Google Hijacked by virus....browser shuts down

[dcogent1]

OMG....new to this forum.....I am having a fit with this computer...I have tried to run all types of antivirus software and nothing works...evry time I open up IE and do a search I get a banner at the top saying that I have been infected by some type of spyware with som stupid youtube porn link beneath it, no matter what I search for. Then when I gclick the desired results I get redirected to one oftwo of te same pages telling me that I have been infected and need to get a scan....soooooo frustrating...It took so much patience to get to this site to post my thread after a whole day of being redirected and clicking the back button, then I frequently get the message that my IE has encountered a serrious problem and needs to close....soo much trouble......I read and followed the instructions before I posted this so here are my reults......I am in despirate measures, time to let the experts handle it...help please!!!


System:
Microsoft Windows XP
Home Edition
Version 2002
Service pack 3

I cant find out where to attach my Attach.txt and
gmer.txt file....maybe because I had to stop the page while it was loading before I got redirected, so I will copy and paste tem....sorry if thats bad!!


DDS (Version 1.0) - NTFSx86
Run by Josh at 16:31:09.59 on Fri 11/14/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.111.37 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Josh\Desktop\New Folder\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60327
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
mWinlogon: SFCDisable=4 (0x4)
BHO: {17D562A6-DA3D-4F87-B659-86CD06473AB5} - c:\windows\system32\dzhoil.dll
BHO: {2E3603DE-A5C8-4B8D-85AF-FA160D18B1CC} -
BHO: {8F912529-E236-4B9A-8EAB-BED43FF4C66C} -
BHO: {B7C234D8-1DE7-4414-B4B9-F9EF76A46FCA} -
BHO: {B7FA8E6E-64F9-3C58-DA58-3CE607870C9C} -
BHO: {d440c7f2-a7f4-4e14-a15f-b09850a25d08} -
BHO: {E7EE986D-504C-4429-E9AB-8AB1C653514B} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: jkkiihe - jkkiihe.dll
Notify: winlft32 - winlft32.dll
AppInit_DLLs: c:\windows\system32\ldcore.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbxut.dll

============= SERVICES / DRIVERS ===============

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys
S2 DomainService;DomainService;

============== File Associations ===============

inifile=NOTEDAD.EXE %1
regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2008-11-14 16:23 250 a------- c:\windows\gmer.ini
2008-11-14 05:23 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-14 05:23 <DIR> --d----- c:\docume~1\josh\applic~1\Spyware Terminator
2008-11-14 05:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-14 05:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2008-11-14 05:22 <DIR> --d----- c:\program files\Spyware Terminator
2008-11-14 05:21 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-14 05:21 <DIR> --d----- c:\docume~1\josh\applic~1\SUPERAntiSpyware.com
2008-11-14 05:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-13 17:18 61,440 a------- c:\windows\system32\dzhoil.dll
2008-11-13 16:30 <DIR> --d----- c:\windows\pss
2008-11-13 03:56 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-13 03:55 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\scripting
2008-11-02 19:24 <DIR> --d----- c:\windows\l2schemas
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\en
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\bits
2008-11-02 19:21 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-02 19:17 <DIR> --d----- c:\windows\network diagnostic
2008-11-02 19:00 <DIR> --d----- c:\windows\EHome
2008-11-02 13:08 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-11-02 13:08 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-02 13:08 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-11-02 13:08 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-11-02 13:08 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-11-02 13:08 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-11-02 13:08 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-11-02 13:08 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-02 13:08 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-11-02 11:03 1,060,864 a------- c:\windows\system32\MFC71.dll
2008-11-02 08:54 999 -c------ c:\windows\system32\dllcache\bktrh.gif
2008-11-02 08:12 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-11-02 08:12 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-11-02 08:12 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-11-02 08:12 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-11-02 08:11 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-11-02 08:11 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-11-02 08:11 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-11-02 08:11 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-02 08:11 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-02 08:10 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-02 08:10 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-02 08:07 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-11-14 15:27 <DIR> --d----- c:\program files\BitTorrent
2008-11-14 15:26 <DIR> --d----- c:\program files\Image-Line
2008-11-14 15:26 <DIR> --d----- c:\program files\VstPlugins
2008-11-13 16:42 1,536 ac------ c:\windows\system32\TrueSoft.dat
2008-11-02 19:35 <DIR> --d----- c:\program files\Messenger
2008-11-02 19:29 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-02 19:20 <DIR> --d----- c:\program files\Windows NT
2008-11-02 11:47 <DIR> --d----- c:\program files\Online Services
2008-11-02 11:42 <DIR> --d----- c:\program files\common files\??mantec
2008-11-02 11:06 80,730 ---sh--- c:\windows\system32\tuxbc.ini2
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-25 23:24 826,368 a------- c:\windows\system32\wininet.dll
2007-12-09 19:36 <DIR> --d----- c:\docume~1\josh\applic~1\BitTorrent
2007-12-08 09:27 <DIR> --d----- c:\docume~1\josh\applic~1\Sunbelt Software
2007-12-05 20:23 <DIR> --d----- c:\docume~1\josh\applic~1\PC Tools
2007-08-22 19:50 <DIR> --d----- c:\docume~1\josh\applic~1\LimeWire
2007-05-27 09:16 <DIR> --d----- c:\docume~1\josh\applic~1\Inside Amok
2007-05-12 08:57 <DIR> --d----- c:\docume~1\josh\applic~1\HotSync
2007-12-03 22:57 69,593 ---sh--- c:\windows\system32\tuxbc.bak1
2008-03-09 11:48 233,805 ---sh--- c:\windows\system32\tuxbc.bak2

