After being infected early last week with the Windows background highjacker and virus, I'm now stuck with the following after numerous cleanup efforts.
Running WinXP SP 2 with Firefox, Safari, and IE 7. Firefox is my normal default, but now is not desirable; Google search results get redirected to 'abcjmp.com' and other sites often. Often , just get a 'Done' window after clicking on a link.
Have run Malware scans, Safe and Secure scans, Kaspersky scans. They've found different issues, but none have solved the problem. Combokit fails with 'rootkit activity' message, and forced reboot. Also 'gmer' fails with a driver mismatch error.
ProcessExplorer shows an iexplore process with the following parameter 'http://freehost.portal.com./ac.php/aid=61&sid=v2test6' I think that's the 'root' of the problem and connected somehow to a root kit.
Rootkit Revealer from Sysinternals ( Microsoft ) shows several entries about tdsssrv files being indicative of Rootkit.Win32.CLBD.hf. They appear to be hidden from regedt32 and in the Current Control Set keys.
How can I get rid of these tdsssrv* entries?