Virus blocking accress to internet

C

Cybercookie

New Member
My computer was recently infected by malware or a virus of some kind. It said Antivirmore but there may be more than that. At this time I can`t access the Internet but I could initially in Safe Mode. Before I can deal with anything else I need to re-connect to the Internet. The proxy server is unchecked. I don`t know what else to try. Any help would be appreciated.

The computer is a Dell Precision M90 Laptop with Intel Core 2 T7200 @2.00GHz CPU with 2.00 GB of RAM running Win XP SP3.
 
Since I'm on my phone and can't post links, if you can find one of my posts about downloading and running rkill.scr or combofix, combofix should kill the process that is stopping you from getting internet access. If you have a 64bit OS, you can't run combofix. This is when you run rkill.scr and then try running malwarebytes to remove the infection. You would need to use a usb flash drive or cd to copy the files to and then run them on the infected machine.
 
Now that I'm home and able to post links.


Download this file to a usb flash drive or burn it to a cd and transfer it to the infected computer and run it.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Thank you for your suggestions. I followed them and they have helped. In Safe Mode I can use the Internet but a redirect problem remains especially if I use a search engine. Typing directly into the address bar seems to work. In normal mode the Internet is still blocked. I have tried both Explorer and Firefox. In Firefox I get a note saying proxy server is refusing connections.

Some downloads work in Safe Mode but others don`t. I can`t get the latest updates for Windows for example. I downloaded several games and installed them without difficulty. Attempts to download and install 2 different Anti-Viral programs failed. ComboFix said I did not have the "Microsoft Windows Recovery Console". It then claimed to download it successfully.

Early in the ComboFix scan a box appeared titled "mbr.cfxxe". This said mbr.cfxxe encountered a problem and needs to close. This closed but the scan went on.

The Registry seems to have been deleted along with all backups. This computer was recently bought on Ebay. I have no disk or external backup of any kind. It was OK when I got it.

Here are the logs you requested. I had run

ComboFix 10-08-16.04 - Administrator 08/17/2010 14:40:42.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1788 [GMT -4:00]
Running from: E:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\avdrn.dat
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\st325602.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-08 23:08 . 2010-08-08 23:08 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-08 21:43 . 2010-08-08 21:43 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-08 21:02 . 2010-08-08 21:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2010-08-08 06:22 . 2010-08-08 06:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-20 00:27 . 2010-07-20 00:28 43488992 ----a-w- c:\documents and settings\All Users\Application Data\Systweak\Advanced System Protector\Antispyware_Setup_7_19_2010.exe
2010-07-19 22:11 . 2010-07-19 22:11 -------- d-----w- c:\program files\ESET
2010-07-19 21:16 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 21:43 . 2010-07-08 23:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-08 06:22 . 2010-08-08 06:22 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\ranmiq.dat
2010-08-03 21:42 . 2010-06-29 00:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-03 21:38 . 2010-07-17 00:27 -------- d-----w- c:\program files\SpywareBlaster
2010-07-20 00:16 . 2010-07-17 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-07-20 00:16 . 2010-07-17 20:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2010-07-20 00:15 . 2010-07-17 20:24 -------- d-----w- c:\program files\Spyware Terminator
2010-07-20 00:04 . 2010-07-17 18:19 -------- d-----w- c:\program files\a-squared Free
2010-07-19 23:05 . 2010-07-17 00:50 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-19 23:05 . 2010-07-17 00:50 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-19 22:24 . 2010-07-17 23:56 -------- d-----w- c:\program files\PC-Clean
2010-07-18 00:45 . 2010-07-17 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-07-18 00:45 . 2010-07-17 20:04 -------- d-----w- c:\program files\IObit
2010-07-18 00:42 . 2010-07-17 23:56 -------- d-----w- c:\program files\NLIA
2010-07-18 00:41 . 2010-07-18 00:41 -------- d-----w- c:\program files\Spyware Vaccine
2010-07-18 00:12 . 2010-07-18 00:11 43488992 ----a-w- c:\documents and settings\All Users\Application Data\Systweak\Advanced System Protector\Antispyware_Setup_7_17_2010.exe
2010-07-18 00:10 . 2010-07-18 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2010-07-18 00:10 . 2010-07-18 00:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Systweak
2010-07-18 00:09 . 2010-07-18 00:09 -------- d-----w- c:\program files\Systweak
2010-07-17 23:56 . 2009-11-12 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-17 21:12 . 2010-07-17 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-17 20:42 . 2010-07-17 20:42 23552 ----a-w- c:\windows\system32\drivers\phooks.sys
2010-07-17 20:35 . 2010-07-17 20:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\WinPatrol
2010-07-17 20:35 . 2010-07-17 20:35 -------- d-----w- c:\program files\BillP Studios
2010-07-17 20:25 . 2010-07-17 20:25 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-07-17 20:25 . 2010-07-17 20:25 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-07-17 20:25 . 2010-07-17 20:25 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-17 00:50 . 2010-07-17 00:50 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 00:49 . 2010-07-17 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-17 00:49 . 2010-07-17 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-17 00:49 . 2010-07-17 00:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-17 00:43 . 2010-07-17 00:43 -------- d-----w- c:\program files\Trend Micro
2010-07-17 00:31 . 2010-07-17 00:31 0 ----a-w- c:\windows\nsreg.dat
2010-07-16 23:33 . 2010-07-16 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-16 23:32 . 2010-07-16 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-16 23:24 . 2010-07-16 23:24 -------- dc----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-14 00:41 . 2010-07-14 00:24 -------- d-----w- c:\program files\WinUtilities
2010-07-13 19:18 . 2010-07-13 19:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-13 19:18 . 2010-07-13 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 19:18 . 2010-07-13 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-08 23:01 . 2010-07-08 23:01 120 ----a-w- c:\windows\Onefewiy.dat
2010-07-08 23:01 . 2010-07-08 23:01 0 ----a-w- c:\windows\Fjayakiwikis.bin
2010-07-04 16:29 . 2010-07-04 16:29 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-07-04 16:29 . 2010-07-04 16:29 -------- d-----w- c:\program files\MSN Toolbar
2010-07-04 16:29 . 2010-07-04 16:29 -------- d-----w- c:\program files\Microsoft
2010-07-04 16:29 . 2010-07-04 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-07-04 16:28 . 2010-07-04 16:28 -------- d-----w- c:\program files\Driver Whiz
2010-07-01 17:26 . 2010-07-01 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-06-30 00:52 . 2010-06-30 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Medic
2010-06-29 22:38 . 2010-06-29 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-06-29 00:03 . 2010-06-29 00:03 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-29 00:03 . 2010-06-29 00:03 -------- d-----w- c:\program files\Common Files\Nuance
2010-06-29 00:03 . 2010-06-29 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-06-29 00:00 . 2010-06-29 00:00 -------- d-----w- c:\program files\Nuance
2010-06-29 00:00 . 2010-06-29 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-06-28 23:42 . 2010-06-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-06-07 01:14 . 2010-06-07 01:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-07-17 3037696]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-07-20 1228800]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-12 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-19 202256]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"NliaClient"="c:\program files\NLIA\Netpia.exe" [2006-07-21 49152]
"PC-Clean"="c:\program files\PC-Clean\PC-Clean.exe" [2006-03-31 1839104]
"Advanced Spyware Remover"="c:\program files\IObit\Advanced Spyware Remover\ASRtray.exe" [2009-12-15 1213952]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"Advanced System Protector"="c:\program files\Systweak\Advanced System Protector\ASP.exe" [2009-11-03 16347368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 phooks;phooks;c:\windows\system32\drivers\phooks.sys [7/17/2010 4:42 PM 23552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [7/17/2010 2:19 PM 1872320]
S2 ASRservice;ASRservice;c:\program files\IObit\Advanced Spyware Remover\ASRsrv.exe [7/17/2010 8:48 PM 697104]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [7/17/2010 8:50 PM 312152]
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-651377827-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-651377827-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{C2C2478F-6D2C-40DD-A921-EAC8F6C2755B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = download.cnet.com
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {4E93CCAB-1EE4-4288-BE8E-66BB32790988} - c:\documents and settings\user\Local Settings\Application Data\{4E93CCAB-1EE4-4288-BE8E-66BB32790988}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 14:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-651377827-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,04,0e,e6,63,b0,c7,41,99,d5,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,04,0e,e6,63,b0,c7,41,99,d5,a5,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-17 14:49:12
ComboFix-quarantined-files.txt 2010-08-17 18:49