============= FINISH: 16:32:16.81 ===============


Attach dds log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2007 11:39:22 PM
System Uptime: 11/14/2008 4:26:11 PM (0 hours ago)

Motherboard: ECS | | K7SOM+
Processor: AMD Athlon(tm) XP 1500+ | Slot-1 | 1350/100mhz
BIOS: Default System BIOS | AMIINT - 1000 | 07.00T | 4/1/2001 5:00:00 PM

==== Disk Partitions =========================

C: is FIXED (NTFS) - 38 GiB total, 27.64 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP76: 11/2/2008 8:41:48 AM - Software Distribution Service 3.0
RP77: 11/2/2008 8:34:30 AM - Removed AVG 7.5
RP78: 11/2/2008 8:45:55 AM - Installed AVG 7.5
RP79: 11/2/2008 1:13:03 PM - Software Distribution Service 3.0
RP80: 11/2/2008 1:23:02 PM - Installed Windows NLSDownlevelMapping.
RP81: 11/2/2008 1:26:40 PM - Installed Windows IDNMitigationAPIs.
RP82: 11/2/2008 1:32:45 PM - Installed Windows Internet Explorer 7.
RP83: 11/2/2008 1:35:21 PM - Software Distribution Service 3.0
RP84: 11/2/2008 1:58:40 PM - Software Distribution Service 3.0
RP85: 11/2/2008 6:26:35 PM - Software Distribution Service 3.0
RP86: 11/3/2008 6:30:22 AM - Software Distribution Service 3.0
RP87: 11/13/2008 6:59:42 AM - System Checkpoint
RP88: 11/13/2008 4:11:25 PM - Software Distribution Service 3.0
RP89: 11/13/2008 5:16:24 PM - Removed Microsoft Silverlight
RP90: 11/13/2008 9:25:46 PM - Software Distribution Service 3.0
RP91: 11/14/2008 5:21:27 AM - Installed SUPERAntiSpyware Free Edition
RP92: 11/14/2008 7:01:40 AM - Spyware Terminator - restore point
RP93: 11/14/2008 8:30:10 AM - Removed Google Toolbar for Internet Explorer

==== Installed Programs ======================

Adobe Acrobat 4.0
Adobe Flash Player ActiveX
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
HSP56 MR Drivers
J2SE Runtime Environment 5.0 Update 3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Photosmart Printer 130,230,7150,7350,7550 (Remove only)
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SiS 650_651_M650_740
Spyware Terminator
SUPERAntiSpyware Free Edition
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
WebFldrs XP
WinAce Archiver
Windows Internet Explorer 7
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages ===================

11/13/2008 5:18:09 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/13/2008 5:00:02 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
11/13/2008 400 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
11/13/2008 4:05:07 PM, error: PlugPlayManager [11] - The device Root\LEGACY_WINIO\0000 disappeared from the system without first being prepared for removal.
11/13/2008 4:04:13 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2008 4:04:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
11/13/2008 4:01:23 PM, error: Dhcp [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 000AE6F5F189 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/13/2008 3:05:57 PM, error: System Error [1003] - Error code 100000d1, parameter1 fc4f6e80, parameter2 00000002, parameter3 00000000, parameter4 fc4f6e80.
11/13/2008 3:03:50 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SISPORT\0000 disappeared from the system without first being prepared for removal.
11/13/2008 3:00:04 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
11/13/2008 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
11/13/2008 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
11/13/2008 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
11/13/2008 11:00:01 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
11/13/2008 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
11/13/2008 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
11/13/2008 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
11/13/2008 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
11/13/2008 6:00:05 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
11/13/2008 5:00:13 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
11/13/2008 4:00:02 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
11/13/2008 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
11/13/2008 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
11/13/2008 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
11/13/2008, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
11/12/2008 11:00:04 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
11/12/2008 10:00:05 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
11/12/2008 9:00:06 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
11/12/2008 8:00:02 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
11/12/2008 7:58:41 PM, error: System Error [1003] - Error code 100000d1, parameter1 fc5dae80, parameter2 00000002, parameter3 00000000, parameter4 fc5dae80.
11/13/2008 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
11/13/2008 6:32:00 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 2 time(s).
11/13/2008 7:00:14 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
11/13/2008 9:27:33 PM, error: Dhcp [1002] - The IP address lease 192.168.5.3 for the Network Card with network address 000AE6F5F189 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/14/2008 9:33:01 AM, error: Dhcp [1002] - The IP address lease 192.168.5.2 for the Network Card with network address 000AE6F5F189 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/14/2008 3:28:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
11/14/2008 3:28:43 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
11/14/2008 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
11/14/2008 4:28:10 PM, error: System Error [1003] - Error code 10000050, parameter1 fdc28000, parameter2 00000000, parameter3 f934ab91, parameter4 00000000.

