spyware/malware

ok heres a copy of the GMER log

GMER 1.0.15.15020 [fkltstzk.exe] - http://www.gmer.net
Rootkit scan 2009-08-08 02:57:40
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwClose [0xBACA18B0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xA9E98930]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xA9E98AA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xA9E99540]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA9E99190]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xA9E99E20]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xA9E98D60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xA9E972A0]
SSDT \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwOpenProcess [0xBACA18E0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xA9E99370]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xA9E99AD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xA9E99DD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xA9E9A150]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xA9E9A770]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationProcess [0xA9E9E160]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xA9E95EC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xA9E99D80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xA9E97600]
SSDT \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwTerminateProcess [0xBACA1990]
SSDT \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwTerminateThread [0xBACA1A30]
SSDT \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwWriteVirtualMemory [0xBACA1AD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xA9E94D40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xA9E94D50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xA9E94D60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xA9E94D80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xA9E94DA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xA9E94DD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xA9E94DE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xA9E94E00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xA9E94E10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xA9E94ED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xA9E94FA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xA9E94FE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xA9E95020]

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP A9E9AB90 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP A9E9B150 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 805418FA 7 Bytes JMP A9E9E280 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \FileSystem\Ntfs \Ntfs SafeConnectFilter.sys (SafeConnect Application Activity Monitor Filter Driver./Sana Security, Inc. )
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

Device \Driver\BTHUSB \Device\0000005d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

Device \Driver\BTHUSB \Device\0000005f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat A7A28D20

AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat SafeConnectFilter.sys (SafeConnect Application Activity Monitor Filter Driver./Sana Security, Inc. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272d395b7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272d395b7@0021fbdc34dc 0xB8 0x24 0x2E 0x30 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272d395b7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272d395b7@0021fbdc34dc 0xB8 0x24 0x2E 0x30 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Veron\Local Settings\temp\plugtmp\plugin-crossdomain.xml 102 bytes

---- EOF - GMER 1.0.15 ----

Hello.
Lets try this.

Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
  
• Click Select All found at the bottom of the list.
  
• Click the Empty Selected button.
  

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Let me know if you still have problems.

thank you .. ok downloaded the AT-F cleaner

emptied the selected. freed up space

but that error message is still on the websites im visiting

Are you using Internet Explorer? we can try switching to Firefox with add-ons.

im not using internet explorer im using firefox thanks

Hello.
Please install these two add-ons for Firefox.

https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865

After installing Adblock Plus, select the "Easy List USA" subscription and let me know how it goes.

ok both add - ons are installed now

could you please talk me through

select the "Easy List USA" subscription

how do i do this :S

thank you

Hello.
Last time I did this on my laptop, it brought up an option for the lists. If not, don't worry, we'll do it manually.

In Firefox, go to Tools > Add-ons. Now find ABP (AdBlock Plus), click it once, then hit the options button. That will open it's options menu. Now in that window, look to the top left for the "Filters" menu, click it once to drop it down, then choose "Add filter subscription".

Easy List USA will be at the top of the list.

ok thank you for talking me through it.. i have now done as instructed

See if you still get alerts now. Anything that comes from ads is gone, and NoScript should put a stop to any ads that are run by malicious scripts.

yea that has helped the error message is nowhere to be seen thank you

now what do i keep, and what do i remove? seems my desktop is a little cluttered

many thanks

Delete everything but I would Keep Malwarebytes

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

thank you i have unistalled combofix now and manually removing others. yes the pc is running so much better now

thank you so much you have been a great help