Need some serious help

You need to attach the logs as requested. Just a hijackthis log is not going to let me find all of the malware, it may not reveal any, even when some exists. But we did not ask you for a HJT log in the first place.

 

No problem.

Yes! As well as logs from running RootRepeal, Combofix and MGTools.

As stated before... you attach, here's a handy guide:

HOW TO: Attach Items To Your Post

 

Combofix reports to have healed the infected atapi.sys file, which was more than likely the cause of your redirects. Tell me, (as I review your logs...) are you still being redirected now?

 

Good. Let's clear up some more ...

1. Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode.

2. Delete this as it is not where it should have been downloaded to.

3.Important Notice: A new version of SUPERAntiSpyware is available.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this log later.

4. Also there has been an update to MBAM. Please open up the program, update > rescan > fix anything it finds and attach the log regardless of whether it found anything.

5. Now we need to use ComboFix to get rid of some malware files and also some old antivirus remnants.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

Driver::
AntiVirUpgradeService

RenV::
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Lexmark 6300 Series\ezprint .exe
c:\program files\Lexmark 6300 Series\lxcdmon .exe
c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer .exe
c:\program files\QuickTime\qttask .exe
c:\windows\SMINST\RECGUARD .exe

File::
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
c:\docume~1\Janie\LOCALS~1\Temp\AVSETUP_4b9a95c1\basic\avupgsvc.exe 
c:\docume~1\Janie\LOCALS~1\Temp\AVSETUP_4b9a95c1\basic\setup.exe

Folder::
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\program files\Common Files\ParetoLogic
c:\documents and settings\NetworkService\Application Data\Avira
c:\documents and settings\Janie\Application Data\OnlineArmor
c:\documents and settings\Administrator\Application Data\Avira
c:\documents and settings\Janie\Application Data\Avira
c:\documents and settings\All Users\Application Data\Avira

Registry::
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\NoExplorer]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

6. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this. Also don't forget to attach the new logs from MBAM and SAS.

 

Well those logs look clean to me!

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

I have no idea why it did that. Can you reinstall Power2Go 4.0?