==== End Of File ===========================


GMER Scan log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-14 16:48:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xFA752606]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xFA75205A]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xFA751D3C]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xFA753652]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xFA751E46]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xFA751F30]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xFA7528CC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xFA752362]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xFA751BBA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xFA738F20]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xFA752494]

---- EOF - GMER 1.0.14 ----

[Angelfire777]

Hi, welcome to tsf!

One reason why you're infected is because you have no antivirus running onboard. Is there a particular reason why you removed AVG? Having no antivirus these days is an open invitation for malware to enter your system.

You are basically vulnerable to all sorts of malware. Cleaning will be useless if you have no active protection because you'll only be infected again immediately.

That's why before we start cleaning you, I want you to install, update, and scan with an antivirus first.

download Avira Antivir: http://www.free-av.com

Post back a fresh DDS log after the scan.

[dcogent1]

No reason I removed AVG....just tried to clean up the cpu after a year or two of unuse...pretty foolish to not have any antivirus...but never again....downloaded the Avira antivirus free edition....scanning cpu now....very slow, but will run and post fresh DDS log following system scan...thanks!

[dcogent1]

Here is my fresh dds log after Avira scan...


DDS (Version 1.0) - NTFSx86
Run by Josh at 19:53:36.01 on Sat 11/15/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.111.24 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Josh\Desktop\New Folder\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60327
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
mWinlogon: SFCDisable=4 (0x4)
BHO: {17D562A6-DA3D-4F87-B659-86CD06473AB5} - c:\windows\system32\dzhoil.dll
BHO: {2E3603DE-A5C8-4B8D-85AF-FA160D18B1CC} -
BHO: {8F912529-E236-4B9A-8EAB-BED43FF4C66C} -
BHO: {B7C234D8-1DE7-4414-B4B9-F9EF76A46FCA} -
BHO: {B7FA8E6E-64F9-3C58-DA58-3CE607870C9C} -
BHO: {d440c7f2-a7f4-4e14-a15f-b09850a25d08} -
BHO: {E7EE986D-504C-4429-E9AB-8AB1C653514B} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: jkkiihe - jkkiihe.dll
Notify: winlft32 - winlft32.dll
AppInit_DLLs: c:\windows\system32\ldcore.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbxut.dll

============= SERVICES / DRIVERS ===============

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys
S2 DomainService;DomainService;

============== File Associations ===============

inifile=NOTEDAD.EXE %1
regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2008-11-15 18:13 <DIR> --d----- c:\program files\Avira
2008-11-15 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-11-14 16:23 250 a------- c:\windows\gmer.ini
2008-11-14 05:23 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-14 05:23 <DIR> --d----- c:\docume~1\josh\applic~1\Spyware Terminator
2008-11-14 05:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-14 05:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2008-11-14 05:22 <DIR> --d----- c:\program files\Spyware Terminator
2008-11-14 05:21 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-14 05:21 <DIR> --d----- c:\docume~1\josh\applic~1\SUPERAntiSpyware.com
2008-11-14 05:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-13 17:18 61,440 a------- C:\ARKC.tmp
2008-11-13 16:30 <DIR> --d----- c:\windows\pss
2008-11-13 03:56 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-13 03:55 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\scripting
2008-11-02 19:24 <DIR> --d----- c:\windows\l2schemas
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\en
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\bits
2008-11-02 19:21 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-02 19:17 <DIR> --d----- c:\windows\network diagnostic
2008-11-02 19:00 <DIR> --d----- c:\windows\EHome
2008-11-02 13:08 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-11-02 13:08 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-02 13:08 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-11-02 13:08 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-11-02 13:08 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-11-02 13:08 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-11-02 13:08 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-11-02 13:08 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-02 13:08 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-11-02 11:03 1,060,864 a------- c:\windows\system32\MFC71.dll
2008-11-02 08:54 999 -c------ c:\windows\system32\dllcache\bktrh.gif
2008-11-02 08:12 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-11-02 08:12 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-11-02 08:12 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-11-02 08:12 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-11-02 08:11 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-11-02 08:11 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-11-02 08:11 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-11-02 08:11 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-02 08:11 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-02 08:10 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-02 08:10 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-02 08:07 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-11-15 18:58 <DIR> --d----- c:\program files\Messenger
2008-11-14 16:41 1,536 ac------ c:\windows\system32\TrueSoft.dat
2008-11-14 15:27 <DIR> --d----- c:\program files\BitTorrent
2008-11-14 15:26 <DIR> --d----- c:\program files\Image-Line
2008-11-14 15:26 <DIR> --d----- c:\program files\VstPlugins
2008-11-02 19:29 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-02 19:20 <DIR> --d----- c:\program files\Windows NT
2008-11-02 11:47 <DIR> --d----- c:\program files\Online Services
2008-11-02 11:42 <DIR> --d----- c:\program files\common files\??mantec
2008-11-02 11:06 80,730 ---sh--- c:\windows\system32\tuxbc.ini2
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-25 23:24 826,368 a------- c:\windows\system32\wininet.dll
2007-12-09 19:36 <DIR> --d----- c:\docume~1\josh\applic~1\BitTorrent
2007-12-08 09:27 <DIR> --d----- c:\docume~1\josh\applic~1\Sunbelt Software
2007-12-05 20:23 <DIR> --d----- c:\docume~1\josh\applic~1\PC Tools
2007-08-22 19:50 <DIR> --d----- c:\docume~1\josh\applic~1\LimeWire
2007-05-27 09:16 <DIR> --d----- c:\docume~1\josh\applic~1\Inside Amok
2007-05-12 08:57 <DIR> --d----- c:\docume~1\josh\applic~1\HotSync
2007-12-03 22:57 69,593 ---sh--- c:\windows\system32\tuxbc.bak1
2008-03-09 11:48 233,805 ---sh--- c:\windows\system32\tuxbc.bak2

