Aftermath of Antispyware Soft - still some kind of infection

[hcethatsme]

GMER log is below. It seems awfully short! I would try the complete TCP/IP uninstall/reinstall, but the fact that the print spooler is still broken too, and that the Windows Firewall turns on sometimes, then off (or could it show turned on w/o the service running?), is confusing. Whole thing is bizarre. Thanks so much for your time, Borislav. Any next steps you can think of?

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-23 10:14:30

Windows 5.1.2600 Service Pack 3

Running: roekffjq.exe; Driver: C:\DOCUME~1\SUSQUE~1\LOCALS~1\Temp\kwtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6D910B0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe[1824] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00510D8D C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (Icon in the taskbar notification area (F-PROT Antivirus)/FRISK Software International)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs FStopW.sys (FPAV - RealTime Protector/FRISK Software International)

AttachedDevice \FileSystem\Fastfat \Fat FStopW.sys (FPAV - RealTime Protector/FRISK Software International)

---- EOF - GMER 1.0.15 ----

[hcethatsme]

I don't know if this is helpful, but I turned on bootlogging. In the ntbtlog.txt are entries with double exclamation points: SUPERAntiSpyware\SASKUTIL.sys, SASDIFV.SYS, SASENUM.SYS and also PFModNT.sys in root\sys32. As I understand it, that means there are empty start-up entries for those drivers? I wonder if SAS is causing a problem and I should uninstall it?

[hcethatsme]

Borislav, thanks again for your help, but don't take any more time on this just yet. I need to get this computer back, so I'm going to try a Windows reinstall. I'll let you know how it goes.

Hilary

[hcethatsme]

Hooray, hooray, hooray! Windows Repair worked fine and everything is clean now. Thanks a million, Borislav! Donation on the way.

Hilary

[Maniac]

I'm so sorry about the delay, Hilary!

You should be proud that you resolve your problem yourself.

Safe surfing!