Posts by jholland1964

You said there was no anti-virus program on the computer but the HJT log clearly shows McAfee + Avast4 on there so there are actually TWO anti-virus programs running on the computer. You have to go in and Uninstall ONE of them for sure, immediately. Since she said she didn't have one then either the computer came with McAfee pre-installed, if this is a new computer, or she installed it and didn't realize it. It appears to be the full McAfee program on there so if she didn't know it was there then it probably hasn't been updated.
There are, by the looks of the log, multiple infections on the computer OR at least one which keeps "re-inventing" itself.
Take one of those av programs off of there.
If there is no internet access then you will have to find a way to get it either on line or download programs and take it to the computer via cd or something.
Try to boot to Safe Mode with networking and see if it can get online that way. If you can then download, install, update MBA-M
Then run a full system scan in NORMAL mode and have it remove all that it finds. Save the log and post it here.
First order of business however, is to get that extra av program OFF.

We need to see the logs of the programs you ran. I hope you mean Malwarebytes' Anti-Malware (MBA-M) when you say Malware along with the HJT log. Be sure it is the latest version which is 2.0.2
We also need to know the symptoms which were/are going on with the computer.

Here's what showed on Hijackthis

http://img108.imageshack.us/img108/3833/74617990fa7.jpg

http://img394.imageshack.us/img394/2444/17033309mu1.jpg

Am not sure why you posted these, they show the same thing the log you posted here.
The log looks ok to me. Throw away that cd you burned though, you shouldn't take the chance of installing whatever it was by mistake.

If you feel all is ok then you can mark this solved, unless there is something else. Keep the MBA-M program. Update it and run a Quick Scan with it weekly at least. If it DOES find something then fix whatever is found in the Quick Scan, reboot and then run the Full System scan to be certain all files are checked. As with the Quick Scan remove everything found.

Looks LOTS better. How are things running?

Looks pretty good. You need to update your Java program it is way out of date and out of date Java is a security risk. Go HERE and download the offline install. Save it to the desk top.
Then go to Add/Remove and Uninstall ALL the old versions of java that you find there. Once that is complete then install that new version.
When the install is finished go back to that download page and on the Right Side you will see Verify Now. Click that to verify the installation was complete.
You also then need to Uninstall Combofix.
To do this do the following:
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
When shown the disclaimer, Select "2"
Judy

Please update MBA-M and run it again. Please remove all items found, save the log.
Reboot.
Run HJT again and save the log. Post back here with both new logs.
Judy

First of all please turn off SpyBot TeaTimer.
Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer
Next go HERE
Download, install, update MBA-M. Then run a FULL SYSTEM scan with it and have it REMOVE all it finds.
Save the log.
REBOOT
Then run the ESET ONLINE SCANNER also noted on that link I gave you. Have it fix everything it finds. Save the log. Reboot

Then run another HJT scan and save the log. Post back here with all three logs.
This "could be" a false positive, however I wouldn't take the chance, throw away that disk you burned.
One thing I found was that this seems to appear in files downloaded via a torrent downloads. AVG seems to flag this the most, though other av programs have done the same so there is definitely something suspicious about this file and the way it is obtained.

Ok, we can wait a few days if you like to see if problems happen again before marking this one solved.
Judy

We need to see the HJT scan run in normal mode.

First of all please do the following:
Disable Spybot's TeaTimer as it can interfere with any fixes done.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Next do the following:
Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

Next download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When …

What was the name of the trojan found?

How does everything seem to be working?
Judy

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Note: It is important that it is saved directly to your desktop

Close any open browsers.
Please disable your antivirus program and firewall while running combofix.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not touch the computer while combofix is running. That may cause it to stall

Sorry I am so late in responding. I was off site much of the day.
Run HJT again and place check marks next to the following entries;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {18EBFA65-F1B4-45DB-8CE1-0CBFF34D7950} - (no file)
O2 - BHO: (no name) - {25D12426-BA9F-44EB-8CB2-642DEEC2A951} - (no file)
O2 - BHO: (no name) - {CB84B07A-40B4-42D4-8796-4FAAACD61965} - (no file)
O20 - Winlogon Notify: jkkihhi - jkkihhi.dll (file missing)
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)

Once you have placed the check marks click the Fix Checked button.
Exit HJT.
Reboot the system and run a new Full System scan with HJT.
Save that log and post it here.
Judy

Your MBA-M program is WAY, WAY out of date. Current version is version 1.32 and the current database is 1649. You ALWAYS must update the program BEFORE each scan. MBA-M has daily updates, sometimes even more often. Do the update and then run the new Full System Scan and REBOOT after the scan. You must do this because you may have a lot more on the computer than was found in those first scans.
Then run HJT as requested by crunchie and post both of those logs here.
Judy