============= FINISH: 19:54:58.39 ===============

[Angelfire777]

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[dcogent1]

Ok, it took a while but I got it done....pages seem to be loading up a bit faster....at any rate here is the log that CF produced....

ComboFix 08-11-14.01 - Josh 2008-11-15 22:54:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.16 [GMT -8:00]
Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Josh\Favorites\Cheap Pharmacy Online.url
c:\documents and settings\Josh\Favorites\SMS TRAP.url
c:\documents and settings\Josh\Start Menu\Cheap Pharmacy Online.url
c:\documents and settings\Josh\Start Menu\SMS TRAP.url
c:\documents and settings\Vaki\Start Menu\Programs\Outerinfo
c:\program files\Common Files\mantec~1
c:\program files\Common Files\mantec~1\??sembly\
c:\temp\0b9
c:\temp\0b9\tmpTF.log
c:\temp\1cb
c:\temp\bkR11
c:\temp\bkR11\ftCa.log
c:\temp\tn3
c:\windows\absolute key logger.lnk
c:\windows\aconti.log
c:\windows\acontidialer.txt
c:\windows\BMef65c440.txt
c:\windows\BMef65c440.xml
c:\windows\cookies.ini
c:\windows\k.txt
c:\windows\pskt.ini
c:\windows\system32\cxhvpxhk.ini
c:\windows\system32\daSgo02
c:\windows\system32\din.ip
c:\windows\system32\dpqaqlqx.bin
c:\windows\system32\drivers\alert_icon.gif
c:\windows\system32\drivers\blank.gif
c:\windows\system32\drivers\box_2.gif
c:\windows\system32\drivers\button_buynow.gif
c:\windows\system32\drivers\button_freescan.gif
c:\windows\system32\drivers\cell_bg.gif
c:\windows\system32\drivers\cell_footer.gif
c:\windows\system32\drivers\cell_header_block.gif
c:\windows\system32\drivers\cell_header_remove.gif
c:\windows\system32\drivers\cell_header_scan.gif
c:\windows\system32\drivers\close_icon.gif
c:\windows\system32\drivers\download_btn.jpg
c:\windows\system32\drivers\download_now_btn.gif
c:\windows\system32\drivers\footer_back.jpg
c:\windows\system32\drivers\header_1.gif
c:\windows\system32\drivers\header_2.gif
c:\windows\system32\drivers\header_3.gif
c:\windows\system32\drivers\header_4.gif
c:\windows\system32\drivers\header_bg.gif
c:\windows\system32\drivers\header_red_bg.gif
c:\windows\system32\drivers\header_red_free_scan.gif
c:\windows\system32\drivers\header_red_free_scan_bg.gif
c:\windows\system32\drivers\header_red_protect_your_pc.gif
c:\windows\system32\drivers\icon_warning.gif
c:\windows\system32\drivers\infected.gif
c:\windows\system32\drivers\main_back.gif
c:\windows\system32\drivers\product_2_header.gif
c:\windows\system32\drivers\product_2_name_small.gif
c:\windows\system32\drivers\product_features.gif
c:\windows\system32\drivers\pt.htm
c:\windows\system32\drivers\rating.gif
c:\windows\system32\drivers\remove_spyware_button.gif
c:\windows\system32\drivers\s_detect.htm
c:\windows\system32\drivers\screenshot.jpg
c:\windows\system32\drivers\secuity_center_logo.gif
c:\windows\system32\drivers\sep_hor.gif
c:\windows\system32\drivers\sep_vert.gif
c:\windows\system32\drivers\shadow.jpg
c:\windows\system32\drivers\shadow_bg.gif
c:\windows\system32\drivers\spacer.gif
c:\windows\system32\drivers\star.gif
c:\windows\system32\drivers\star_gray.gif
c:\windows\system32\drivers\star_gray_small.gif
c:\windows\system32\drivers\star_small.gif
c:\windows\system32\drivers\style.css
c:\windows\system32\drivers\v.gif
c:\windows\system32\drivers\warning_icon.gif
c:\windows\system32\drivers\win_logo.gif
c:\windows\system32\drivers\x.gif
c:\windows\system32\ejddfidj.ini
c:\windows\system32\fenjovtl.ini
c:\windows\system32\gtv_sd.bin
c:\windows\system32\gzmrot-uninst.exe
c:\windows\system32\jtyyurnk.ini
c:\windows\system32\ldinfo.ldr
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSINET.oca
c:\windows\system32\okprlbip.ini
c:\windows\system32\oxfcjllu.ini
c:\windows\system32\rev1
c:\windows\system32\rfbwggid.ini
c:\windows\system32\sfblsxas.ini
c:\windows\system32\sl.bin
c:\windows\system32\stfv.bin
c:\windows\system32\sznf.ascii
c:\windows\system32\tuxbc.bak1
c:\windows\system32\tuxbc.bak2
c:\windows\system32\tuxbc.ini
c:\windows\system32\tuxbc.ini2
c:\windows\system32\tuxbc.tmp
c:\windows\system32\v2
c:\windows\system32\vjufjrke.ini
c:\windows\system32\vvrscdtp.ini
c:\windows\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Service_DomainService