Pre-Run: 139,809,206,272 bytes free
Post-Run: 140,151,341,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DB0003B2D30A579367022F87AFD73AB3


Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:02 PM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = download.cnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NliaClient] C:\Program Files\NLIA\Netpia.exe
O4 - HKLM\..\Run: [PC-Clean] C:\Program Files\PC-Clean\PC-Clean.exe /h
O4 - HKLM\..\Run: [Advanced Spyware Remover] "C:\Program Files\IObit\Advanced Spyware Remover\ASRtray.exe" /autostart
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Advanced System Protector] "C:\Program Files\Systweak\Advanced System Protector\ASP.exe" /autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Bluetooth Manager.lnk = ?
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ASRservice - IObit - C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5367 bytes


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4440

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/17/2010 4:09:38 PM
mbam-log-2010-08-17 (16-09-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 163806
Time elapsed: 18 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\flqsupkm (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsdk64_32.exe (Trojan.Downloader) -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Did you have malwarebytes remove those infections by clicking on the remove selected button? I'm at work now but will post more instructions tonight when I get home.
 
Please rerun hijackthis and place checks next to the following entries.

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NliaClient] C:\Program Files\NLIA\Netpia.exe
O4 - HKLM\..\Run: [PC-Clean] C:\Program Files\PC-Clean\PC-Clean.exe /h
O4 - HKLM\..\Run: [Advanced Spyware Remover] "C:\Program Files\IObit\Advanced Spyware Remover\ASRtray.exe" /autostart
O4 - HKLM\..\Run: [Advanced System Protector] "C:\Program Files\Systweak\Advanced System Protector\ASP.exe" /autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

Then click on fix checked at the bottom.

Please post an uninstall list using hijackthis. Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it, then copy and paste it back here.

I see that you have superantispyware installed. Please update it and run a scan and post the log along with a fresh hijackthis log. To get the SAS log click on the preferences button on the main page and then click on the statistics/logs tab and then open the log and copy and paste it back here.
 
What I did when I had this problem a year ago was the last resort: reformatted it. I had to call back my ISP to say sorry. I was irate and blamed them after weeks of no internet connection. Nobody even dared to say "hey, maybe some virus is blocking your connection".
 
The Internet is still blocked in normal mode but mostly works in Safe Mode. Even in Safe mode the redirect problem still occurs when I try to update Windows. The computer will not display the update windows page. My attempt to download HijackThis Version 2.0.4 produced a note from Windows Installer saying "The system administrator has set policies to prevent this installation." I got the new version using a flash drive and another computer. Superantispyware updated without difficulty.

Here are the logs you requested.

Uninstall list from hijackthis

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Advanced Spyware Remover
Advanced System Protector
BatteryBar (remove only)
Bluetooth Stack for Windows by Toshiba
Broadcom Gigabit Integrated Controller
Conexant HDA D110 MDC V.92 Modem
DetectorTools
Dragon NaturallySpeaking 10
Driver Whiz
Emsisoft Anti-Malware 5.0
ESET Online Scanner v3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IObit Security 360
Java(TM) 6 Update 17
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.6.6)
MSN
MSN Toolbar
MSN Toolbar Platform
NVIDIA Drivers
Oz776 SCR Driver V1.1.4.2
PC-Clean
PowerDVD
QuickSet
RealPlayer
RealUpgrade 1.0
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Spyware Terminator
Spyware Vaccine 4.0
SpywareBlaster 4.3
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ Runtime for Dragon NaturallySpeaking
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinPatrol
WinUtilities 9.77 Free Edition


SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/19/2010 at 01:59 PM
Application Version : 4.40.1002
Core Rules Database Version : 5381
Trace Rules Database Version: 3193
Scan type : Complete Scan
Total Scan Time : 00:15:00
Memory items scanned : 315
Memory threats detected : 0
Registry items scanned : 6387
Registry threats detected : 0
File items scanned : 13213
File threats detected : 53
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertise[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
counter.surfcounters.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.bizzclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.ehg-eset.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGA9K4VP ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGA9K4VP ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGA9K4VP ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGA9K4VP ]
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:05:25 PM, on 8/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = download.cnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ASRservice - IObit - C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 3835 bytes
 
Please post a hijackthis log from regular bootup mode, not safe mode. There has to be something running that is blocking your internet. Have you tried downloading a browser like firefox and seeing if it can access the internet in regular mode?
 
