No, as like I said in the first post: The browsers don't work after a certain time, but downloads from usenet keep on downloading against full speed. And the connection is still working, according to Windows.
The log from GMER:
GMER 1.0.15.15020 [gmer.exe] -
http://www.gmer.netRootkit scan 2009-08-12 03:14:00
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT spsl.sys ZwCreateKey [0xB9EA80E0]
SSDT spsl.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spsl.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spsl.sys ZwOpenKey [0xB9EA80C0]
SSDT spsl.sys ZwQueryKey [0xB9EC7108]
SSDT spsl.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spsl.sys ZwSetValueKey [0xB9EC719A]
INT 0x63 ? 8A54CBF8
INT 0x63 ? 8A54CBF8
INT 0x63 ? 8A54CBF8
INT 0x63 ? 8A54CBF8
INT 0x63 ? 8A1A4F00
INT 0x63 ? 8A1A4F00
INT 0x63 ? 8A54CBF8
INT 0x83 ? 8A54CBF8
INT 0x83 ? 8A54CBF8
INT 0x83 ? 8A1A4F00
INT 0x83 ? 8A54CBF8
INT 0x84 ? 8A1A4F00
INT 0xA4 ? 8A1A4F00
INT 0xB4 ? 8A1A4F00
---- Kernel code sections - GMER 1.0.15 ----
? spsl.sys Het systeem kan het opgegeven bestand niet vinden. !
.text USBPORT.SYS!DllUnload B8DF262C 5 Bytes JMP 8A1A44E0
.text awuu4snu.SYS B8D56386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text awuu4snu.SYS B8D563AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text awuu4snu.SYS B8D563C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text awuu4snu.SYS B8D563C9 1 Byte [2E]
.text awuu4snu.SYS B8D563C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4016] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 100300A3 C:\Program Files\Xfire\xfire_toucan_38312.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4016] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100301A3 C:\Program Files\Xfire\xfire_toucan_38312.dll (Xfire Toucan DLL/Xfire Inc.)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spsl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spsl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spsl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spsl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spsl.sys
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KfAcquireSpinLock] 8A000002
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!READ_PORT_UCHAR] 83880846
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KeGetCurrentIrql] 000001C0
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KfLowerIrql] 8303C183
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!HalGetInterruptVector] D103FCE1
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KfReleaseSpinLock] 83893204
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[WMILIB.SYS!WmiSystemControl] 03D00304
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A54B1F8
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\PCI_PNP0884 \Device\00000042 spsl.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A303500
Device \Driver\usbuhci \Device\USBPDO-1 8A303500
Device \Driver\usbuhci \Device\USBPDO-2 8A303500
Device \Driver\usbehci \Device\USBPDO-3 8A0D5500
Device \Driver\usbuhci \Device\USBPDO-4 8A303500
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 8A303500
Device \Driver\usbuhci \Device\USBPDO-6 8A303500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4DD1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2777F4C0-82DD-41EB-A519-2DD02A240C01} 8A11F500
Device \Driver\usbehci \Device\USBPDO-7 8A0D5500
Device \Driver\Cdrom \Device\CdRom0 8A205500
Device \Driver\Cdrom \Device\CdRom1 8A205500
Device \Driver\atapi \Device\Ide\IdePort0 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort2 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort3 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort4 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort5 8A54C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 8A54C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-7 8A54C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A11F500
Device \Driver\NetBT \Device\NetbiosSmb 8A11F500
Device \Driver\sptd \Device\2615574634 spsl.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 8A303500
Device \Driver\usbuhci \Device\USBFDO-1 8A303500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1F5500
Device \Driver\usbuhci \Device\USBFDO-2 8A303500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1F5500
Device \Driver\usbehci \Device\USBFDO-3 8A0D5500
Device \Driver\usbuhci \Device\USBFDO-4 8A303500
Device \Driver\Ftdisk \Device\FtControl 8A4DD1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A303500
Device \Driver\usbuhci \Device\USBFDO-6 8A303500
Device \Driver\usbehci \Device\USBFDO-7 8A0D5500
Device \Driver\awuu4snu \Device\Scsi\awuu4snu1Port6Path0Target0Lun0 8A233500
Device \Driver\awuu4snu \Device\Scsi\awuu4snu1 8A233500
Device \FileSystem\Cdfs \Cdfs 8A18B500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x47 0x8E 0xE7 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xAC 0x9A 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x5F 0xC9 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x47 0x8E 0xE7 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xAC 0x9A 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x5F 0xC9 0xEF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}@eakhgganlm 0x66 0x61 0x65 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}@dabinpan 0x64 0x62 0x6F 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}@ablnaoogkdjgmomkabjbimkhegcggmgple 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}@bblnaoogkdjgmomkabkphnnmnmddegpopnch 0x61 0x61 0x00 0x00
---- EOF - GMER 1.0.15 ----
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:15:55, on 12/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1c99a8e877ae50a) (gupdate1c99a8e877ae50a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
--
End of file - 6041 bytes