Infected, please help

[Rak]

Hello, I've used the software recommended by this site to clean up most of the spy/malware/viruses on my computer but im still having problems, most pressing is a bug that keeps me from going anywhere past my bookmarked pages. It keeps changing the websites to some randoms ones, but they all start with "http://huytebesy4ko.net".

Here is my most recent Malwarebytes Log:

Malwarebytes' Anti-Malware 1.41

Database version: 3224

Windows 5.1.2600 Service Pack 3

11/24/2009 11:58:51 PM

mbam-log-2009-11-24 (23-58-51).txt

Scan type: Full Scan (C:\|)

Objects scanned: 293681

Time elapsed: 48 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Addison Vernon\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Addison Vernon\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdlclk.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\Addison Vernon\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Addison Vernon\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Addison Vernon\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

And here is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:34:09 AM, on 11/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe

C:\WINDOWS\system32\dumprep.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\ADDISO~1\ntuser.dll,_IWMPEvents@0

O4 - HKUS\S-1-5-18\..\Run: [A00F152FFEF.exe] C:\WINDOWS\TEMP\_A00F152FFEF.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\DOCUME~1\DEFAUL~1\ntuser.dll,_IWMPEvents@0 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [A00F152FFEF.exe] C:\WINDOWS\TEMP\_A00F152FFEF.exe (User 'Default user')

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O4 - Global Startup: Launch KillerTray.exe.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab

O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1246947607984

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL c:\windows\system32\mepavuhi.dll c:\windows\system32\norefose.dll c:\windows\system32\fovigino.dll c:\windows\system32\difizavu.dll c:\windows\system32\sovagejo.dll c:\windows\system32\fonemike.dll c:\windows\system32\fayabopi.dll c:\windows\system32\dituguwu.dll c:\windows\system32\buvujano.dll c:\windows\system32\bafekefe.dll c:\windows\system32\wanebape.dll c:\windows\system32\ravebavi.dll c:\windows\system32\linanotu.dll c:\windows\system32\mifunabi.dll c:\windows\system32\fahulizi.dll c:\windows\system32\madubiha.dll,papewohu.dll

O21 - SSODL: doyipifub - {b259d8e9-4079-4c13-8cc1-7689a9e356a5} - (no file)

O21 - SSODL: besafoget - {f5c776f3-838d-45a2-8ad0-4e83bbc3518e} - c:\windows\system32\fovigino.dll (file missing)

O21 - SSODL: mafezikag - {60b19f74-eb21-4956-a11b-19b3e3089b58} - c:\windows\system32\fovigino.dll (file missing)

O21 - SSODL: nobitejel - {b2c02cb1-870e-4761-9b7a-5bdbc2f6e45f} - c:\windows\system32\fovigino.dll (file missing)

O21 - SSODL: naturebeb - {176de89b-1173-4447-810f-b317c8eda250} - c:\windows\system32\fovigino.dll (file missing)

O21 - SSODL: zajajohum - {df31cc1d-5e42-44a4-8104-d2e34ccaa570} - c:\windows\system32\fovigino.dll (file missing)

O21 - SSODL: fitesidar - {d3be4839-7be0-4455-ad48-e67bb2b14ec3} - c:\windows\system32\fovigino.dll (file missing)

O21 - SSODL: ziletokug - {ef0b2d6d-f7ba-47b0-9d56-a3ad5622e8a8} - c:\windows\system32\difizavu.dll (file missing)

O21 - SSODL: dezegetad - {3f2b2f85-a6c1-4332-9d79-f5e46734b577} - c:\windows\system32\difizavu.dll (file missing)

O21 - SSODL: bamiwasav - {af3c3106-f086-4927-94db-8bb37108cedf} - c:\windows\system32\difizavu.dll (file missing)

O21 - SSODL: famesaluh - {16459dfe-5666-40ca-83c3-fe942539268a} - c:\windows\system32\difizavu.dll (file missing)

O21 - SSODL: tewamiged - {9ac0d16d-bf9f-4ebf-ab63-c8d6254b6455} - c:\windows\system32\difizavu.dll (file missing)

O21 - SSODL: somajemip - {650d9ac9-781c-4f17-969a-7d84cbcb90e3} - c:\windows\system32\difizavu.dll (file missing)

O21 - SSODL: hulapeyoy - {6f25f74a-b75e-4960-8211-1e294e6654cc} - c:\windows\system32\norefose.dll (file missing)

O21 - SSODL: bokabafup - {6d1f27ef-055c-4501-9e66-febf8b01fd12} - c:\windows\system32\yupititi.dll (file missing)

O21 - SSODL: rayitativ - {ef100144-2d13-4c54-80a1-801e7952846c} - c:\windows\system32\fonemike.dll (file missing)