OverClocker
I hope I can avoid reformatting but many problems remain. johnb35 is doing me a great service. However this is finally resolved I will learn a great deal. Thanks for your interest.
 
Last edited:
Firefox is blocked in regular mode and often redirected in Safe Mode. Several attempts to download and install Google Chrome using Safe Mode have failed. I could probably get it from a flash drive.

I can post links I have been redirected to if this would help. I have no way to know if they are safe so I hesitate to post them where they might cause someone a problem. Redirects occur in both Firefox and Explorer.

Here is the hijackthis log from regular bootup mode. It can only be sent using Safe Mode. I use Yahoo mail to get my post to a second computer. From there I send it to Computer Forum. Attempts to send it directly to you from the infected computer produce the message:

The connection was reset

The connection to the server was reset while the page was loading.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:32:13 AM, on 8/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://librivox.org/newcatalog/visitor_advanced.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ASRservice - IObit - C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5569 bytes
 
Last edited:
Please download rkill.scr and run it and see if it deletes an an active process that could be blocking your internet. Once its done running a log will appear. If this don't show anything, I have no clue what could be going on.

You can also try resetting IE's settings by doing this.

Open up internet options and click on the advanced tab, click on the reset button under where it says reset IE's settings. Also click on the security tab and click on where it says reset all zones to default level.

You may also want to try downloading and running dial-a-fix.
 
I download and ran rkill.scr. It only found 1 item which ended
Downloads/rkill.scr. I reset IE's settings as suggested. I
clicked on the security tab but could not find how to reset all
zones to default level. I downloaded and ran dial-a-fix. I
noticed no change in the computer as a result of any of this.

Let me thank you again for your help. I can try more things if
you have more suggestions. It looks like the malware has won
this round.

I recall you saying on another thread "The only thing that you
really can't remove is the Virut infection." (See Post #8 of
"Windows re-installation vs. Virus Removal" posted by lubolat on
06-03-2010, 07:00 PM) If I knew what was effecting my computer
we could consider adding it to the list.

I ran about 10 or 12 antivirus and anti-malware programs before
starting this thread. In addition to finding each other they
found over 100 Trojans, Keystroke lagers, backdoors etc. When I
re-ran them several times they kept finding things but the number
went down. I suspect the malware was being reinstalled.
Possibly reinfections were occurring with the redirects.

The work required to clean this computer using various scans may
be more than it is worth. There is nothing wrong with the
hardware. It needs to be made usable again. The following steps
come to mind:

1. Backup the system to an external hard drive.
2. Reformat the computer.
3. Use a flash drive to install an operating system and browser.
4. Reinstall my software and external devices.
5. Backup the new system to an external hard drive.

Instead of using a flash drive I could order a recovery disc or
Microsoft Windows CD. I should not have to buy Windows XP in
this situation. I could survive with nothing from Microsoft.
I have never done anything like this before. How would you
suggest I proceed? If I need to buy a recovery disc or other
software what would you suggest?
 
Please download the new version of combofix from here and place it on your desktop.

http://download.bleepingcomputer.co...29a5b6b86fd5ed2fc065610/4c732d3d/ComboFix.exe


1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



Code: 
Killall::

File::
c:\windows\Onefewiy.dat
c:\windows\Fjayakiwikis.bin
c:\windows\system32\config\systemprofile\Application Data\ranmiq.dat

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
No change in computer. The Internet is still blocked in normal mode
but works in Safe Mode. Even in Safe Mode redirects occur at times
and some things are blocked like Microsoft Updates. Your instructions
were followed in Safe Mode.

Here is the log you requested. It looks like ComboFix deleted the file
given to it.

ComboFix 10-08-24.02 - Administrator 08/24/2010 13:16:34.3.2 - x86

NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1759

[GMT -4:00]
Running from: c:\documents and settings\Administrator\My

Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and

settings\Administrator\Desktop\CFScript.txt

FILE ::
"c:\windows\Fjayakiwikis.bin"
"c:\windows\Onefewiy.dat"
"c:\windows\system32\config\systemprofile\Application Data\ranmiq.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions

)))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fjayakiwikis.bin
c:\windows\Onefewiy.dat
c:\windows\system32\config\systemprofile\Application Data\ranmiq.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24

)))))))))))))))))))))))))))))))
.

2010-08-21 20:55 . 2010-08-21 20:55 63488 ----a-w-

c:\documents and settings\user\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 20:55 . 2010-08-21 20:55 52224 ----a-w-

c:\documents and settings\user\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 20:55 . 2010-08-21 20:55 117760 ----a-w-

c:\documents and settings\user\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 20:54 . 2010-08-21 20:54 -------- d-----w-

c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2010-08-21 20:46 . 2010-08-24 17:15 -------- d-----w-

c:\windows\system32\CatRoot2
2010-08-18 01:34 . 2010-08-18 01:34 -------- d-----w-

c:\documents and settings\All Users\Application Data\Trymedia
2010-08-18 01:05 . 2010-08-18 01:27 -------- d-----w-

c:\documents and settings\Administrator\Local Settings\Application

Data\Temp
2010-08-18 01:05 . 2010-08-18 01:06 -------- d-----w-

c:\documents and settings\Administrator\Local Settings\Application

Data\Google
2010-08-17 22:19 . 2010-08-22 01:15 -------- d-----w-

c:\program files\Emsisoft Anti-Malware
2010-08-17 20:26 . 2010-08-17 20:26 -------- d-----w-

c:\documents and settings\user\Local Settings\Application Data\Mozilla
2010-08-17 20:19 . 2010-08-17 20:19 -------- d-----w-

c:\documents and settings\user\Application Data\Systweak
2010-08-17 20:19 . 2010-08-17 20:19 -------- d-----w-

