Possibly Antivirus 2009 XP

Hello, and thank you for taking the time to read about my problem. Like many other people, I suspect I'm having issues with the Antivirus 2009 Trojan. A couple of weeks ago, I got the red circle with the white X on my taskbar after my PC spontaneously rebooted on me. At the time, my computer had been idling for quite some time, and I don't believe any applications were active. I found the startup value for brastk on MSConfig and looked it up to find it was indeed a threat. I disabled it using MSConfig at the time, though I have since returned MSConfig to a normal startup per your instructions. I followed some advice I found through Google that told me to delete beep.sys from C:\Windows\system32\drivers\, as well as deleting all instances of brastk and karna from my Windows and system32 folders in safe mode. It also suggested to clean the registry, but it didn't tell me how to and I am clueless when it comes to computers, so I decided to skip the step. It seemed to work as the taskbar icon disappeared, however the brastk entry still remained in MSConfig, but I left it disabled (until recently, of course.)

A few days ago, Spybot alerted me that a new value had been added; brastk. Before I was able to click on Allow or Deny, my computer rebooted on me. I tried to go through the same processes I had before to get rid of it, but it would just come back and reboot my computer 20 minutes or so later and it was persistent. I Googled for more possible fixes and tried a lot of things, including SmitFraudFix, Norton Antibot, Avira, and Malwarebyte's Anti-Malware. SmitFraudFix and Avira found some entries each, but I couldn't even open mbam. I have since uninstalled Antibot, since it was useless, and Avira, since I already run AVG and I read I was not to have more than one antivirus. Since I can't seem to deal with this issue on my own, I am hoping you guys could help me out.

Avira managed to get rid of the taskbar icon after I turned System Restore off, (turned it back on again after the scan completed) and it hasn't come back and I haven't been hit with any spontaneous reboots since then. However, I am still having issues I only started to notice since this recent reoccurance of the attack, and I am concerned that it may be more than just Antivirus 2009. My computer's performance has slowed down considerably, most notably while using my web browser. I am also unable to visit many websites due to some DNS redirection issue which is taking me to different sites altogether, (mostly advertisement sites) or just completely blocking access to others (I get a "page could not be loaded" error as if the site did not exist or my internet connection was not active.) In fact, the only way I am able to even access this site is through a DNS to IP converter, and had to sign up for an account and download all the software that was asked of me in the read me on a different computer.

I am only able to attach logs from MGTools and SAS as I encountered issues while going through the procedures for the other software. Mbam just refuses to open. I have it installed and had to rename the installer to get it to work, however when I click on the application, I get the hourglass popping up for several seconds, and then nothing. I've waited as long as 2 hours afterwards to see if it was just a delayed load due to the drop in my computer's speed, but nothing happened. I have tried renaming the application as well as any other instances of "mbam" in the other files in the directory and nothing seems to be working.

I can not offer a Spybot log either, as when I read that I was not supposed to have the TeaTimer active, I foolishly uninstalled Spybot and was going to reinstall it under the right settings before I read that there was a means to simply disabled the TeaTimer. My version was outdated anyway, though. When I try to install Spybot, however, I get to the part where the installation occurs, and it says it is downloading additional files, but I get an error message saying, "Error sending request. A connection with the server could not be established." I suspect this is the malware blocking my connection.

With ComboFix, I got to the part where I was supposed to install the Windows XP Recovery Console. As I don't have my XP CDs on me anymore, I tried to use the method where I dragged the file onto ComboFix. Unfortunately, I'm having the same issue as I had with trying to run mbam, and so nothing happens. I didn't continue on to the other steps as I was not sure it would be safe to do so without the recovery console. Also, when I did my initial scan with SAS, it encountered an error, telling me to uncheck "Use Direct Disk Access (recommended)", so I did and rescanned. I don't know if that will affect the log or not, but I decided to mention it to be thorough.

Sorry for being so wordy, but I wanted to make sure I described everything in as much detail as I could in case any of it was relevant and would make solving the issue easier. I really appreciate any help anybody has to offer and patiently await a response. Thank you so much!

edit: Oh, and I am running Windows XP Media Center Edition SP3

 

Here's the new log!

 

Thanks for all your help so far, unfortunately I'm still having the same issues as I was before. I get page load errors or get redirected to another site when trying to access most websites, and mbam refuses to launch. I'm not sure what I should do at this point, should I get another MGlogs?

 

Here it is!

 

Hmm, unfortunately the malware is preventing me from accessing that site, and when I visit it through its IP, it seems to be a little messed up. I attached a screenshot of what I see when I visit it...

Sorry for all the hassle.

 

And yes, I think I cleaned out temporary files. I'm sorry if that's interfered with the process, I wasn't aware it would affect anything.

Here are some new logs that will hopefully be more conclusive. Again, sorry for the inconvenience.