Can't access Microsoft, Symantec and others. Links get redirected. Virus! Help:).

disable DNS client service, flush out dns, and try to access the website. and search for spyware removal tools.

Your HJT log appears to be clean.

It sounds like your hosts file has been hijacked. Often a virus will lock the hijacked hosts file to stop you from editing it.
I helped another questioner with exactly this problem last week:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_26804419.html

Try the proceedure outlined in the link above. Ie: download Hostsxpert and try to reset your hosts file to Ms defaults.
For XP, the path to the hosts file is:

c:\windows\system32\drivers\etc\hosts

If it is not there, try typing the following into a run box (start - run)

notepad c:\windows\system32\drivers\etc\hosts

Does your hosts file appear?  If it does, try to edit it.  If you cannot, it is locked by malware.

Disable DNS client, check the browsing.

update windows and Antivirus

I'm going to do all of the above guys, when I get back home tonight.

However, regarding the hosts file, no it was not locked. It was in the C:\windows\system32\drivers\etc and it wasn't locked, I could open it up and there was no entry other than the 127.0.0.1.

As you've only the one entry in the hosts file, & it looks good, you may well have an infection that requires removal by ComboFix.  
Therefore, if unresolved after running the other scanners, try running ComboFix.
Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using CF please disable any realtime Anti-virus, Anti-spyware, or Shields that you may have running, and particularly AVG or CA Internet Security Suite if installed.

It may also be necessary to rename ComboFix.exe (to Combo-Fix.exe for example), before saving it to your desktop.  
If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD.  Rename it and carry to the infected machine.
You can try this key combination to reach a Run box >>
Windows Logo+R: Run dialog box

Double click "combofix.exe"(or the renamed ComboFix.exe) and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log here please.
Do not mouseclick Combofix's window while it is running, because it may stall.  
ComboFix must be run in normal mode.

Should you need it>   A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

In a previous experience, I had to use a tool called IceSword to view the locked, hidden files of a malware infection.  The others wouldn't allow me access to the file.  If you can't access C:\Program Files\cbgrwsqt, try running IceSword, you can find it here: http://majorgeeks.com/Icesword_d5199.html.   If you are not comfortable with it, GMER is similar to IceSword and it's been a great help too, http://www.gmer.net and it has more documentation with it as well.

I would still try resetting your hosts file with Hostxpert.  Or try a defensive hosts file such as this:

http://www.mvps.org/winhelp2002/hosts.htm

TDSSKiller (suggested above) is often good at fixing redirects.  If you follow Jonvee's advice to run Combofix, ploease post the log here for review.

Guys, here is the combofix log:

ComboFix 11-02-23.05 - Administrator 23/02/2011  21:44:39.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2357 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
      /wow section - STAGE 25
The system cannot find the path specified.
@DO was unexpected at this time.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\Adobe\plugs
C:\install.exe
c:\windows\system32\_000120_.tmp.dll
c:\windows\system32\_000122_.tmp.dll
c:\windows\system32\_000123_.tmp.dll
c:\windows\system32\_000124_.tmp.dll
c:\windows\system32\_000125_.tmp.dll
c:\windows\system32\_000126_.tmp.dll
c:\windows\system32\_000127_.tmp.dll
c:\windows\system32\_000128_.tmp.dll
c:\windows\system32\_000129_.tmp.dll
c:\windows\system32\_000130_.tmp.dll
c:\windows\system32\_000131_.tmp.dll
E:\autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2011-01-23 to 2011-02-23  )))))))))))))))))))))))))))))))
.

