Seems that I posted without seeing your response first
Open notepad and copy/paste the text in the quotebox below into it:
Code:http://forums.spybot.info/showthread.php?t=55859 Collect:: c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\std.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\pal.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\PE.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\eb.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\eb.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\fix.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\sld.drv c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cb.exe c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\energy.sys c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv Folder:: c:\programdata\3fa8f c:\programdata\SABRV C:\cd65301
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.