c:\documents and settings\user\Application Data\WinPatrol
2010-08-17 19:42 . 2010-08-17 19:42 -------- d-----w-

c:\documents and settings\user\Application Data\Malwarebytes
2010-08-08 23:08 . 2010-08-08 23:08 -------- d--h--w-

c:\windows\system32\GroupPolicy
2010-08-08 21:43 . 2010-08-08 21:43 12328 ----a-w-

c:\documents and settings\Administrator\Local Settings\Application

Data\GDIPFONTCACHEV1.DAT
2010-08-08 21:02 . 2010-08-08 21:02 -------- d-----w-

c:\documents and settings\Administrator\Application Data\InstallShield
2010-08-08 06:22 . 2010-08-08 06:22 -------- d-----w-

c:\documents and settings\NetworkService\Local Settings\Application

Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report

))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 00:21 . 2010-07-08 23:32 1324 ----a-w-

c:\windows\system32\d3d9caps.dat
2010-08-21 22:08 . 2010-07-14 00:24 -------- d-----w-

c:\program files\WinUtilities
2010-08-21 20:59 . 2010-07-17 00:50 63488 ----a-w-

c:\documents and settings\Administrator\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 20:59 . 2010-07-17 00:50 117760 ----a-w-

c:\documents and settings\Administrator\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-18 01:14 . 2010-07-17 21:12 -------- d-----w-

c:\documents and settings\All Users\Application Data\Norton
2010-08-17 22:17 . 2010-07-17 18:19 -------- d-----w-

c:\program files\a-squared Free
2010-08-17 20:49 . 2010-06-29 00:16 -------- d---a-w-

c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 20:12 . 2010-07-13 19:18 -------- d-----w-

c:\program files\Malwarebytes' Anti-Malware
2010-08-03 21:38 . 2010-07-17 00:27 -------- d-----w-

c:\program files\SpywareBlaster
2010-07-20 00:28 . 2010-07-20 00:27 43488992 ----a-w-

c:\documents and settings\All Users\Application Data\Systweak\Advanced

System Protector\Antispyware_Setup_7_19_2010.exe
2010-07-20 00:16 . 2010-07-17 20:25 -------- d-----w-

c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-07-20 00:16 . 2010-07-17 20:25 -------- d-----w-

c:\documents and settings\Administrator\Application Data\Spyware

Terminator
2010-07-20 00:15 . 2010-07-17 20:24 -------- d-----w-

c:\program files\Spyware Terminator
2010-07-19 22:24 . 2010-07-17 23:56 -------- d-----w-

c:\program files\PC-Clean
2010-07-19 22:11 . 2010-07-19 22:11 -------- d-----w-

c:\program files\ESET
2010-07-18 00:45 . 2010-07-17 20:04 -------- d-----w-

c:\documents and settings\All Users\Application Data\IObit
2010-07-18 00:45 . 2010-07-17 20:04 -------- d-----w-

c:\program files\IObit
2010-07-18 00:42 . 2010-07-17 23:56 -------- d-----w-

c:\program files\NLIA
2010-07-18 00:41 . 2010-07-18 00:41 -------- d-----w-

c:\program files\Spyware Vaccine
2010-07-18 00:12 . 2010-07-18 00:11 43488992 ----a-w-

c:\documents and settings\All Users\Application Data\Systweak\Advanced

System Protector\Antispyware_Setup_7_17_2010.exe
2010-07-18 00:10 . 2010-07-18 00:10 -------- d-----w-

c:\documents and settings\All Users\Application Data\Systweak
2010-07-18 00:10 . 2010-07-18 00:10 -------- d-----w-

c:\documents and settings\Administrator\Application Data\Systweak
2010-07-18 00:09 . 2010-07-18 00:09 -------- d-----w-

c:\program files\Systweak
2010-07-17 23:56 . 2009-11-12 19:28 -------- d--h--w-

c:\program files\InstallShield Installation Information
2010-07-17 20:42 . 2010-07-17 20:42 23552 ----a-w-

c:\windows\system32\drivers\phooks.sys
2010-07-17 20:35 . 2010-07-17 20:35 -------- d-----w-

c:\documents and settings\Administrator\Application Data\WinPatrol
2010-07-17 20:35 . 2010-07-17 20:35 -------- d-----w-

c:\program files\BillP Studios
2010-07-17 20:25 . 2010-07-17 20:25 6144 ----a-w-

c:\documents and settings\All Users\Application Data\Spyware

Terminator\sp_rsdel.exe
2010-07-17 20:25 . 2010-07-17 20:25 5632 ----a-w-

c:\documents and settings\All Users\Application Data\Spyware

Terminator\fileobjinfo.sys
2010-07-17 20:25 . 2010-07-17 20:25 142592 ----a-w-

c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-17 00:50 . 2010-07-17 00:50 52224 ----a-w-

c:\documents and settings\Administrator\Application

Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 00:49 . 2010-07-17 00:49 -------- d-----w-

c:\program files\SUPERAntiSpyware
2010-07-17 00:49 . 2010-07-17 00:49 -------- d-----w-

c:\documents and settings\All Users\Application

Data\SUPERAntiSpyware.com
2010-07-17 00:49 . 2010-07-17 00:49 -------- d-----w-

c:\documents and settings\Administrator\Application

Data\SUPERAntiSpyware.com
2010-07-17 00:43 . 2010-07-17 00:43 -------- d-----w-

c:\program files\Trend Micro
2010-07-17 00:31 . 2010-07-17 00:31 0 ----a-w-

c:\windows\nsreg.dat
2010-07-16 23:33 . 2010-07-16 23:30 -------- d-----w-

c:\program files\Spybot - Search & Destroy
2010-07-16 23:32 . 2010-07-16 23:30 -------- d-----w-

c:\documents and settings\All Users\Application Data\Spybot - Search &

Destroy
2010-07-16 23:24 . 2010-07-16 23:24 -------- dc----w-

c:\documents and settings\All Users\Application

Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-13 19:18 . 2010-07-13 19:18 -------- d-----w-

c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-13 19:18 . 2010-07-13 19:18 -------- d-----w-

