Help!! They just won't go away >.>

[adirgeforher]

I've reformatted my computer twice...within the last 2 days. >.>
And the crap just keeps comping back. I'm currently going through all your "How did I get infected" steps right now. I can't turn my firewall on now because it won't let me...ughhh. Surfsidekick- I removed it via the whole process, and it keeps coming back. I don't think I have it at the moment? Idk I could be wrong.

(Btw I've got ad-aware, spyware doctor, hijack this, s&d and combofix)

So someone help me please.
Here's my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:09 PM, on 18/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\logon.exe
C:\WINDOWS\dtxkzgnA.exe
C:\WINDOWS\win32066167182207.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PPPATC~1\VCHOST~1.EXE
C:\PROGRA~1\CROSOF~1.NET\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\updmgr.exe
C:\WINDOWS\dtxkzgn.exe
C:\WINDOWS\services.exe
C:\WINDOWS\winsock\csrss.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\mc-110-12-0000144.exe
c:\drsmartload1.exe
C:\WINDOWS\SGFp\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Deena\Desktop\HijackThis.exe
c:\defender26.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hungersite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {145D1FA9-8A40-FB9D-4CB2-A4BFDAFBD192} - C:\WINDOWS\System32\kstfcsf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winsock\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\winsock\csrss.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\WINDOWS\update\updmgr.exe
O4 - HKLM\..\Run: [dtxkzgnA] C:\WINDOWS\dtxkzgnA.exe
O4 - HKLM\..\Run: [win32066167182207] C:\WINDOWS\win32066167182207.exe
O4 - HKLM\..\Run: [newname] c:\\newname25.exe
O4 - HKLM\..\Run: [defender] c:\\defender26.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lpjrrvh] C:\PROGRA~1\COMMON~1\PPPATC~1\VCHOST~1.EXE
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\CROSOF~1.NET\ntvdm.exe" -vt yazr
O4 - HKCU\..\Run: [Qyt] C:\Program Files\Common Files\??crosoft.NET\l?ass.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\msdtc.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFp\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dtxkzgn.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner - C:\WINDOWS\winsock\csrss.exe




My combofix log was too big to attach, so I'm copying and pasting it
here.

Um yeah. xD I have no idea what to do now.
Someone help please :(

[adirgeforher]

New Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 12:51:22 PM, on 18/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\logon.exe
C:\WINDOWS\dtxkzgnA.exe
C:\WINDOWS\win32066167182207.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PPPATC~1\VCHOST~1.EXE
C:\PROGRA~1\CROSOF~1.NET\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\updmgr.exe
C:\WINDOWS\dtxkzgn.exe
C:\WINDOWS\services.exe
C:\WINDOWS\winsock\csrss.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\SGFp\command.exe
C:\Program Files\Network Monitor\netmon.exe
c:\defender26.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Deena\Desktop\spybotsd14.exe
C:\DOCUME~1\Deena\LOCALS~1\Temp\is-TUOVS.tmp\is-5CALI.tmp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hungersite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {145D1FA9-8A40-FB9D-4CB2-A4BFDAFBD192} - C:\WINDOWS\System32\kstfcsf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winsock\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\winsock\csrss.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\WINDOWS\update\updmgr.exe
O4 - HKLM\..\Run: [dtxkzgnA] C:\WINDOWS\dtxkzgnA.exe
O4 - HKLM\..\Run: [win32066167182207] C:\WINDOWS\win32066167182207.exe
O4 - HKLM\..\Run: [newname] c:\\newname25.exe
O4 - HKLM\..\Run: [defender] c:\\defender26.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard25.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lpjrrvh] C:\PROGRA~1\COMMON~1\PPPATC~1\VCHOST~1.EXE
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\CROSOF~1.NET\ntvdm.exe" -vt yazr
O4 - HKCU\..\Run: [Qyt] C:\Program Files\Common Files\??crosoft.NET\l?ass.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\msdtc.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\icakeng.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\hcpertrm.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFp\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dtxkzgn.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner - C:\WINDOWS\winsock\csrss.exe

[CalamityJane]

Are you still needing help? If so, please post a fresh HijackThis log to this thread. I'm now subscribed to your topic here and will get a notice when you reply

Wow, what a mess too! Do you not have an antivirus program? That may well be how you are getting reinfected, and lack of SP2 or other windows updates.

Or perhaps some infected software you are installing?

[tashi]

This topic is closed due to lack of a response to helper.
If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.

Note:
Have you updated Windows?

So how did I get infected in the first place? By Tony Klein