2011-02-23 20:00 . 2011-02-23 21:39      151479      ----a-w-      c:\program files\Mozilla Firefox\firefoxmgr.exe
2011-02-16 23:47 . 2011-02-19 19:14      151479      ----a-w-      c:\windows\system32\RUNDLL32mgr.exe
2011-02-16 23:47 . 2011-02-20 23:30      151479      ----a-w-      c:\windows\RTHDCPLmgr.exe
2011-02-16 20:15 . 2011-02-17 07:28      151479      ----a-w-      c:\windows\Explorermgr.exe
2011-02-15 21:59 . 2011-02-15 21:59      --------      d-----w-      c:\program files\Perfect Uninstaller
2011-02-15 21:24 . 2011-02-23 21:53      --------      d-----w-      c:\program files\cbgrwsqt
2011-02-15 20:43 . 2011-02-15 20:43      --------      d-----w-      C:\Adobe
2011-02-14 21:08 . 2011-02-14 21:08      --------      d-sh--w-      c:\documents and settings\LocalService\IETldCache
2011-02-14 20:43 . 2011-02-14 20:44      --------      d-----w-      c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-08 14:36 . 2011-02-20 11:18      --------      d-----w-      c:\documents and settings\Administrator\Application Data\Eqvu
2011-02-07 07:31 . 2011-02-19 19:02      --------      d-----w-      c:\program files\BearShare
2011-02-06 21:47 . 2011-02-06 21:56      --------      dc-h--w-      c:\documents and settings\All Users\Application Data\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-02-06 21:47 . 2011-02-06 21:47      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\PackageAware
2011-02-06 21:45 . 2011-02-06 23:02      --------      d-----w-      c:\documents and settings\All Users\Application Data\jDaFiJb09000
2011-02-06 12:16 . 2011-02-10 21:00      --------      d-----w-      c:\program files\ASIO4ALL v2
2011-02-06 10:43 . 2005-06-04 09:09      72704      ----a-w-      c:\windows\system32\ra3228_8.dll
2011-02-06 10:43 . 2005-06-04 09:09      21504      ----a-w-      c:\windows\system32\ra32dnet.dll
2011-02-06 10:43 . 2005-06-04 09:08      87040      ----a-w-      c:\windows\system32\ra32sipr.dll
2011-02-06 10:43 . 2005-06-04 09:08      487936      ----a-w-      c:\windows\system32\rmbe3260.dll
2011-02-06 10:43 . 2005-06-04 09:08      487424      ----a-w-      c:\windows\system32\msvcp70.dll
2011-02-06 10:43 . 2005-06-04 09:09      130560      ----a-w-      c:\windows\system32\pnc3250.dll
2011-02-06 10:43 . 2005-06-04 09:09      131072      ----a-w-      c:\windows\system32\pneng50.dll
2011-02-06 10:43 . 2005-06-04 09:09      352768      ----a-w-      c:\windows\system32\pngu3263.dll
2011-02-06 10:43 . 2005-06-04 09:09      81920      ----a-w-      c:\windows\system32\ra3214_4.dll
2011-02-06 10:43 . 2005-06-04 09:08      344064      ----a-w-      c:\windows\system32\msvcr70.dll
2011-02-06 10:43 . 2005-06-04 09:11      85504      ----a-w-      c:\windows\system32\encdnet.dll
2011-02-06 10:43 . 2005-06-04 09:09      61952      ----a-w-      c:\windows\system32\decdnet.dll
2011-02-06 10:39 . 2011-02-20 12:31      --------      d-----w-      c:\program files\Syncrosoft
2011-02-06 02:22 . 2011-02-06 02:22      --------      d-----w-      c:\windows\system32\wbem\Repository
2011-02-06 01:59 . 2008-05-19 06:43      25328      ----a-w-      c:\windows\_000121_.tmp.dll
2011-02-06 01:58 . 2008-07-22 08:01      151592      ----a-w-      c:\windows\system32\drivers\mv61xx.sys
2011-02-06 01:58 . 2004-11-26 12:16      225280      ----a-w-      c:\windows\system32\ReWire.dll
2011-02-06 01:58 . 2004-05-11 00:58      147456      ----a-w-      c:\windows\system32\SynsoLChk.dll
2011-02-06 01:57 . 2011-02-05 17:21      709456      ----a-w-      c:\windows\is-JJA56.exe
2011-02-06 01:57 . 2005-02-01 04:34      700416      ----a-w-      c:\windows\system32\SYNSOACC.dll
2011-02-06 01:57 . 2003-06-13 03:22      290816      ----a-w-      c:\windows\system32\SynsoNos.dll
2011-02-06 01:57 . 2002-11-25 17:36      45056      ----a-w-      c:\windows\system32\Synsopos.exe
2011-02-06 01:57 . 2002-11-25 14:46      16896      ----a-w-      c:\windows\system32\drivers\synasUSB.sys
2011-02-06 01:57 . 2001-04-09 14:03      17784      ----a-w-      c:\windows\system32\drivers\NSynas32.sys
2011-02-06 01:57 . 2011-02-06 02:00      --------      d-----w-      C:\ErdUndoCache
2011-02-02 23:08 . 2005-05-09 20:08      33792      ----a-w-      c:\windows\system32\drivers\cledx.sys
2011-02-02 20:53 . 2011-02-02 20:53      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\COMODO
2011-01-30 10:11 . 2011-02-05 20:05      --------      d-----w-      c:\documents and settings\NetworkService\Application Data\VMware
2011-01-29 11:06 . 2010-04-03 18:51      47456      ----a-w-      c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2011-01-29 11:04 . 2010-04-03 18:51      73568      ----a-w-      c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2011-01-29 11:00 . 2011-01-29 11:00      --------      d-----w-      c:\windows\system32\RsFx
2011-01-29 10:59 . 2011-01-29 10:59      --------      d-----w-      c:\program files\Microsoft Visual Studio 9.0
2011-01-29 10:50 . 2011-01-29 10:50      --------      d-----w-      c:\program files\Microsoft WebMatrix
2011-01-29 10:48 . 2011-01-29 10:49      --------      d-----w-      c:\program files\IIS
2011-01-29 10:43 . 2011-01-29 11:00      --------      d-----w-      c:\program files\Microsoft SQL Server
2011-01-29 10:41 . 2011-01-29 10:51      --------      d-----w-      c:\program files\IIS Express
2011-01-29 10:41 . 2011-01-29 10:44      --------      d-----w-      c:\program files\Microsoft SQL Server Compact Edition
2011-01-29 10:28 . 2011-01-29 10:51      --------      d-----w-      c:\program files\Microsoft ASP.NET
2011-01-29 10:18 . 2011-01-29 10:18      --------      d-----w-      c:\program files\Microsoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 15:47 . 2009-08-18 04:23      196608      ----a-w-      c:\windows\system32\drivers\nStandard.bin