c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-06 01:07 . 2010-06-07 01:12 -------- d-----w-

c:\documents and settings\user\Application Data\Skype
2010-07-05 21:05 . 2010-06-07 01:14 -------- d-----w-

c:\documents and settings\user\Application Data\skypePM
2010-07-04 16:29 . 2010-07-04 16:29 -------- d-----w-

c:\program files\MSN Toolbar Installer
2010-07-04 16:29 . 2010-07-04 16:29 -------- d-----w-

c:\program files\MSN Toolbar
2010-07-04 16:29 . 2010-07-04 16:29 -------- d-----w-

c:\program files\Microsoft
2010-07-04 16:29 . 2010-07-04 16:29 -------- d-----w-

c:\documents and settings\All Users\Application Data\UAB
2010-07-04 16:28 . 2010-07-04 16:28 -------- d-----w-

c:\program files\Driver Whiz
2010-07-01 17:26 . 2010-07-01 17:26 -------- d-----w-

c:\documents and settings\All Users\Application Data\nView_Profiles
2010-06-30 00:52 . 2010-06-30 00:52 -------- d-----w-

c:\documents and settings\All Users\Application Data\Driver Medic
2010-06-29 22:38 . 2010-06-29 22:38 -------- d-----w-

c:\documents and settings\All Users\Application Data\Driver Whiz
2010-06-29 00:16 . 2010-06-29 00:16 -------- d-----w-

c:\documents and settings\user\Application Data\Nuance
2010-06-29 00:03 . 2010-06-29 00:03 -------- d-----w-

c:\program files\Common Files\ScanSoft Shared
2010-06-29 00:03 . 2010-06-29 00:03 -------- d-----w-

c:\program files\Common Files\Nuance
2010-06-29 00:03 . 2010-06-29 00:03 -------- d-----w-

c:\documents and settings\All Users\Application Data\ScanSoft
2010-06-29 00:00 . 2010-06-29 00:00 -------- d-----w-

c:\program files\Nuance
2010-06-29 00:00 . 2010-06-29 00:00 -------- d-----w-

c:\documents and settings\All Users\Application Data\Nuance
2010-06-28 23:42 . 2010-06-28 23:42 -------- d-----w-

c:\documents and settings\All Users\Application Data\CyberLink
2010-06-19 19:09 . 2010-06-19 19:09 49152 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffb

rowserrecordext.dll
2010-06-19 19:09 . 2010-06-19 19:09 45056 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-19 19:09 . 2010-06-19 19:09 45056 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-19 19:09 . 2010-06-19 19:09 45056 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-19 19:09 . 2010-06-19 19:09 45056 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-19 19:09 . 2010-06-19 19:09 40960 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrec

ordhelper.dll
2010-06-19 19:09 . 2010-06-19 19:09 308808 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplug

in.dll
2010-06-19 19:09 . 2010-06-19 19:09 14848 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videos

him.dll
2010-06-19 19:09 . 2010-06-19 19:09 341600 ----a-w-

c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-19 19:09 . 2009-11-12 21:00 499712 ----a-w-

c:\windows\system32\msvcp71.dll
2010-06-19 19:09 . 2009-11-12 21:00 348160 ----a-w-

c:\windows\system32\msvcr71.dll
2010-06-07 01:14 . 2010-06-07 01:14 56 ---ha-w-

c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-08-17_18.46.27

)))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2010-08-17 18:12 71060

c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-24 17:07 71060

c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-24 17:07 441124

c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-08-17 18:12 441124

c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program

files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]
"SpywareTerminatorUpdate"="c:\program files\Spyware

Terminator\SpywareTerminatorUpdate.exe" [2010-07-17 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major

Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08

761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe"

[2007-07-20 1228800]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IObit Security 360"="c:\program files\IObit\IObit Security

360\IS360tray.exe" [2010-06-11 1280344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba

Stack\TosBtMng.exe [2005-11-18 1724416]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\

ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program

files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows

nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program

files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile

]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile

\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 phooks;phooks;c:\windows\system32\drivers\phooks.sys [7/17/2010 4:42

PM 23552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys

[2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS

[5/10/2010 2:41 PM 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program

files\Emsisoft Anti-Malware\a2service.exe [8/17/2010 6:19 PM 1935656]
S2 ASRservice;ASRservice;c:\program files\IObit\Advanced Spyware

Remover\ASRsrv.exe [7/17/2010 8:48 PM 697104]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security

360\is360srv.exe [7/17/2010 8:50 PM 312152]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys

[8/17/2010 6:19 PM 71008]
.
Contents of the 'Scheduled Tasks' folder

2010-08-22

c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-651377827-1417

001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-03

c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-651377827-

1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-21

c:\windows\Tasks\User_Feed_Synchronization-{C2C2478F-6D2C-40DD-A921-EAC

8F6C2755B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = download.cnet.com
FF - ProfilePath - c:\documents and settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\mzkvtwkt.default\
FF - component: c:\program files\Microsoft\Search Enhancement

Pack\Search

Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelpe

rff.dll
FF - plugin: c:\documents and settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videos

him.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation

Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {4E93CCAB-1EE4-4288-BE8E-66BB32790988}

- c:\documents and settings\user\Local Settings\Application

Data\{4E93CCAB-1EE4-4288-BE8E-66BB32790988}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js -

pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -

pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_av

ailable_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -

pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -

pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -

pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled", false);
.

***********************************************************************

***

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by

Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 13:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

***********************************************************************

***
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-651377827-1417001333-500\Software\Micro

soft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,d

f,01,15,


d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,04,0e,e6,63,b0,c7,41,99,d5

,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,d

f,01,15,


d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,04,0e,e6,63,b0,c7,41,99,d5

,a5,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872

502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10

h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872

502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872

502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872

502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C

-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C

-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C

-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes

---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-24 13:27:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-24 17:27
ComboFix2.txt 2010-08-24 16:12
ComboFix3.txt 2010-08-17 18:49

Pre-Run: 140,129,804,288 bytes free
Post-Run: 140,113,809,408 bytes free

- - End Of File - - 2598FFB22149F3898795105F87291E7F
 
There are a few more things we can do.

