Inactive Browser redirect and pop ups

Status
Not open for further replies.
A neighbor brought their laptop over and it seems they are getting web search re-directs, unable to get to windows updates, and are having some random pop-ups for the good make this much by working from home.

Thank you for any help.

Here are the scanned logs from the 8-step instructions:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4811

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/13/2010 10:43:01 AM
mbam-log-2010-10-13 (10-43-01).txt

Scan type: Quick scan
Objects scanned: 142402
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-13 11:25:28
Windows 5.1.2600 Service Pack 3
Running: 9ku3jcbs.exe; Driver: C:\DOCUME~1\DDIALB~1\LOCALS~1\Temp\pxloapow.sys


---- System - GMER 1.0.15 ----

SSDT 9F3A1BFE ZwCreateKey
SSDT 9F3A1BF4 ZwCreateThread
SSDT 9F3A1C03 ZwDeleteKey
SSDT 9F3A1C0D ZwDeleteValueKey
SSDT 9F3A1C12 ZwLoadKey
SSDT 9F3A1BE0 ZwOpenProcess
SSDT 9F3A1BE5 ZwOpenThread
SSDT 9F3A1C1C ZwReplaceKey
SSDT 9F3A1C17 ZwRestoreKey
SSDT 9F3A1C08 ZwSetValueKey

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E6000A
.text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E7000A
.text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E5000C
.text C:\WINDOWS\System32\svchost.exe[1368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\System32\svchost.exe[1368] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1368] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D8000C
.text C:\WINDOWS\System32\svchost.exe[1368] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0195000A
.text C:\WINDOWS\System32\svchost.exe[1368] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0117000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0118000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0116000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E2000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat 9D488D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


....Second post with remaining logs to come
 
DDS (Ver_10-10-10.03) - NTFSx86
Run by DDialbert at 13:20:06.03 on Wed 10/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.283 [GMT -4:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DDialbert\Local Settings\Temporary Internet Files\Content.IE5\P7S7YZ4R\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081117
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-13 11608]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-13 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-13 60936]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-17 105984]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S4 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

=============== Created Last 30 ================

2010-10-13 13:17:11 -------- d-----w- c:\docume~1\ddialb~1\applic~1\Malwarebytes
2010-10-13 13:17:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 13:17:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-13 13:16:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 13:16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 12:40:19 -------- d-----w- c:\windows\system32\NtmsData
2010-10-13 12:39:52 -------- d-----w- c:\docume~1\ddialb~1\applic~1\Avira
2010-10-13 12:35:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-13 12:35:23 -------- d-----w- c:\program files\Avira
2010-10-13 12:35:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-10-05 17:00:16 -------- d-----w- C:\VundoFix Backups
2010-10-05 16:20:48 -------- d-----w- c:\program files\Trend Micro
2010-10-05 16:14:12 -------- d-----w- c:\windows\pss
2010-10-05 15:10:55 -------- d-----w- c:\docume~1\ddialb~1\applic~1\AVG10
2010-10-05 15:10:18 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-05 15:09:32 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-05 15:09:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-05 14:35:09 -------- d--h--w- C:\$AVG
2010-10-05 14:21:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-04 14:04:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-04 14:04:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-13 20:27:24 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

==================== Find3M ====================


============= FINISH: 13:21:44.89 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2008 10:18:16 AM
System Uptime: 10/13/2010 12:10:54 PM (1 hours ago)

Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | Microprocessor | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 99 GiB total, 83.946 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\EF5D9E1424FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\EF5D9E1424FC000
Service: NIC1394

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11.5
AVG 2011
Avira AntiVir Personal - Free Antivirus
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Core FTP LE 2.1
Dell Support Center
Dell System Restore
Dell Touchpad
Dell Wireless WLAN Card Utility
Digital Line Detect
Documentation & Support Launcher
Games, Music, & Photos Launcher
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Internet Service Offers Launcher
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Modem Diagnostic Tool
MSXML 6.0 Parser (KB927977)
Musicmatch for Windows Media Player
NetWaiting
OutlookAddinSetup
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SeaWorld Adventure Park Tycoon
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
The Sims™ 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
WinZip 12.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

10/13/2010 11:04:57 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


You're running two AV programs, AVG and Avira.
One of them has to go.
If AVG (preferably), use AVG Remover: http://www.avg.com/us-en/download-tools