2011-01-21 14:44 . 2004-08-04 12:00      439296      ----a-w-      c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00      290048      ----a-w-      c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00      1854976      ----a-w-      c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00      301568      ----a-w-      c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 12:00      916480      ----a-w-      c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00      43520      ----a-w-      c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00      1469440      ------w-      c:\windows\system32\inetcpl.cpl
2010-12-20 18:09 . 2009-09-10 17:16      38224      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2009-09-10 17:16      20952      ----a-w-      c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 12:00      730112      ----a-w-      c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00      385024      ----a-w-      c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 12:00      718336      ----a-w-      c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 12:00      33280      ----a-w-      c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-04 12:00      2148864      ----a-w-      c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59      2027008      ----a-w-      c:\windows\system32\ntkrnlpa.exe
2010-12-04 19:07 . 2010-12-04 19:07      163232      ----a-w-      c:\windows\system32\drivers\afcdp.sys
2010-12-04 19:07 . 2010-12-04 19:07      752128      ----a-w-      c:\windows\system32\drivers\tdrpm273.sys
2010-12-04 19:06 . 2010-12-04 19:06      600928      ----a-w-      c:\windows\system32\drivers\timntr.sys
2010-12-04 19:05 . 2010-12-04 19:05      170464      ----a-w-      c:\windows\system32\drivers\snapman.sys
2009-07-14 00:16 . 2009-07-14 00:16      1200551      ----a-w-      c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-09 00:11 . 2009-08-09 00:11      10437264      ----a-w-      c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-09 00:30 . 2009-08-09 00:30      107760      ----a-w-      c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-07-14 00:16 . 2009-07-14 00:16      356887      ----a-w-      c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-05 136176]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 6119378]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 537015]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-24 1800464]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-07 198160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-05-20 129584]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 918824]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536440]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-08 5479424]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-08 390736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-12-6 730454]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DMX 6fire 2496 ControlPanel.lnk - c:\program files\TerraTec\DMX 6fire\DMX6Fire.exe [2010-6-6 492032]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-3-25 1503290]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-9-27 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\cbgrwsqt\khuehsak.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20      57344      ------r-      c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-12-24 11:24      1800464      ------w-      c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-04-19 05:26      7700480      ----a-w-      c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-04-19 05:26      86016      ----a-w-      c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-04-19 05:26      1626112      ----a-w-      c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-03 08:51      16876032      ------r-      c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-09 09:52      321328      ------w-      c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [06/02/2011 01:58 151592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/12/2009 22:22 691696]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [04/12/2010 19:07 752128]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21/08/2009 16:54 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [21/08/2009 16:54 25160]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [27/06/2008 16:50 61424]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [04/12/2010 19:07 3975088]
R2 Tomcat6;Atlassian JIRA 4.1.2 6;c:\program files\Atlassian\JIRA 4.1.2\bin\tomcat6.exe [11/09/2010 17:15 213416]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20/05/2010 23:56 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [20/05/2010 22:40 539184]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [04/12/2010 19:07 163232]
R3 dmxfire;DMX6fire WDM Audio;c:\windows\system32\drivers\dmx6fire.sys [29/08/2003 08:30 148724]
R3 dmxsens;dmxsens;c:\windows\system32\drivers\dmxsens.sys [22/07/2003 13:07 403968]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [28/09/2009 08:44 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 15:45 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 01:23 458752]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [04/10/2010 21:19 135936]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [04/10/2010 21:20 186752]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\drivers\HDJMidi.sys [04/10/2010 21:20 156800]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27/02/2008 10:54 360547]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 17:07 35088]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
.
Contents of the 'Scheduled Tasks' folder