1. I'm gonna have you uninstall some programs, its seems you have way too many malware and other utility programs installed and i'm wondering if some came with malware in them. Let me know if you actually paid for any of these programs before you actually uninstall them.

Please uninstall the following programs.

Advanced Spyware Remover
Advanced System Protector
BatteryBar (remove only)
DetectorTools
Driver Whiz
Emsisoft Anti-Malware 5.0
Java(TM) 6 Update 17
PC-Clean
Spybot - Search & Destroy
Spyware Terminator
Spyware Vaccine 4.0
WinPatrol
WinUtilities 9.77 Free Edition

2. Please download TDSSKILLER
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Double-click the tdsskiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy (Ctrl+C) the text in the codebox below.

Code: 
"%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"

  • Click Start, click Run... and paste (Ctrl+V) the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply.
 
I uninstalled the programs you listed and also SpywareBlaster 4.3. The program you suggested found and removed threats but the computer remained infected.

Here is the log you requested.


2010/08/25 11:11:47.0250 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/25 11:11:47.0250

================================================================================
2010/08/25 11:11:47.0250 SystemInfo:
2010/08/25 11:11:47.0250
2010/08/25 11:11:47.0250 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/25 11:11:47.0250 Product type: Workstation
2010/08/25 11:11:47.0250 ComputerName: DELL08879
2010/08/25 11:11:47.0250 UserName: Administrator
2010/08/25 11:11:47.0250 Windows directory: C:\WINDOWS
2010/08/25 11:11:47.0250 System windows directory: C:\WINDOWS
2010/08/25 11:11:47.0250 Processor architecture: Intel x86
2010/08/25 11:11:47.0250 Number of processors: 2
2010/08/25 11:11:47.0250 Page size: 0x1000
2010/08/25 11:11:47.0250 Boot type: Safe boot with network
2010/08/25 11:11:47.0250

================================================================================
2010/08/25 11:11:47.0453 Initialize success
2010/08/25 11:12:00.0921

================================================================================
2010/08/25 11:31:11.0421 Scan started
2010/08/25 11:31:11.0421 Mode: Manual;
2010/08/25 11:31:11.0421
================================================================================
2010/08/25 11:31:12.0234 ACPI (8fd99680a539792a30e97944fdaecf17)

C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/25 11:31:12.0281 ACPIEC (9859c0f6936e723e4892d7141b1327d5)

C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/25 11:31:12.0437 aec (8bed39e3c35d6a489438b8141717a557)

C:\WINDOWS\system32\drivers\aec.sys
2010/08/25 11:31:12.0500 AFD (7e775010ef291da96ad17ca4b17137d7)

C:\WINDOWS\System32\drivers\afd.sys
2010/08/25 11:31:12.0781 APPDRV (ec94e05b76d033b74394e7b2175103cf)

C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/08/25 11:31:12.0875 Arp1394 (b5b8a80875c1dededa8b02765642c32f)

C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/25 11:31:13.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc)

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/25 11:31:13.0171 atapi (5f99255f4191b5b318ec6636e9e5a128)

C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/25 11:31:13.0171 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys.

Real md5: 5f99255f4191b5b318ec6636e9e5a128, Fake md5: 9f3a2f5aa6875c72bf062c712cfa2674
2010/08/25 11:31:13.0203 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/25 11:31:13.0343 Atmarpc (9916c1225104ba14794209cfa8012159)

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/25 11:31:13.0406 audstub (d9f724aa26c010a217c97606b160ed68)

C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/25 11:31:13.0515 b57w2k (c0acd392ece55784884cc208aafa06ce)

C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/08/25 11:31:13.0640 BCM43XX (345d38f298368dd6b0df5c4f37457a22)

C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/25 11:31:13.0750 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37)

C:\WINDOWS\system32\Drivers\BCOREUSB.sys
2010/08/25 11:31:13.0796 Beep (da1f27d85e0d1525f6621372e7b685e9)

C:\WINDOWS\system32\drivers\Beep.sys
2010/08/25 11:31:13.0890 BthEnum (b279426e3c0c344893ed78a613a73bde)

C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/08/25 11:31:13.0937 BthPan (80602b8746d3738f5886ce3d67ef06b6)

C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/08/25 11:31:14.0015 BTHPORT (662bfd909447dd9cc15b1a1c366583b4)

C:\WINDOWS\system32\Drivers\BTHport.sys
2010/08/25 11:31:14.0125 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa)

C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/08/25 11:31:14.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9)

C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/25 11:31:14.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b)

C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/25 11:31:14.0390 Cdfs (c885b02847f5d2fd45a24e219ed93b32)

C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/25 11:31:14.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe)

C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/25 11:31:14.0625 CmBatt (0f6c187d38d98f8df904589a5f94d411)

C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/25 11:31:14.0718 Compbatt (6e4c9f21f0fae8940661144f41b13203)

C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/25 11:31:15.0109 Disk (044452051f3e02e7963599fc8f4f3e25)

C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/25 11:31:15.0156 DLABMFSM (a0500678a33802d8954153839301d539)

C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2010/08/25 11:31:15.0187 DLABOIOM (b8d2f68cac54d46281399f9092644794)

C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2010/08/25 11:31:15.0234 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907)

C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/08/25 11:31:15.0265 DLADResM (87413b94ae1fabc117c4e8ae6725134e)

C:\WINDOWS\system32\Drivers\DLADResM.SYS
2010/08/25 11:31:15.0312 DLAIFS_M (766a148235be1c0039c974446e4c0edc)

C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2010/08/25 11:31:15.0359 DLAOPIOM (38267cca177354f1c64450a43a4f7627)

C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2010/08/25 11:31:15.0390 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9)

C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2010/08/25 11:31:15.0437 DLARTL_M (336ae18f0912ef4fbe5518849e004d74)

C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/08/25 11:31:15.0484 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e)

C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2010/08/25 11:31:15.0531 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0)

C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2010/08/25 11:31:15.0656 dmboot (d992fe1274bde0f84ad826acae022a41)

C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/25 11:31:15.0718 dmio (7c824cf7bbde77d95c08005717a95f6f)

C:\WINDOWS\system32\drivers\dmio.sys
2010/08/25 11:31:15.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f)

C:\WINDOWS\system32\drivers\dmload.sys
2010/08/25 11:31:15.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45)