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 18:13 . 2008-11-15 18:13 <DIR> d-------- c:\program files\Avira
2008-11-15 18:13 . 2008-11-15 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-14 16:23 . 2008-11-14 16:39 250 --a------ c:\windows\gmer.ini
2008-11-14 05:23 . 2008-11-14 09:48 <DIR> d-------- c:\documents and settings\Josh\Application Data\Spyware Terminator
2008-11-14 05:23 . 2008-11-14 05:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-14 05:23 . 2008-11-14 07:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-14 05:23 . 2008-11-14 05:23 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-14 05:22 . 2008-11-14 07:15 <DIR> d-------- c:\program files\Spyware Terminator
2008-11-14 05:21 . 2008-11-14 05:22 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-14 05:21 . 2008-11-14 05:21 <DIR> d-------- c:\documents and settings\Josh\Application Data\SUPERAntiSpyware.com
2008-11-14 05:19 . 2008-11-14 05:19 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-13 03:56 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 03:55 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\windows\system32\scripting
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\windows\system32\en
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\windows\system32\bits
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\windows\l2schemas
2008-11-02 19:21 . 2008-11-02 19:24 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-02 19:00 . 2008-11-02 19:00 <DIR> d-------- c:\windows\EHome
2008-11-02 13:08 . 2008-10-03 09:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-02 13:08 . 2007-04-17 01:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-02 13:08 . 2007-03-07 21:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-02 13:08 . 2008-08-25 23:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-02 13:08 . 2008-08-25 23:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-02 13:08 . 2008-08-25 23:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-02 13:08 . 2008-08-25 23:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-02 13:08 . 2008-08-25 23:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-02 13:08 . 2008-08-25 00:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-02 11:03 . 2008-11-02 11:03 <DIR> d-------- c:\program files\Alwil Software
2008-11-02 11:03 . 2003-03-18 13:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-02 08:54 . 2004-08-04 04:00 999 -----c--- c:\windows\system32\dllcache\bktrh.gif
2008-11-02 08:12 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-02 08:12 . 2008-06-13 03:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-02 08:12 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-02 08:12 . 2008-08-14 02:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-02 08:11 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-02 08:11 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-02 08:11 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-02 08:11 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-02 08:11 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-02 08:10 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-02 08:10 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-02 08:07 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 23:27 --------- d-----w c:\program files\BitTorrent
2008-11-14 23:26 --------- d-----w c:\program files\VstPlugins
2008-11-14 23:26 --------- d-----w c:\program files\Image-Line
2008-11-14 16:30 --------- d-----w c:\program files\Google
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 188416]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-14 1783808]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-10 185896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= xgusb.cpl
"midi2"= xgusb.cpl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotygebit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
--a------ 2002-04-04 12:01 335872 c:\windows\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
--a------ 2002-04-04 12:04 49152 c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]
-ra------ 2002-10-30 01:40 28672 c:\windows\htpatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-04-13 16:12 169984 c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-11 03:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 02:15 106496 c:\windows\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-10 23:15 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2002-06-04 22:17 167936 c:\windows\system32\pctspk.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-14 141312]
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\AECA9864913D0938.job
- c:\docume~1\josh\applic~1\inside~1\GreyForkAce.exe []