O21 - SSODL: mefivewan - {a3f9a214-9900-43ce-bbb7-899fbffdcb17} - c:\windows\system32\fayabopi.dll (file missing)

O21 - SSODL: hitemodoh - {e1163c6f-ae15-4468-96f0-588428d24882} - c:\windows\system32\buvujano.dll (file missing)

O21 - SSODL: foperudav - {330ad360-7fc4-4c0c-823a-1563a2ef0f0a} - c:\windows\system32\mosoveva.dll (file missing)

O21 - SSODL: fotilizeg - {57325ca1-cc13-462e-a18e-92eb45225c10} - c:\windows\system32\dituguwu.dll (file missing)

O21 - SSODL: gagewumeb - {3784bad4-a988-4554-bc46-7125b1ec1b2f} - c:\windows\system32\ravebavi.dll (file missing)

O21 - SSODL: vizimajiw - {89502747-392e-453d-875b-7cda2a7bd6cd} - c:\windows\system32\linanotu.dll (file missing)

O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

O21 - SSODL: pasosodaw - {3e3299ff-bc73-4b22-bf71-f49e20d39373} - c:\windows\system32\fahulizi.dll (file missing)

O21 - SSODL: bayiyered - {5097bff8-0a67-4eae-80f5-85ef0bde198f} - c:\windows\system32\madubiha.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {b259d8e9-4079-4c13-8cc1-7689a9e356a5} - (no file)

O22 - SharedTaskScheduler: mujuzedij - {f5c776f3-838d-45a2-8ad0-4e83bbc3518e} - c:\windows\system32\fovigino.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {60b19f74-eb21-4956-a11b-19b3e3089b58} - c:\windows\system32\fovigino.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {b2c02cb1-870e-4761-9b7a-5bdbc2f6e45f} - c:\windows\system32\fovigino.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {176de89b-1173-4447-810f-b317c8eda250} - c:\windows\system32\fovigino.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {df31cc1d-5e42-44a4-8104-d2e34ccaa570} - c:\windows\system32\fovigino.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {d3be4839-7be0-4455-ad48-e67bb2b14ec3} - c:\windows\system32\fovigino.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {ef0b2d6d-f7ba-47b0-9d56-a3ad5622e8a8} - c:\windows\system32\difizavu.dll (file missing)

O22 - SharedTaskScheduler: mujuzedij - {3f2b2f85-a6c1-4332-9d79-f5e46734b577} - c:\windows\system32\difizavu.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {af3c3106-f086-4927-94db-8bb37108cedf} - c:\windows\system32\difizavu.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {16459dfe-5666-40ca-83c3-fe942539268a} - c:\windows\system32\difizavu.dll (file missing)

O22 - SharedTaskScheduler: mujuzedij - {9ac0d16d-bf9f-4ebf-ab63-c8d6254b6455} - c:\windows\system32\difizavu.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {650d9ac9-781c-4f17-969a-7d84cbcb90e3} - c:\windows\system32\difizavu.dll (file missing)

O22 - SharedTaskScheduler: kupuhivus - {6f25f74a-b75e-4960-8211-1e294e6654cc} - c:\windows\system32\norefose.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {6d1f27ef-055c-4501-9e66-febf8b01fd12} - c:\windows\system32\yupititi.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {ef100144-2d13-4c54-80a1-801e7952846c} - c:\windows\system32\fonemike.dll (file missing)

O22 - SharedTaskScheduler: mujuzedij - {a3f9a214-9900-43ce-bbb7-899fbffdcb17} - c:\windows\system32\fayabopi.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {e1163c6f-ae15-4468-96f0-588428d24882} - c:\windows\system32\buvujano.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {330ad360-7fc4-4c0c-823a-1563a2ef0f0a} - c:\windows\system32\mosoveva.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {57325ca1-cc13-462e-a18e-92eb45225c10} - c:\windows\system32\dituguwu.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {3784bad4-a988-4554-bc46-7125b1ec1b2f} - c:\windows\system32\ravebavi.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {89502747-392e-453d-875b-7cda2a7bd6cd} - c:\windows\system32\linanotu.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {3e3299ff-bc73-4b22-bf71-f49e20d39373} - c:\windows\system32\fahulizi.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {5097bff8-0a67-4eae-80f5-85ef0bde198f} - c:\windows\system32\madubiha.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Killer Port Manager - Unknown owner - C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--

End of file - 14903 bytes

Thank you all for your help in advance for cleaning this up and returning my game rig back to par!

[Rak]

Bump

[GT500]

Please download ComboFix from the link below, save it on your desktop, run it, and attach the log to a reply:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[GT500]

Due to lack of response, I am closing this topic, so that it will not get hijacked. If you need it reopened, then please send me a private message, and I will reopen it and continue helping you.