C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/25 11:31:15.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8)

C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/25 11:31:16.0062 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3)

C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/08/25 11:31:16.0125 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185)

C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/08/25 11:31:16.0234 Fastfat (38d332a6d56af32635675f132548343e)

C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/25 11:31:16.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81)

C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/25 11:31:16.0328 Fips (d45926117eb9fa946a6af572fbe1caa3)

C:\WINDOWS\system32\drivers\Fips.sys
2010/08/25 11:31:16.0421 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0)

C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/25 11:31:16.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0)

C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/25 11:31:16.0578 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)

C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/25 11:31:16.0640 Ftdisk (6ac26732762483366c3969c9e4d2259d)

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/25 11:31:16.0703 Gpc (0a02c63c8b144bd8c86b103dee7c86a2)

C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/25 11:31:16.0781 guardian2 (7031a936832967a93b0e5d5f1c76745a)

C:\WINDOWS\system32\Drivers\oz776.sys
2010/08/25 11:31:16.0828 HDAudBus (573c7d0a32852b48f3058cfd8026f511)

C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/25 11:31:16.0921 HidUsb (ccf82c5ec8a7326c3066de870c06daf1)

C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/25 11:31:17.0093 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9)

C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/08/25 11:31:17.0156 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8)

C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/08/25 11:31:17.0265 HTTP (f80a415ef82cd06ffaf0d971528ead38)

C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/25 11:31:17.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30)

C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/25 11:31:17.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e)

C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/25 11:31:17.0671 intelppm (8c953733d8f36eb2133f5bb58808b66b)

C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/25 11:31:17.0718 Ip6Fw (3bb22519a194418d5fec05d800a19ad0)

C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/25 11:31:17.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182)

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/25 11:31:17.0828 IpInIp (b87ab476dcf76e72010632b5550955f5)

C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/25 11:31:17.0875 IpNat (cc748ea12c6effde940ee98098bf96bb)

C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/25 11:31:17.0937 IPSec (23c74d75e36e7158768dd63d92789a91)

C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/25 11:31:18.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89)

C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/25 11:31:18.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7)

C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/25 11:31:18.0187 Kbdclass (463c1ec80cd17420a542b7f36a36f128)

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/25 11:31:18.0250 kmixer (692bcf44383d056aed41b045a323d378)

C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/25 11:31:18.0328 KSecDD (b467646c54cc746128904e1654c750c1)

C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/25 11:31:18.0515 mdmxsdk (e246a32c445056996074a397da56e815)

C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/25 11:31:18.0593 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6)

C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/25 11:31:18.0671 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1)

C:\WINDOWS\system32\drivers\Modem.sys
2010/08/25 11:31:18.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04)

C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/25 11:31:18.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685)

C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/25 11:31:18.0859 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd)

C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/25 11:31:18.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd)

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/25 11:31:19.0015 MRxSmb (f3aefb11abc521122b67095044169e98)

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/25 11:31:19.0109 Msfs (c941ea2454ba8350021d774daf0f1027)

C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/25 11:31:19.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1)

C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/25 11:31:19.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e)

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/25 11:31:19.0281 MSPQM (bad59648ba099da4a17680b39730cb3d)

C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/25 11:31:19.0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136)

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/25 11:31:19.0406 Mup (2f625d11385b1a94360bfc70aaefdee1)

C:\WINDOWS\system32\drivers\Mup.sys
2010/08/25 11:31:19.0484 NDIS (1df7f42665c94b825322fae71721130d)

C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/25 11:31:19.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f)

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/25 11:31:19.0578 Ndisuio (f927a4434c5028758a842943ef1a3849)

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/25 11:31:19.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab)

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/25 11:31:19.0703 NDProxy (6215023940cfd3702b46abc304e1d45a)

C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/25 11:31:19.0765 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0)

C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/25 11:31:19.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d)

C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/25 11:31:20.0078 NETw5x32 (90f7fad201e62732cbe6625b07e4c8f1)

C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/08/25 11:31:20.0203 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea)

C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/25 11:31:20.0281 Npfs (3182d64ae053d6fb034f44b6def8034a)

C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/25 11:31:20.0343 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca)

C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/25 11:31:20.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad)

C:\WINDOWS\system32\drivers\Null.sys
2010/08/25 11:31:20.0625 nv (77f427e51479c66c09f967d15b639b37)

C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/25 11:31:20.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57)

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/25 11:31:20.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/25 11:31:20.0890 ohci1394 (ca33832df41afb202ee7aeb05145922f)

C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/25 11:31:20.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c)

C:\WINDOWS\system32\drivers\Parport.sys
2010/08/25 11:31:21.0015 PartMgr (beb3ba25197665d82ec7065b724171c6)

C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/25 11:31:21.0062 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1)

C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/25 11:31:21.0125 PCI (a219903ccf74233761d92bef471a07b1)

C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/25 11:31:21.0203 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0)

C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/25 11:31:21.0281 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1)

C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/25 11:31:21.0625 phooks (bf017d9a12d049fde1591f9f96c63431)

C:\WINDOWS\system32\drivers\phooks.sys
2010/08/25 11:31:21.0718 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99)

C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/25 11:31:21.0765 PSched (09298ec810b07e5d582cb3a3f9255424)

C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/25 11:31:21.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd)

C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/25 11:31:21.0875 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042)

C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/25 11:31:22.0125 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c)

C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/25 11:31:22.0203 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6)

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/25 11:31:22.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee)

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/25 11:31:22.0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242)

C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/25 11:31:22.0375 Rdbss (7ad224ad1a1437fe28d89cf22b17780a)

C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/25 11:31:22.0421 RDPCDD (4912d5b403614ce99c28420f75353332)

C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/25 11:31:22.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1)

C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/25 11:31:22.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd)

C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/25 11:31:22.0656 redbook (f828dd7e1419b6653894a8f97a0094c5)

C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/25 11:31:22.0750 RFCOMM (851c30df2807fcfa21e4c681a7d6440e)

C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/08/25 11:31:22.0828 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470)

C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/08/25 11:31:22.0859 rimsptsk (db8eb01c58c9fada00c70b1775278ae0)