2011-02-23 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-23 15:24]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1659004503-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-05 02:09]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1659004503-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-05 02:09]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uk0zmsik.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
MSConfigStartUp-H2O - c:\program files\SyncroSoft\Pos\H2O\cledx.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 21:53
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  


c:\documents and settings\Administrator\Start Menu\Programs\Startup\khuehsak.exe 151479 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1659004503-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,b5,6b,6e,31,89,f0,41,b1,1b,b5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,b5,6b,6e,31,89,f0,41,b1,1b,b5,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-23  21:55:11
ComboFix-quarantined-files.txt  2011-02-23 21:55

Pre-Run: 37,404,573,696 bytes free
Post-Run: 38,555,648,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BBE2055C43DF3FCA5E0455E87FD30CD2

@ Yashy,
From your CF log file you can see the "Other Deletions" list where a number of infections have been deleted.
Are you now able to access Microsoft, Symantec and the other sites?

@ Melannk24,
GMER is contained within ComboFix.  You can see a reference near the bottom of the log file.  :)
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Hey Jonvee

No, I still can't access any 'decent' website like Microsoft or Kaspersky or Symantec. I can't even get onto gmer.net!

Should I restart the PC?

Also, I have tried disabling DNS but still doesn't work. What setting inside of the registry would cause websites to be blocked? If we could find those entries in there, maybe we can fix it.

Someone needs to study the contents of the ComboFix logfile to see if writing a small script can now correct the problem. As much as i would like to try, i have to logoff shortly for 3 or 4 days.

Restarting the computer should be okay, and even re-running ComboFix for a second time.

This file dosn't look good from a quick glance>
c:\documents and settings\Administrator\Start Menu\Programs\Startup\khuehsak.exe

>1. Open Notepad
2. Copy + paste all bolded text only between lines below into Notepad window
==================================================
File::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\khuehsak.exe



==================================================
3. Now Save as CFScript.txt on your desktop/same location as Combofix.exe
4. Then drag the CFScript.txt into ComboFix.exe

there appears to be a few more suspect entries but see how that works first

Did you tried TDSSKiller yet as suggested in the first post?

Try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

Sudeep

Here's what TDSSkiller found:

2011/02/24 07:28:08.0750 2716      Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/02/24 07:28:08.0750 2716      sptd - detected Locked file (1)

What is that file?

I ended up deleting this particular file, with TDSSKIiller, but haven't rebooted machine yet.

Would somethig in the sptd.sys file ever cause this problem?

@ Jonvee, thanks for the information on Combofix.  I didn't realize that GMER was included.  Very cool.  :-)

Guys, when I do a ping to www.microsoft.com, kaspersky.com, symantec.com, it comes back to 127.0.0.1. However, I have no entries in my hosts file! How can that be?

Peeps, apparently I have a rootkit virus! I installed an antivirus Avira on here and it noticed that it was a Win32.ramnit.c which is supposed to be a rootkit. I think I have no choice chaps but to completely reformat and install again.

guys, I've been at this since the weekend and it took my wind out. I tried everything and still the system was infected. In the end, I had to entirely reformat the system.

I backed up some important docs and that's it; reformatted. However, for my anti-virus/firewall I ended up installing BitDefender which was a gem as it identified the Win32.ramnit.c rootkit virus on the newly formatted system, I think that couuld have been due to my external USB drive picking up the virus also. At the moment, I think I'm in the clear, but I am going to take all of your bits of advice and harness it for later just in case. Combofix tried but sadly couldn't do anymore.

I didn't realise how bad rootkits like the Ramnit are! Much appreciate all of your help...everybody.