[southernlady]

First, you have an outdated HiJack This log. You need to go to http://www.majorgeeks.com/download.php?det=3155 and download the newest version,1.98.2, please.

Next, you are running Hijack This out of a temporary directory on your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar). Then extract Hijack This into the folder you have created and run it from there. The reason for this is that Hijack This backup files may be deleted if it is being run from a temporary folder.

You need to turn off System Restore: http://www.spyware911.net/forum/index.php?showtopic=16

Need to run a trojan scan,click here: http://www.windowsecurity.com/trojanscan/ and then download and scan using this: http://www.emsisoft.com/en/software/free/

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aflashcounter.com/?a=2

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aflashcounter.com/?a=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aflashcounter.com/?a=2

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aflashcounter.com/?a=2

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [sySP32PE] C:\WINDOWS\sySP32PE.exe

O4 - HKLM\..\Run: [symsnt] C:\WINDOWS\symsnt.exe

O4 - HKLM\..\Run: [PE64oror] C:\WINDOWS\PE64oror.exe

O4 - HKLM\..\Run: [64hh64nt] C:\WINDOWS\64hh64nt.exe

O4 - HKLM\..\Run: [orms64] C:\WINDOWS\system32\orms64.exe

O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe (trojan)

O4 - HKLM\..\Run: [BF203D6B] C:\WINDOWS\system32\3dTRTER.exe

O4 - HKLM\..\Run: [EF1A6D5E] C:\WINDOWS\system32\ADAPI3PPM.exe

O4 - HKLM\..\Run: [BBE27966] C:\WINDOWS\system32\EDSVIDL.exe

O4 - HKCU\..\Run: [BF203D6B] C:\WINDOWS\system32\3dTRTER.exe

O4 - HKCU\..\Run: [EF1A6D5E] C:\WINDOWS\system32\ADAPI3PPM.exe

O4 - HKCU\..\Run: [BBE27966] C:\WINDOWS\system32\EDSVIDL.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029

O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/198e21f...ip/RdxIE601.cab

Restart to safe mode. http://tinyurl.com/3px9

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK" http://www.spyware911.net/forum/index.php?showtopic=27

Now find and delete these files:

C:\WINDOWS\system32\xpsp2fw.exe

C:\WINDOWS\system32\3dTRTER.exe

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Reboot

Empty the Recycle Bin

Then post another log. Liz