C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/08/25 11:31:22.0906 rismxdp (6c1f93c0760c9f79a1869d07233df39d)

C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/08/25 11:31:23.0031 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program

Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/25 11:31:23.0078 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program

Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/25 11:31:23.0203 sdbus (8d04819a3ce51b9eb47e5689b44d43c4)

C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/25 11:31:23.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677)

C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/25 11:31:23.0390 Serial (cca207a8896d4c6a0c9ce29a4ae411a7)

C:\WINDOWS\system32\drivers\Serial.sys
2010/08/25 11:31:23.0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562)

C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/25 11:31:23.0671 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f)

C:\WINDOWS\system32\drivers\splitter.sys
2010/08/25 11:31:23.0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d)

C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/25 11:31:23.0875 Srv (89220b427890aa1dffd1a02648ae51c3)

C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/25 11:31:24.0015 STHDA (951801dfb54d86f611f0af47825476f9)

C:\WINDOWS\system32\drivers\sthda.sys
2010/08/25 11:31:24.0093 swenum (3941d127aef12e93addf6fe6ee027e0f)

C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/25 11:31:24.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01)

C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/25 11:31:24.0453 SynTP (fa2daa32bed908023272a0f77d625dae)

C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/25 11:31:24.0515 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290)

C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/25 11:31:24.0625 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d)

C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/25 11:31:24.0703 TDPIPE (6471a66807f5e104e4885f5b67349397)

C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/25 11:31:24.0750 TDTCP (c56b6d0402371cf3700eb322ef3aaf61)

C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/25 11:31:24.0828 TermDD (88155247177638048422893737429d9e)

C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/25 11:31:24.0921 toshidpt (e362d54fd394999c4178936396664e57)

C:\WINDOWS\system32\drivers\Toshidpt.sys
2010/08/25 11:31:25.0031 tosporte (0470bf2d5f49ff98464ac2c838e6a080)

C:\WINDOWS\system32\DRIVERS\tosporte.sys
2010/08/25 11:31:25.0093 Tosrfbd (37a7d0d105110aafac6e982a2c49b8b6)

C:\WINDOWS\system32\Drivers\tosrfbd.sys
2010/08/25 11:31:25.0109 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d)

C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2010/08/25 11:31:25.0171 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2)

C:\WINDOWS\system32\Drivers\tosrfcom.sys
2010/08/25 11:31:25.0218 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655)

C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2010/08/25 11:31:25.0265 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb)

C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2010/08/25 11:31:25.0328 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f)

C:\WINDOWS\system32\drivers\TosRfSnd.sys
2010/08/25 11:31:25.0406 Tosrfusb (1d19323d5bc7309d9df65dad5635005c)

C:\WINDOWS\system32\Drivers\tosrfusb.sys
2010/08/25 11:31:25.0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9)

C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/25 11:31:25.0687 Update (402ddc88356b1bac0ee3dd1580c76a31)

C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/25 11:31:25.0781 usbaudio (e919708db44ed8543a7c017953148330)

C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/25 11:31:25.0921 usbccgp (173f317ce0db8e21322e71b7e60a27e8)

C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/25 11:31:26.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7)

C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/25 11:31:26.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c)

C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/25 11:31:26.0156 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9)

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/25 11:31:26.0203 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/25 11:31:26.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1)

C:\WINDOWS\System32\drivers\vga.sys
2010/08/25 11:31:26.0359 VolSnap (4c8fcb5cc53aab716d810740fe59d025)

C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/25 11:31:26.0453 Wanarp (e20b95baedb550f32dd489265c1da1f6)

C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/25 11:31:26.0578 wdmaud (6768acf64b18196494413695f0c3a00f)

C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/25 11:31:26.0671 winachsf (ba6b6fb242a6ba4068c8b763063beb63)

C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/08/25 11:31:26.0859 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb)

C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/25 11:31:26.0953 WpdUsb (cf4def1bf66f06964dc0d91844239104)

C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/25 11:31:27.0062 WudfPf (f15feafffbb3644ccc80c5da584e6311)

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/25 11:31:27.0109 WudfRd (28b524262bce6de1f7ef9f510ba3985b)

C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/25 11:31:27.0312

================================================================================
2010/08/25 11:31:27.0312 Scan finished
2010/08/25 11:31:27.0312

================================================================================
2010/08/25 11:31:27.0359 Detected object count: 1
2010/08/25 11:31:57.0625 atapi (5f99255f4191b5b318ec6636e9e5a128)

C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/25 11:31:57.0625 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys.

Real md5: 5f99255f4191b5b318ec6636e9e5a128, Fake md5: 9f3a2f5aa6875c72bf062c712cfa2674
2010/08/25 11:31:58.0437 Backup copy found, using it..
2010/08/25 11:31:58.0453 C:\WINDOWS\system32\DRIVERS\atapi.sys - will be cured after

reboot
2010/08/25 11:31:58.0453 Rootkit.Win32.TDSS.tdl3(atapi) - User select action: Cure
 
Please uninstall all the addons under firefox as sometimes those can cause redirects and try surfing again.

Check in firefox to see if there is a proxy set. Open FF, click on tools, options, advanced, click on network tab, click settings, make sure no proxy is set.

Download and run Winsockxpfix to see if this will fix your internet connection in regular mode.
 
Thank you. Things have improved.

Firefox was installed only after this problem started but I can recall downloading no addons. When I checked there were 4. The first one I un-installed. The other 3 did not offer that option in Firefox. I disabled these as that was the choice offered.

The proxy settings was set on "Use system proxy settings". I changed this to "No proxy"

I have not tested it long but have not seen any redirects in Firefox since doing these things. Explorer is still blocked.

I now have sound in my headset. Skype has started to work.

Many programs work but not all. Some but not all downloads work. Malwarebytes updated and ran in regular mode but found nothing. Superantispyware would not update in regular mode. It updated and ran in Safe Mode but found only Ad-ware Tracking Cookies. I am still unable to update Windows but did upgrade to Internet Explorer 8. However it still won`t work in Regular Mode.

Winsockxpfix was downloaded and run but did not fix the Internet connection in regular mode. I did not see a log to send you.
 
You must log in or register to reply here.
Back
Top