No, I don't believe the computer is clean there are definitely some suspicious entries in your HJT log. But the first thing you need to do is UNINSTALL, via Add/Remove, one of the two anti-virus programs you are running.
I see both Avast4 and McAfee. The absolute rule is ONE anti-virus program on a computer. If McAfee is expired then uninstall ALL of it. If McAfee is current and NOT expired then uninstall Avast. But one of them MUST go.
A reboot will probably be necessary. Once that extra anti-virus program is uninstalled then UPDATE MBA-M and run a full system scan with it. Allow it to remove everything found. Save the log and Reboot the system. Then run a full system scan with ESET Online Scanner, you will have to use Internet Explorer to do this and temporarily disable the remaining anti-virus program to complete the scan. All it to remove everything found. Once the scan is complete then re-enable your anti-virus program.
Reboot.
Run and new HJT scan and save the log. Post back here with all three logs.

Probably best to leave it and see . VundoFix *rarely* causes problems but there is still a risk i suppose. It is very good at finding infections though.

By the way WahooBoyd, i just want to congradulate you on being a great poster :) if every user provided as much information as you it would make everyones lives a lot easier.

And yeah, did you update the Java? Vundo commonly finds its way in through outdated JREs.

Post #7-Installed Java 6, version 11, and confirmed via Java web site that the installation succeeded and is operating correctly.

As far as running VundoFix that really is up to you WahooBoyd. If you feel you would like to check things out once more that is fine. I agree with jbennet concerning your thorough posting, it really makes a huge difference to receive full information.
Judy

Yes you can clean out those quarantined items. Keep both programs updated and do regular scans with them. Judy

Probably the main reason it didn't find what others found is that it is WAY, WAY out of date. Current version is 1.32 and database version is 1643. So yours is, at the very least more than a month out of date. It has to be updated. MBA-M certainly is capable of fixing most problems. Depends on WHEN you ran it...if you ran it BEFORE the other two then it could have found more but of course it is out of date. If you ran it AFTER the other two ran then it would NOT find what the other two had all ready fixed.

I don't see anything suspicious in the log. Your java is out of date but other than that I see nothing. It would help to see the MBA-M log.

I have a question, you had a thread going back in December and you never returned to it so we never knew if your problem was corrected at that time. Why didn't you return?
http://www.daniweb.com/forums/thread160954.html

So I ran Super Anti-Spyware, Malwarebytes, and Norton Malware.They found problems but not of them removed this problem.

Did you tell these programs to remove what they found? They won't just do it automatically, you have to tell them to do so and very often the computer must be rebooted in order to complete the removal process.
MBA-M most definitely should remove this. This is an email worm which has been around since 2004 as should the others. It is now spreading via file sharing too.

There is an enable protection button. I've pressed the button

That security center warning you are receiving is part of the worm itself so you should not be pushing any button. Just "X" out of it if possible.
We really have to see some logs or else we can't know completely what you are dealing with.

Looks pretty good. Do you everything is working ok? If so you should set a new and now clean Restore Point. Right click My Computer, choose Properties. When System Properties opens click the System Restore Tab. When that opens put a check mark in Turn off System Restore. Click ok. You may get a message that System Restore will turn off, click ok or yes. Allow it to turn off. Wait a moment and then go back in and Remove the check mark to turn it back on. Then you should have a good, clean Restore Point.
If you feel all is resolved then you can mark this one solved.
Judy

I don't use the java auto updater either, seems like 9 out of 10 times I never got notification either. I just try to check every week or so.
You need to run HJT again and place check marks next to the following entries;
O2 - BHO: (no name) - {473F4E72-8EC0-4F84-982B-205C5FE7D7D3} - C:\WINDOWS\system32\hgGvspQK.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (this is the java scheduler. If you want to keep it then don't fix this one)

O20 - Winlogon Notify: ddcCUnmK - ddcCUnmK.dll (file missing)
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot and run one more HJT scan and post that new log.
Judy

Run ESET Scanner again this time have it fix what it finds.
Your java program is WAY,WAY, WAY out of date. Current version is 6 update 11. Go HERE download the Offline Install to your desktop.
Then go into Add/Remove and uninstall ALL the java programs you find there.
Once you have done that then double click that install file to install the newest version. When the install is complete go back to the download page and click on Verify Now to check to be sure the installation was successful.
Reboot and run a new HJT scan, post back here with that new log and the new ESET scanner log.

O13 - Gopher Prefix:
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) (it won't delete this one for some reason. Every time i scan it is still there.)

Also there is a lot of java stuff on there is that normal.