2008-11-15 c:\windows\Tasks\At1.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At10.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At11.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At12.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At13.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At14.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At15.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At16.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-16 c:\windows\Tasks\At17.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-16 c:\windows\Tasks\At18.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-16 c:\windows\Tasks\At19.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At2.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-16 c:\windows\Tasks\At20.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-16 c:\windows\Tasks\At21.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-16 c:\windows\Tasks\At22.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-16 c:\windows\Tasks\At23.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At24.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At3.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At4.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At5.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At6.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At7.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At8.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-15 c:\windows\Tasks\At9.job
- c:\windows\system32\GJWg0w0c.exe []

2008-11-14 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{2E3603DE-A5C8-4B8D-85AF-FA160D18B1CC} - (no file)
BHO-{8F912529-E236-4B9A-8EAB-BED43FF4C66C} - (no file)
BHO-{B7C234D8-1DE7-4414-B4B9-F9EF76A46FCA} - (no file)
BHO-{B7FA8E6E-64F9-3C58-DA58-3CE607870C9C} - (no file)
BHO-{d440c7f2-a7f4-4e14-a15f-b09850a25d08} - (no file)
BHO-{E7EE986D-504C-4429-E9AB-8AB1C653514B} - (no file)
Notify-jkkiihe - jkkiihe.dll
Notify-winlft32 - winlft32.dll
MSConfigStartUp-BMef65c440 - c:\windows\system32\aukplrof.dll
MSConfigStartUp-io43mvuiw4kj - c:\windows\io43mvuiw4kj.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl


.
------- File Associations -------
.
inifile=NOTEDAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 23:05:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-15 23:11:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 07:11:24

Pre-Run: 29,302,231,040 bytes free
Post-Run: 29,619,814,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

326 --- E O F --- 2008-11-14 05:27:28

[Angelfire777]

Hi,

Do you have Bittorrent installed?


*Open notepad.
Copy and paste the text inside the code box below to notepad

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/312977-google-hijacked-virus-browser-shuts-down.html

File::
c:\windows\Tasks\AECA9864913D0938.job
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\Schedule Task Weekly.job
Folder::
c:\docume~1\josh\Applic~1\inside~1
c:\program files\Registry Easy
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotygebit]
Suspect::[55]
c:\windows\system32\dllcache\bktrh.gif

• Save and Name it as "CFScript"
• Drag and drop CFScript.txt to your copy of combofix.
• You can take a look at the image below if you're unsure on how to do it.
  
• Combofix wil restart your machine then it will produce a log afterwards.
• Additonally, please follow all of combofix's instructions regarding the submission of some malware for analysing and make sure that you don't leave that part out.

_________

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

• Click Start > Control Panel
• Click Add/Remove Programs
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove button.
• Repeat as many times as necessary to remove all versions of Java.
• Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u10, and install it to your computer.

• Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

__________

Download ATF Cleaner by Atribune

Important: Make sure all your browsers are closed before running ATF Cleaner..

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose:Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click
• No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
__________

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


On your next reply, please include a

• kaspersky scan log
• combofix log

[dcogent1]

ok, finally....I had bit torrent but removed it as was a requirement before asking for help in this forum...Any how a couple of wierd things happend...I didnt do the steps in the order they were posted, hope that wasnt the reason...first I did java(uninstall, deleted files), then I ran the combo fix (dragging and dropping the coppied txt in the body of your last response)...it got funny at this point because combo fix didnt restart my cpu....it still generated a report which I saved ( I also submitted the file as asked, to bleeping computer website).....after that I just had my desktop backround showing with no desktop icons, start menu, or anything else except my mouse pointer....the whole screen was just my backround....I left it like that thinking that it would eventually restart but nothing, so I manually restarted it and the ran AFT...Kaspersky did not save to my computer, it just saved and scanned from the internet...once it was finished it found no infected files, however i saved the report even though there was nothing in it....I hope I didnt do anything wrong....here are the two logs....I have a busy one today so I won't be back until later this evening(PST) .....thanks for all your help and patience so far, I know it takes alot......you guys rock, big time!!!


ComboFix 08-11-14.01 - Josh 2008-11-16 1:12:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.5 [GMT -8:00]
Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\Tasks\AECA9864913D0938.job
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\Schedule Task Weekly.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\josh\Applic~1\inside~1
c:\docume~1\josh\Applic~1\inside~1\995D53A2
c:\windows\Tasks\AECA9864913D0938.job
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\Schedule Task Weekly.job

