rootkit tdss virus fake security software

hello my computer has the rootkit tdss visus as well as this fake security software. i can bring up the hijack this program but i dont know what to do with it. Any help is greatly appreceated!

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

ComboFix 09-12-07.07 - Owner 12/08/2009 7:45.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.284 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
ADS - system32: deleted 7214 bytes in 18 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\wscsvc32.exe
C:\LOG.TXT
c:\program files\Common Files\System\Uninstall
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\program files\Shared\lib.dll
c:\program files\Shared\lib.sig
c:\recycler\S-1-5-21-299502267-436374069-839522115-1003
c:\recycler\S-1-5-21-735670361-549526505-77083942-1003
c:\windows\Installer\id53.exe
c:\windows\system32\drivers\H8SRTevitbepxui.sys
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTdfvkdcxykj.dat
c:\windows\system32\H8SRTnswwbipskl.dll
c:\windows\system32\H8SRTyqbpfqpigi.dll
c:\windows\system32\it_Pl.dll
c:\windows\system32\srcr.dat
c:\windows\system32\SySInfo.ocx
c:\windows\system32\xwreg32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-07 23:05 . 2009-12-07 23:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 20:22 . 2009-12-08 02:27 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 14:52 . 2009-07-22 03:10 -------- d-----w- c:\program files\Shared
2009-12-08 14:32 . 2007-09-02 18:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-08 14:32 . 2009-03-13 02:51 -------- d-----w- c:\program files\Spyware Doctor
2009-12-07 18:00 . 2008-08-18 17:35 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-02 16:33 . 2008-01-20 21:44 -------- d-----w- c:\program files\Snood
2009-11-28 03:41 . 2005-02-15 01:32 -------- d-----w- c:\program files\Microsoft Picture It! 10
2009-10-12 18:56 . 2005-05-16 00:23 72872 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 16:37 . 2009-10-12 16:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Cakewalk
2009-10-12 16:23 . 2009-10-12 16:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Cakewalk
2009-10-12 16:22 . 2009-10-12 16:11 -------- d-----w- c:\program files\Cakewalk
2009-09-22 19:06 . 2005-05-16 00:23 1686 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2005-05-24 22:57 . 2005-05-24 22:57 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-10 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 77824]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-08-10 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 49152]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-04-04 335872]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 188416]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 2559488]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"Getca"="c:\program files\BELKIN USB Wireless Monitor\InfoMyCa.exe" [2004-03-11 45056]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-27 185632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-7-9 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-15 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-16 03:49 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/14/2009 8:04 PM 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [8/2/2009 6:44 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [8/2/2009 6:44 PM 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5/14/2009 8:04 PM 159600]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/14/2007 5:40 PM 3712]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [12/3/2006 8:45 AM 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/25/2008 8:55 PM 24652]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;c:\program files\BELKIN USB Wireless Monitor\WLService.exe [8/5/2009 8:51 PM 49152]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [5/14/2009 8:04 PM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/12/2009 7:51 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [8/2/2009 6:44 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [6/14/2007 6:51 PM 347648]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
AddRemove-CANONBJ_Deinstall_CNMCP5y.DLL - c:\windows\system32\CNMCP5y.exe -PRINTERNAMECanon PIXMA iP1500 -HELPERDLLc:\bjprinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll -RCDLLc:\bjprinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll
AddRemove-Easy-WebPrint - c:\windows\IsUninst.exe -fc:\program files\Canon\Easy-WebPrint\Uninst.isu
AddRemove-Indeo software - c:\windows\IsUninst.exe -fc:\program files\Intel\Indeo\Uninst.isu -cc:\program files\Intel\Indeo\SavedSystemFiles\indounin.dll
AddRemove-LandDesigner 3D - c:\windows\IsUninst.exe -fc:\sierra\Land3D\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 07:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(872)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2009-12-08 07:56
ComboFix-quarantined-files.txt 2009-12-08 14:56
ComboFix2.txt 2007-10-26 03:18

Pre-Run: 178,271,027,200 bytes free
Post-Run: 179,199,528,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4D1DAF2FB857D1EBA5B6B6A766EE8B83

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.