Please read carefully and follow these steps.
Download TDSSKiller hxxp://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. (replace the hxxp with http)
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back

Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT, YES
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back

Which Browser has the redircts??

You are not the only one to get cleaned then within hours get reinfected Muddy01 had 2  infections of TDL2 , 2+ within days

Quads

Quads

Thank you, i will try this when i get back and check it in the infected computer. I discover this was not the only infection, i post the other on the solved post about the zeroaccess you solved about one week ago,

You can find it here:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Trojan-ZeroAccess-kmem-BIG-PROBLEM/td...

Thank you again.

all the files in the other locations appear to be some change in Zeroaccess as I did find a ASWmbr log,  using definitions and the other files are also detected as zeroaccess, but as the name Sirefef.   Always the way now I can't re find the log.

Quads

Here they are, the logs.

The browser is Internet Explorer.

To others:-

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Stevo11

1.  Have TDSSkiller deal with these entries

C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
14:50:45.0390 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\@ - copied to quarantine
14:50:45.0406 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\L\mbimnlpu - copied to quarantine
14:50:45.0406 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\loader.tlb - copied to quarantine
14:50:45.0406 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@00000001 - copied to quarantine
14:50:45.0562 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@000000c0 - copied to quarantine
14:50:45.0593 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@000000cb - copied to quarantine
14:50:45.0609 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@000000cf - copied to quarantine
14:50:45.0625 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@80000000 - copied to quarantine
14:50:45.0640 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@800000c0 - copied to quarantine
14:50:45.0656 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@800000cb - copied to quarantine
14:50:45.0671 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@800000cf - copied to quarantine
14:50:47.0187 4028 Backup copy found, using it..
14:50:47.0218 4028 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\@ - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\loader.tlb - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\$000000cb - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\$800000cb - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@00000001 - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@000000c0 - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@000000cb - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@000000cf - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@80000000 - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@800000c0 - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@800000cb - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\1774428734\U\@800000cf - will be deleted on reboot
14:50:48.0828 4028 C:\WINDOWS\$NtUninstallKB13314$\2740791305 - will be deleted on reboot
14:50:48.0843 4028 Serial ( Virus.Win32.ZAccess.aml ) - User select action: Cure

 Or Run TDSSkiller again to make sure they are gone.

 2. Download Combofix to your Desktop from http://www.bleepingcomputer.com/download/anti-virus/combofix

Download the attachment to this post (CFscript.txt) and save it to your desktop also.

Disable Norton and close your Browser(s)

Now  drag the CFScript.txt into the ComboFix.exe  

Do not do anything else while it is running including moving the mouse cursor inside combofix.

When it is finished it will create a log after, also you may have to restart the PC before you are able to use the Browsers.

Quads

I run the tdsskiller and the only thret that i found is one called sptd.sys at the Drivers folder that is lcoated at the system32 folder. Should i proceed with the combofix?

Here is the log for combofix. Can i turn on the antivirus again?

Yes you can

Quads