:55 . 2009-12-07 13:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 11:55 . 2009-12-07 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-07 11:55 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 00:13 . 2009-12-05 00:13 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-10 11:08 . 2009-12-08 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-09 17:21 . 2005-12-17 23:50 1774 -c--a-w- c:\documents and settings\Rannoch\Application Data\wklnhst.dat
2009-12-08 15:48 . 2006-01-13 21:04 -------- d-----w- c:\program files\Google
2009-12-08 15:02 . 2009-12-08 15:02 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\sys\i386\5.1\klif.sys
2009-12-08 15:02 . 2009-12-08 15:02 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\kloehk.dll
2009-12-08 15:02 . 2009-12-08 15:02 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.73 6\mzvkbd3.dll
2009-12-08 15:02 . 2009-12-08 15:02 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\oeas.dll
2009-12-08 15:02 . 2009-12-08 15:02 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\kloehk.dll
2009-12-08 15:02 . 2009-12-08 15:02 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\mzvkbd3.dll
2009-12-08 15:01 . 2009-12-08 15:01 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\fssync.dll
2009-12-08 15:01 . 2009-12-08 15:01 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.7 36\sys\i386\5.1\klif.sys
2009-12-08 14:53 . 2009-12-08 14:53 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-08 14:53 . 2009-12-08 14:53 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-08 14:51 . 2009-12-08 14:51 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-08 14:19 . 2006-03-20 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-07 12:17 . 2005-08-24 02:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-07 12:17 . 2005-08-24 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 14:01 . 2009-12-04 16:59 142796 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_ 32_1033.dat
2009-11-26 14:23 . 2005-08-24 02:02 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-11-04 19:28 . 2007-05-29 13:24 -------- d-----w- c:\program files\Java
2009-11-04 19:27 . 2009-11-04 19:27 152576 ----a-w- c:\documents and settings\Rannoch\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:45 . 2005-02-15 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-02-14 23:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-02-14 23:48 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 20:34 . 2009-10-20 20:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-20 16:20 . 2004-08-04 13:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-16 10:05 . 2005-08-24 02:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-14 21:18 . 2009-10-14 21:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-13 10:30 . 2005-02-14 23:48 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-02-14 23:48 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-02-14 23:48 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 04:17 . 2008-12-22 09:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 19:39 . 2009-10-02 19:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-30 16:18 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-14 14:42 . 2009-09-14 14:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-09-11 14:18 . 2005-02-14 23:48 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-03-31 21:47 . 2008-11-01 15:27 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-05-15 19:55 . 2007-06-05 12:42 66672 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-15 19:55 . 2007-06-05 12:42 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-15 19:55 . 2007-06-05 12:42 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-05-15 19:55 . 2007-06-05 12:42 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-05-15 19:55 . 2007-06-05 12:42 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-08_14.35.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-10 11:08 . 2009-12-10 11:08 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat
+ 2005-02-14 23:48 . 2009-12-09 21:55 53220 c:\windows\system32\perfc009.dat
- 2006-11-07 20:03 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 20:03 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
- 2005-02-14 23:48 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2005-02-14 23:48 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
+ 2009-09-09 19:01 . 2009-09-09 19:01 27675 c:\windows\system32\drivers\klopp.dat
- 2009-07-05 15:25 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-05 15:25 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2007-05-09 14:24 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 14:24 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2005-02-14 23:48 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2005-02-14 23:48 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A 4CDCBDCF41F6A74_1.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A 4CDCBDCF41F6A74.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe1_F6A848FB884248E6A4C DCBDCF41F6A74.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe_F6A848FB884248E6A4CD CBDCF41F6A74.exe
+ 2009-12-08 15:51 . 2009-12-08 15:51 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ARPPRODUCTICON.exe
+ 2009-12-09 19:05 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-09 19:04 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-09 19:04 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2005-02-14 23:49 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2005-02-14 23:48 . 2009-12-09 21:55 381124 c:\windows\system32\perfh009.dat
+ 2005-02-14 23:48 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
- 2005-02-14 23:48 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2006-11-07 20:03 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
- 2006-11-07 20:03 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
- 2005-02-15 06:48 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2005-02-15 06:48 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
+ 2005-02-14 23:48 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
- 2005-02-14 23:48 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
- 2005-02-14 23:48 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2005-02-14 23:48 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
+ 2009-12-08 14:51 . 2009-12-08 15:02 315408 c:\windows\system32\drivers\klif.sys
+ 2009-09-01 15:29 . 2009-09-01 15:29 128016 c:\windows\system32\drivers\kl1.sys
+ 2005-02-15 06:49 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
- 2005-02-15 06:49 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
- 2005-02-14 23:48 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2005-02-14 23:48 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
- 2007-05-09 14:24 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 14:24 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-05 15:25 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-07-05 15:25 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2005-02-15 06:48 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2005-02-15 06:48 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
- 2005-02-14 23:48 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2005-02-14 23:48 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2005-02-14 23:48 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2005-02-14 23:48 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2009-12-09 19:04 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-09 19:05 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-09 19:05 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-09 19:04 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-09 19:04 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-09 19:05 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-09 19:04 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-09 19:05 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-09 19:05 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
- 2005-02-15 06:49 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2005-02-15 06:49 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
+ 2005-02-15 06:48 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll
- 2006-10-17 10:57 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2006-10-17 10:57 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
- 2005-02-15 06:49 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2005-02-15 06:49 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2005-02-15 06:48 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-09 14:24 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-09 14:24 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-12-08 14:53 . 2009-12-08 14:53 3419136 c:\windows\Installer\40fee.msi
+ 2009-12-08 15:51 . 2009-12-08 15:51 1258496 c:\windows\Installer\21e5d0.msi
+ 2009-12-09 19:04 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-09 19:04 . 2009-10-22 09:19 5939712 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-09 19:04 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2005-08-23 00:16 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2006-11-07 20:03 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll
+ 2007-05-09 14:24 . 2009-10-29 07:45 11069952 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-09 19:04 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-24 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe -atboottime" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-11-16 77824]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-3 113664]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2005-12-3 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 19:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2004-08-25 00:16 61440 -c----w- c:\program files\Lexmark P910 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-12-18 06:20 278528 -c----w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 18:43 57344 ------w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbymon.exe]
2004-08-20 18:31 188416 -c----w- c:\program files\Lexmark P910 Series\lxbymon.exE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"7207:TCP"= 7207:TCP:rdfckd