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 00:46 . 2008-11-16 00:32 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 00:46 . 2008-11-16 00:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 00:29 . 2008-11-16 00:29 <DIR> d-------- c:\program files\Java
2008-11-15 23:33 . 2008-11-16 00:02 <DIR> d-------- c:\windows\LastGood
2008-11-15 18:13 . 2008-11-15 18:13 <DIR> d-------- c:\program files\Avira
2008-11-15 18:13 . 2008-11-15 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-14 16:23 . 2008-11-14 16:39 250 --a------ c:\windows\gmer.ini
2008-11-14 05:23 . 2008-11-14 09:48 <DIR> d-------- c:\documents and settings\Josh\Application Data\Spyware Terminator
2008-11-14 05:23 . 2008-11-14 05:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-14 05:23 . 2008-11-14 07:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-14 05:23 . 2008-11-14 05:23 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-14 05:22 . 2008-11-14 07:15 <DIR> d-------- c:\program files\Spyware Terminator
2008-11-14 05:21 . 2008-11-14 05:22 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-14 05:21 . 2008-11-14 05:21 <DIR> d-------- c:\documents and settings\Josh\Application Data\SUPERAntiSpyware.com
2008-11-14 05:19 . 2008-11-14 05:19 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-13 03:56 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 03:55 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\windows\system32\scripting
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\windows\system32\en
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\windows\system32\bits
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\windows\l2schemas
2008-11-02 19:21 . 2008-11-02 19:24 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-02 19:00 . 2008-11-02 19:00 <DIR> d-------- c:\windows\EHome
2008-11-02 13:08 . 2008-10-03 09:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-02 13:08 . 2007-04-17 01:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-02 13:08 . 2007-03-07 21:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-02 13:08 . 2008-08-25 23:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-02 13:08 . 2008-08-25 23:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-02 13:08 . 2008-08-25 23:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-02 13:08 . 2008-08-25 23:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-02 13:08 . 2008-08-25 23:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-02 13:08 . 2008-08-25 00:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-02 11:03 . 2008-11-02 11:03 <DIR> d-------- c:\program files\Alwil Software
2008-11-02 11:03 . 2003-03-18 13:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-02 08:54 . 2004-08-04 04:00 999 -----c--- c:\windows\system32\dllcache\bktrh.gif
2008-11-02 08:12 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-02 08:12 . 2008-06-13 03:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-02 08:12 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-02 08:12 . 2008-08-14 02:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-02 08:11 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-02 08:11 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-02 08:11 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-02 08:11 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-02 08:11 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-02 08:10 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-02 08:10 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-02 08:07 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 23:27 --------- d-----w c:\program files\BitTorrent
2008-11-14 23:26 --------- d-----w c:\program files\VstPlugins
2008-11-14 23:26 --------- d-----w c:\program files\Image-Line
2008-11-14 16:30 --------- d-----w c:\program files\Google
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-15_23.10.22.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-04-29 07:04:40 917,504 ----a-r c:\windows\LastGood\system\cmids3d.dll
+ 2001-11-23 04:08:20 712,704 ----a-r c:\windows\LastGood\system32\a3d.dll
+ 2001-11-23 04:08:20 712,704 ----a-r c:\windows\LastGood\system32\Audio3D.dll
+ 2002-11-02 04:08:20 53,248 ----a-r c:\windows\LastGood\system32\cmuda.dll
+ 2002-11-01 09:11:20 451,599 ----a-r c:\windows\LastGood\system32\drivers\cmuda.sys
+ 2008-04-13 18:45:14 60,160 ----a-w c:\windows\LastGood\system32\drivers\drmk.sys
+ 2008-04-13 19:16:36 141,056 ----a-w c:\windows\LastGood\system32\drivers\ks.sys
+ 2008-04-13 19:19:41 146,048 ----a-w c:\windows\LastGood\system32\drivers\portcls.sys
+ 2008-04-13 18:45:15 49,408 ----a-w c:\windows\LastGood\system32\drivers\stream.sys
+ 2008-04-14 00:11:56 4,096 ----a-w c:\windows\LastGood\system32\ksuser.dll
+ 2002-08-13 10:42:24 28,672 ----a-r c:\windows\LastGood\system32\udaprop.dll
+ 2008-04-14 00:12:45 23,552 ----a-w c:\windows\LastGood\system32\wdmaud.drv
- 2002-04-29 07:04:40 917,504 ----a-r c:\windows\system\cmids3d.dll
+ 2002-04-30 06:04:40 917,504 ----a-w c:\windows\system\cmids3d.dll
+ 2004-02-18 01:51:56 1,458,176 ----a-w c:\windows\system\SmWizard.exe
- 2001-11-23 04:08:20 712,704 -c--a-r c:\windows\system32\a3d.dll
+ 2001-11-24 03:08:20 712,704 ----a-w c:\windows\system32\a3d.dll
- 2001-11-23 04:08:20 712,704 -c--a-r c:\windows\system32\Audio3D.dll
+ 2001-11-24 03:08:20 712,704 ----a-w c:\windows\system32\Audio3D.dll
+ 2003-02-19 09:26:28 28,672 ----a-w c:\windows\system32\cmirmdrv.dll
+ 2004-04-24 06:02:10 233,472 ----a-w c:\windows\system32\cmirmdrv.exe
