Infected Computer w/No Internet Access (After Running Anti-Virus Etc Programs!)

Please help! I followed the steps (as best I could) listed in "What to do before you post HijackThis Log" but I'm certain that my computer is still infected. If someone could please decipher what is wrong, I would be VERY grateful. (FYI - I'm pretty computer illiterate so if I am saying too much, not enough, I apologize.)

Background: I have no internet access on my home desktop, but another desktop in same room has access. After I ran the anti-virus, etc. programs (listed below), I tried to get back on the internet and, for about 3 minutes, I had access. But then it stopped again.

Computer Specs: (Specs from my Belarc summary, but let me know if you need more specific info.)

Systemell4600i
OS:Windows XP SP2 (build 2600)
Processor:2.80 GHz Intel Pentium 4, 8mb cache, 512kb secondary cache
Drives: Maxtor 120GB Hard Drive, 119.97 GB capacity, 73.07 GB free space
Samsung DVD-ROM SD-616E
TEAC DVD+RW DV-W50E
Memory: 512MB
Nvidia GeForce 6200 Graphics Card
SoundMAX Integrated Digital Audio
Communication: BCM V.92 56K Modem; Intel(R) Pro/100 VE Network Connection.
Virus Protection: ZoneAlarm Security Suite 6.5.722.000; avast! antivirus 4.7.844; Norton Antivirus 2005 [*I uninstalled this thing with Symantec uninstall tool a while back, so I have no idea how this freakin' thing keeps coming back...]


I ran the following programs in Safe Mode with clean results:
CCleaner
Windows Malicious Removal Tool
Ad-Aware SE Personal
Spybot S&D
CWShredder
Kill2Me
McAfee AVERT Stinger

Ewido found the virus "Agobot.XB" which I deleted from quarantine.
ZoneAlarm found the trojan "Backdoor.Win32.mIRC.bacd" which I deleted.
ZoneAlarm also found a virus "Zipper.2779.l" that was treated.

In Normal mode, I ran BitDefender 8 Free Edition (not online scan; I downloaded program on disk and loaded onto my computer) - See attached log.

Because I could not load any updates to Windows Defender (and it said 189 days old without updates), I did not run the scan, but let me know if I should. Because no internet access, I could not run Panda ActiveScan either. And, I screwed up while writing down directions and did not see the directions to perform the "Runkeys.txt and Newfiles.txt" actions until after I had run all the other scans. Sorry. Please let me know if I should do so.

After running scans and cleaning infections, I turned off "System Restore" and then rebooted and turned back on. I also made sure to do "Normal Bootup" before HJT log.

Attached are the BitDefender and HJT logs. I hope I saved them in the correct format; like I said, I'm a computer novice. Any help would be GREATLY appreciated! Thank you!

 

Chaslang,

Thanks for reply. Attached are the two logs you requested. Regarding the anti-virus programs, Norton is not listed as a program in the Control Panel (and I used their uninstall program to get rid off), so I'm not sure how to totally delete it from the computer. I use ZoneAlarm for its firewall (I just ran the Anti-Virus program to see if it found anything that others did not). Is this not okay to do? Thanks again.

 

Okay, I uninstalled BitDefender and I've attached the newest HJT log. Please let me know if you think there's anything else I should uninstall now (like Windows Defender or the like). Thanks again for your help.

 

Chaslang,

First, to answer the questions you had:
1. No, I do not have eTrust Antivirus installed on my computer (even though I see it listed in HJT log). Should I delete it?
2. I have the free version of Ewido. I do not run it in the background of my computer; I only use it to scan and then I close the application.

I reset the web settings like you asked, but quick (and probably dumb) question: I use Firefox most of the time (unless the site only supports IE) - so is there anything I need to do specifically with Mozilla?

Attached is the latest HJT log. However, a few novice questions:
1. For "08 - Extra content menu items" I definitely don't recognize the first one (mywebsearch.com) and I don't know about any Excel addons for IE. May I delete these two items?
2. For "016 - DPF" there are three entries from symantec.com. Because I have tried to delete any sign of Norton from my computer, may I delete these three entries?
3. For "017 HKLM\System\CCS\Services\Tcpip\...Nameserver = ..." I tried to Google the IP address but didn't find it (and hopefully I googled correctly). Should I delete this entry?

And, if I can ask one other quick question (though I realize you're extremely busy helping other people so feel free to ignore), do you have any personal recommendations for anti-virus/spyware programs I should use that may reduce likelihood of this happening in the future?

Thank you so much!!!!

 

Chaslang,

Okay, I (hope) I did what you said:
[1] I disabled CAISafe and then deleted it as "an NT Service" per your instructions.
[2] I uninstalled Ewido.
[3] I deleted the first "08 Extra context menu items" but I did not understand from your previous message whether or not you wanted me to delete the second "08 Entry" so I've kept it for now. Please let me know if I should do otherwise, as well is with the 09 Entry - "Extra button: Research..."
[4] I also deleted the three "016" Symantec entries.
[5] I disabled/re-enabled System Restore.
[6] I've run HJT again and attached the newest log.

My internet connection seems to be working now!

Although everything seems to be working fine, if the above 08 and 09 HJT entries seem odd, or if you see anything in the attached HJT log that still looks bad, please let me know! And again, I really appreciate you taking the time to go through this and help me out (as well as the patience that you needed to deal with someone who hasn't read the word 'binary' since biology class). Thank you so much!!!!!