First thing you need to do, or any fixes done won't work, is to get rid of Spybot TeaTimer. You don't need this part of the program and it does interfere with fixes which may be done by blocking some changes.
To stop this from running do the following:
Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

The Gopher Prefix is nothing to worry about, it can be fixed if you wish but from what I have been able to find it is actually sort of a left over from when Gopher was a search protocol for the web before there was a web.
The Skytel entry is a program related to the Realtek Voice Manager used by some of their audio chipsets. This one is up to you, meaning …

I actually have two firewalls (Windows Defenders built in firewall and PeerGuardian2).

Windows Defender is the anti-spy program, you must mean you are using the built in Windows Firewall, that is fine then it just doesn't show on the HJT scans. If you have that one turned on then don't use another one. It can cause conflicts in programs, so I would remove that PeerGuardian.
There are several good, free anti-virus programs Antivir is the one I use, Avast is also good and many use AVG 8

First thing I note is you are running NO anti-virus program and no firewall, unless you are using the built in Windows Firewall.
I see the following listings on the HJT log:
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
SearchSettings.exe is generally considered malware (Trojan) and should be removed. . It has been known to install during some shareware and freeware program installations.

O4 - HKCU\..\Run: [garypro] C:\Users\Gary\AppData\Roaming\gary.exe>>>What is This?
O4 - HKCU\..\Run: [garypro] C:\Users\Gary\AppData\Roaming\gary.exe>>>What is This?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe>>>certainly NOT needed to run on startup, meaning it will run all the time....you are really taking a giant risk P2P anyway and then doing it without an anti-virus program is doubly dangerous.

Right-click on My Computer, click Properties, click the Advanced tab. Under “Startup & Recovery,” click Settings. Under “System Failure,” uncheck the box in front of “Automatically restart.”
Maybe this way you will be able to read the Blue Screen Message.

You should remove HiJackThis, you don't need it any more.
and you must uninstall combofix as it cannot be used again either.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.
If all seems well after that you can mark this thread closed.
Judy

Looks pretty good. Are things running all right?

What is the full error message do you get before the computer shuts down?

Not sure what problems you are having for sure, we need a bit more of a description but one thing I note, you are running AVG8 antivirus, which is fine BUT there is at least one file of an old Norton program running and it most definitely should be removed.
Do a file search for it, searching first for Norton, delete all that is found then do a search for Symantec and delete all that is found.
Then run the steps HERE ignoring the references to Deckard Scanner, it is no longer available. When you have completed those steps then run a new scan with HJT and post back here with all logs.
Judy

Go to Start, Control Panel, Administrative Tools, Event Viewer. Look in Applications and also System and locate errors which may give an indication as to what is causing these Server busy errors.
Judy

Run HiJackThis again.
Place a check mark next to the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O20 - AppInit_DLLs: toydmj.dll ugnpwe.dll
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot.
Then run HJT again and post the log here.
Judy

Hope you have not disappeared. We have not heard from you in nearly 24 hours.

Well that NTRU Cryptosystems program has to do with your wireless network so maybe the program is damaged.
The system freezes definitely shows there is "something" trying to work or not working right in the background.
Were the freezes the reason you turned off some of those system32 files? While some may not be necessary they are often tied together with others which are necessary and sometimes turning off one may turn off many others that you didn't mean to disable. This is why it is always recommended that each and every one be totally researched before turn them off.
Did the freezing and internet not working come before or after the clean ups?
Can you give me a list of those system32 files you turned off and then turned back on?

I thought that might have had to do with some non-essential system32 files I'd removed from startup, so I replaced them and rebooted again.

How did you know for sure that these were unnecessary?
The file you get the error from is associated with NTRU Cryptosystems
what is the exact error that you get?

Can you run HJT on the infected machine? If so run it again.
Place a checkmark next to this entry
O20 - AppInit_DLLs: gmuxlx.dll
Then click the Fix Checked button.
Exit HJT.
Reboot the system and see what happens.
Judy

Let me look through all this and I will get back to you. This is a wireless connection correct? Have you tried a hard connection, is that possible?

Do you have the log from MBA-M? This is a program which isn't supposed to be run in Safe Mode but in normal mode. You are correct about TeaTimer. Leave it off, it interferes with some fixes attempted.
I don't know what firewall you are using or even if there is a firewall involved, but you might try turning this off and see if it helps.
Also don't know the operating system but have you tried Safe Boot with Networking? This allows the computer to boot in safe mode but also allows internet service without the unnecessary items which may be running during normal boot.
Is there a way you can get the log and post it from the computer you are using now?
Can you download HJT to another computer, burn it to a disk and then put it on the affected computer? If you can do that then try to get the log and post it back here.
System Restore should also be left ON until the computer is clean. After it is clean is when you then reset it. It is better to have at least something to go back to, even if infection is involved, rather than nothing which is what you have by turning off System Restore because that will erase all restore points. It is too late for that now just remember that in the future.
Judy

Q: Would deleting the directory AskPBar from my Program Files folder cause any problem(s)? I suspect that answer is no. However, I still want to check with you.