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]
R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [01/06/2005 22:40 97920]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 12:41 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [07/12/2009 15:09 47640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472]
S2 gupdate1c9acb488443252;Google Update Service (gupdate1c9acb488443252);c:\program files\Google\Update\GoogleUpdate.exe [24/03/2009 19:12 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.orange.co.uk
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} - hxxps://north.home-access.co.uk/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\documents and settings\Rannoch\Application Data\Mozilla\Firefox\Profiles\x3txq88t.default\
FF - prefs.js: browser.search.selectedEngine - Orange Web Search
FF - prefs.js: keyword.URL - hxxp://search.orange.co.uk/all?brand=ouk&p=_ffadr&pt=ffmob&tab=web&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Orange Toolbar UK\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\co mponents\nprpffbrowserrecordext.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-12-10 13:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-12-10 13:22:28
ComboFix-quarantined-files.txt 2009-12-10 13:22
ComboFix2.txt 2009-12-08 17:17
ComboFix3.txt 2009-12-08 14:37

Pre-Run: 132,293,668,864 bytes free
Post-Run: 132,239,990,784 bytes free

- - End Of File - - 3CA1592106D1D8E2A9541E72168657C8



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:07, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mobile Phones | Broadband & Mobile Broadband UK Deals | Free Web Email | Orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer255.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} (InstallerWeb Control) - https://north.home-access.co.uk/CACH...es/instweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate1c9acb488443252) (gupdate1c9acb488443252) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8881 bytes

Very good

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
- O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
- O4 - Global Startup: Adobe Gamma Loader.lnk = ?
- O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE


4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
- O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
- O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
- O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:29, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mobile Phones | Broadband & Mobile Broadband UK Deals | Free Web Email | Orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer255.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} (InstallerWeb Control) - https://north.home-access.co.uk/CACH...es/instweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate1c9acb488443252) (gupdate1c9acb488443252) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7802 bytes

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

7. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

10. Please, let me know, how is your computer doing.