- 2002-11-02 04:08:20 53,248 ----a-r c:\windows\system32\cmuda.dll
+ 2006-06-16 09:03:48 172,032 ----a-w c:\windows\system32\cmuda.dll
- 2001-11-23 04:08:20 712,704 -c--a-w c:\windows\system32\dllcache\a3d.dll
+ 2001-11-24 03:08:20 712,704 -c--a-w c:\windows\system32\dllcache\a3d.dll
+ 2008-04-13 18:45:14 60,160 -c--a-w c:\windows\system32\dllcache\drmk.sys
+ 2008-04-13 19:16:36 141,056 -c--a-w c:\windows\system32\dllcache\ks.sys
+ 2008-04-14 00:11:56 4,096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
+ 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
+ 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
- 2002-11-01 09:11:20 451,599 ----a-r c:\windows\system32\drivers\cmuda.sys
+ 2006-06-10 06:58:22 1,373,120 ----a-w c:\windows\system32\drivers\cmuda.sys
- 2008-04-13 19:19:41 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
+ 2008-04-13 19:19:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
- 2008-04-13 18:45:15 49,408 ----a-w c:\windows\system32\drivers\stream.sys
+ 2008-04-13 18:45:16 49,408 ----a-w c:\windows\system32\drivers\stream.sys
- 2005-04-13 09:19:56 49,248 -c--a-w c:\windows\system32\java.exe
+ 2008-11-16 08:32:37 144,792 ----a-w c:\windows\system32\java.exe
- 2005-04-13 09:20:04 49,250 -c--a-w c:\windows\system32\javaw.exe
+ 2008-11-16 08:32:38 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-04-13 10:48:54 127,078 -c--a-w c:\windows\system32\javaws.exe
+ 2008-11-16 08:32:38 148,888 ----a-w c:\windows\system32\javaws.exe
- 2007-10-11 22:12:48 1,468,968 ----a-w c:\windows\system32\LegitCheckControl.DLL
+ 2008-03-21 0236 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2001-11-23 04:08:20 712,704 ----a-r c:\windows\system32\ReinstallBackups\0002\DriverFiles\Audio3D.dll
+ 2002-04-29 07:04:40 917,504 ----a-r c:\windows\system32\ReinstallBackups\0002\DriverFiles\cmids3d.dll
+ 2002-11-02 04:08:20 53,248 ----a-r c:\windows\system32\ReinstallBackups\0002\DriverFiles\cmuda.dll
+ 2002-11-01 09:11:20 451,599 ----a-r c:\windows\system32\ReinstallBackups\0002\DriverFiles\cmuda.sys
+ 2008-04-13 18:45:14 60,160 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\drmk.sys
+ 2008-04-13 19:16:36 141,056 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ks.sys
+ 2008-04-14 00:11:56 4,096 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll
+ 2008-04-13 19:19:41 146,048 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\portcls.sys
+ 2008-04-13 18:45:15 49,408 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\stream.sys
+ 2008-04-14 00:12:45 23,552 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\wdmaud.drv
+ 2002-08-13 10:42:24 28,672 ----a-r c:\windows\system32\ReinstallBackups\0002\DriverFiles\udaprop.dll
- 2002-08-13 10:42:24 28,672 ----a-r c:\windows\system32\udaprop.dll
+ 2003-04-25 04:29:08 32,768 ----a-w c:\windows\system32\udaprop.dll
+ 2008-11-16 08:46:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_a18.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= xgusb.cpl
"midi2"= xgusb.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-04-04 12:03 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
--a------ 2002-04-04 12:01 335872 c:\windows\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
--a------ 2002-04-04 12:04 49152 c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]
-ra------ 2002-10-30 01:40 28672 c:\windows\htpatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-04-13 16:12 169984 c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-11 03:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 02:15 106496 c:\windows\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-11-14 05:23 1783808 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-10 23:15 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2002-06-04 22:17 167936 c:\windows\system32\pctspk.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-14 141312]

*Newly Created Service* - JAVAQUICKSTARTERSERVICE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 01:17:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-16 1:21:24
ComboFix-quarantined-files.txt 2008-11-16 09:21:19
ComboFix2.txt 2008-11-16 07:11:42

Pre-Run: 29,264,760,832 bytes free
Post-Run: 29,286,543,360 bytes free

263 --- E O F --- 2008-11-14 05:27:28



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 16, 2008 13:43:47
Records in database: 1387799
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 35387
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:13:29

No malware has been detected. The scan area is clean.

The selected area was scanned.

[Angelfire777]

Hi,

Kaspersky was supposed to scan from the internet so don't worry about that :)

You can delete this folder since you don't have bittorrent anymore: c:\program files\BitTorrent

How is your computer running?

[dcogent1]

It is running so much smoother....so much more efficient...I havent been redirected since you started helping me my searches no longer have that banner (in google) saying that my cpu has been hijacked, and my web pages load up a lot faster....man, I appreciate this so much...I know this takes a lot of patience to help people with these problems all day so I am very greatfull.....Thanks again....I will delete that folder to...I need to keep thi thing functioning....Proper!

[Angelfire777]

Congratulations! Glad to hear everything's fine.

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

And miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.