Does it appear in Add/Remove? If it is there then remove it that way. Many anti-spy programs flag this as malware. While the bar itself may not be it is often included with other programs and is installed without your permission OR is installed because folks don't notice the "do you want the askpbar?" box and it gets installed.
A safer way, if it doesn't show in add/remove would be to remove it in Safe Mode... (keep tapping F8 key, when your computer starts, until menu appears)

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

Delete): AskPBar folder from C:\Program Files

Restart in Normal Mode.
Mid-East...not a very safe place to be. My brother returned in Oct. from Iraq, he's with the State Dept. Relief to have him home, imagine your family will feel the same way.
I enjoy working with computers and offering what little help I can. Computers are great but can be annoying too. It is so nice when they run smoothly.
Judy

I am an older fellow (early 40s) doing a Ph.D. at IU, Bloomington. I am currently overseas for my dissertation research

:D Early 40's...my oldest daughter is soon to be 41, so I am old enough to be your mother:D
Don't know where you are overseas but hope it is warmer there than here in the good old Hoosier state...supposed to have an ice storm tomorrow.
Your log looks pretty good, one entry you didn't fix or I missed telling you to do it
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
Other than that one, which isn't really major, how are things running?
Judy

CFScript should read this way.....Ignore my last post.

KillAll::

File::

c:\windows\system32\inf
c:\windows\xccwinsys.ini
c:\windows\system32\xcchit32.ini
C:\475804924
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\8B4B73CBA4.sys
c:\windows\Tasks\mgjnjhuy.job

Registry::

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs""

Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
·Open Notepad and copy/paste the text in the below quote box into it.

KillAll::

File::

c:\windows\system32\inf
c:\windows\xccwinsys.ini
c:\windows\system32\xcchit32.ini
C:\475804924
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\8B4B73CBA4.sys
c:\windows\Tasks\mgjnjhuy.job

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=toydmj.dll ugnpwe.dll

·Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
·At this point, you MUST EXIT ALL BROWSERS NOW before continuing.
· You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
· Now use your mouse to drag CFscript.txt on top of ComboFix.exe
·Follow the prompts.
·When it finishes, a log will be produced named c:\combofix.txt
·Please post back here with that log and also a new HJT scan.

From reading other threads, I realize I ought to delete any TDSS files. My problem is when I go to search for files, I get the bue screen of death. I don't know what step to take now.

I managed to download combofix from the zip Cohen put up (thanks) but can't get it to run either.

Any help will be greatly appreciated - I need to get my comp working again asap!

You should never run combofix unless directed to do so.
So DON'T run it. unless I tell you to do so. Delete that copy you downloaded.
See if this lets you run MBA-M.
Right Click My Computer. Choose Properties. When System Properties opens click Hardware, Device Manager. Then in Device Manager click View, Show Hidden Devices.
When those show go to Non Plug and Play Drivers. Look for # ou should see something like TDSSserv.sys
* Highlight that driver and right click on it and select DISABLE
* Now RESTART your computer.
Now either try updating that MBA-M you all ready have or uninstall it and download a new copy.
Then run a Full System Scan with it and allow it to REMOVE everything found. Save the log.
Reboot.
Run HiJackThis again and save the log. Post back here with those logs.

If they are for your router then you can leave them and not fix them, that is why I asked.
Just fixed those others. See by your log that you are at or connected with I.U. I'm in Indiana also, daughter's are grads of Ball State and Purdue (with a teaching certification from I.U. K.)

Run HiJackThis again and this time place check marks to these entries:
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: TBSB05137 - {E632D7C7-20EC-4A06-8D6F-259838D16889} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\installed\{5D1BF3AF-E568-47DC-87FA-1D1F7DBBBD1E}\0\mrk's.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\bin\tbcore3U.dll

O4 - Startup: PowerReg Scheduler.exe
DID YOU PERSONALLY ADD THESE BELOW? IF NOT THEN THESE SHOULD BE FIXED ALSO
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS4\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS5\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10

23 - Service: sp_rssrv - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Now I notice in your logs you have Spyware Terminator listed. This formerly was considered a rogue program, it has since been removed from that list. That does NOT mean it is considered to be a good program, just that is no longer on the list. I would Uninstall this program. You have several very good programs, Spybot, SuperANTISPYWARE and now Malwarebytes' Anti-Malware. This is more than enough.
Reboot the computer after you have uninstalled that program.
Run a new HJT scan and post the log.
Judy

Let's see a new HiJackThis scan.
Judy