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Uninstalled AVG (what a pain that was...) and here are the 2 logs requested.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7AF0000 \WINDOWS\system32\KDCOM.DLL
0xF7A00000 \WINDOWS\system32\BOOTVID.dll
0xF74C1000 ACPI.sys
0xF7AF2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74B0000 pci.sys
0xF75F0000 isapnp.sys
0xF7A04000 compbatt.sys
0xF7A08000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BB8000 pciide.sys
0xF7870000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7600000 MountMgr.sys
0xF7491000 ftdisk.sys
0xF746B000 dmio.sys
0xF7878000 PartMgr.sys
0xF7610000 VolSnap.sys
0xF7453000 atapi.sys
0xF738C000 iaStor.sys
0xF7620000 disk.sys
0xF7630000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF736C000 fltMgr.sys
0xF7640000 PxHelp20.sys
0xF7355000 KSecDD.sys
0xF72C8000 Ntfs.sys
0xF729B000 NDIS.sys
0xF7650000 ohci1394.sys
0xF7660000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7281000 Mup.sys
0xF7670000 AVGIDSEH.Sys
0xF76A0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6094000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6080000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78F8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF605C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7900000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6034000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5FF3000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF5FDF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF5FCB000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF5F7A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF5F4E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF76D0000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5ED3000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF7908000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7910000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76E0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76F0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7700000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5EB0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7220000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF721C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7CE1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7710000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7218000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5E99000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7720000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6AB0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7918000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5E88000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6AA0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7920000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7928000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5E58000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6A90000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B36000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5DFA000 \SystemRoot\system32\DRIVERS\update.sys
0xF7200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6A80000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA460000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B74000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA6737000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA6645000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA6592000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xA7E78000 \SystemRoot\System32\Drivers\Modem.SYS
0xA6573000 \SystemRoot\system32\drivers\IntcHdmi.sys
0xA654F000 \SystemRoot\system32\drivers\portcls.sys
0xA775C000 \SystemRoot\system32\drivers\drmk.sys
0xA6391000 \SystemRoot\system32\drivers\sthda.sys
0xA2720000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B68000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA2E33000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B6A000 \SystemRoot\System32\Drivers\Beep.SYS
0xA24DB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA24D3000 \SystemRoot\System32\drivers\vga.sys
0xF7B6C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA2073000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA206B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA2718000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1827000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA17CE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA17A6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA1780000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA175E000 \SystemRoot\System32\drivers\afd.sys
0xA2CA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA2C90000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA1733000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA16C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA25E5000 \SystemRoot\System32\Drivers\Fips.SYS
0xA2700000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xA25B5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA15FC000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA1FD1000 \SystemRoot\System32\drivers\Dxapi.sys
0xA205B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C06000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8466000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA1597000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9975000 \SystemRoot\system32\drivers\sysaudio.sys
0xA1334000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA137D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1265000 \SystemRoot\system32\DRIVERS\srv.sys
0xA0F54000 \SystemRoot\System32\Drivers\HTTP.sys
0xA0B69000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xA2DDB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xA0B54000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA0949000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
684 csrss.exe
708 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
948 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1120 C:\WINDOWS\system32\svchost.exe
1224 svchost.exe
1304 svchost.exe
1460 C:\WINDOWS\system32\spoolsv.exe
1776 C:\Program Files\Google\Update\GoogleUpdate.exe
1864 C:\WINDOWS\explorer.exe
620 svchost.exe
1188 wdfmgr.exe
2404 alg.exe
2752 C:\WINDOWS\system32\ctfmon.exe
2840 C:\Program Files\DellTPad\Apoint.exe
2916 C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
2984 C:\WINDOWS\system32\hkcmd.exe
3032 C:\WINDOWS\system32\igfxpers.exe
3040 C:\WINDOWS\system32\igfxsrvc.exe
3056 C:\WINDOWS\system32\WLTRAY.EXE
3164 C:\Program Files\Dell\MediaDirect\PCMService.exe
3304 C:\Program Files\Digital Line Detect\DLG.exe
3316 C:\Program Files\WinZip\WZQKPICK.EXE
3420 C:\Program Files\DellTPad\ApMsgFwd.exe
3452 C:\Program Files\DellTPad\hidfind.exe
3464 C:\Program Files\DellTPad\ApntEx.exe
3824 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1300 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2256 C:\Program Files\Avira\AntiVir Desktop\sched.exe
4088 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3132 C:\Program Files\Internet Explorer\iexplore.exe
2128 C:\Program Files\Internet Explorer\iexplore.exe
2464 C:\Program Files\Internet Explorer\iexplore.exe
3924 C:\Documents and Settings\DDialbert\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 49317473774A146FB87EC5200B1C6B80AB2FF32D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ComboFix 10-10-12.03 - DDialbert 10/14/2010 9:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.658 [GMT -4:00]
Running from: c:\documents and settings\DDialbert\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DDialbert\Local Settings\Application Data\{FB856E86-B01B-449D-BBD7-3FA88A81A11C}
c:\documents and settings\DDialbert\Local Settings\Application Data\{FB856E86-B01B-449D-BBD7-3FA88A81A11C}\chrome.manifest
c:\documents and settings\DDialbert\Local Settings\Application Data\{FB856E86-B01B-449D-BBD7-3FA88A81A11C}\chrome\content\_cfg.js
c:\documents and settings\DDialbert\Local Settings\Application Data\{FB856E86-B01B-449D-BBD7-3FA88A81A11C}\chrome\content\overlay.xul
c:\documents and settings\DDialbert\Local Settings\Application Data\{FB856E86-B01B-449D-BBD7-3FA88A81A11C}\install.rdf

Infected copy of c:\windows\system32\drivers\dmio.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-14 12:47 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-14 12:47 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-14 12:47 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-14 12:47 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-14 12:47 . 2010-10-14 12:47 -------- d-----w- c:\program files\Avira
2010-10-14 12:47 . 2010-10-14 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-13 13:30 . 2010-10-13 13:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-13 13:17 . 2010-10-13 13:17 -------- d-----w- c:\documents and settings\DDialbert\Application Data\Malwarebytes
2010-10-13 13:17 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 13:17 . 2010-10-13 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-13 13:16 . 2010-10-13 13:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 13:16 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 12:40 . 2010-10-13 13:06 -------- d-----w- c:\windows\system32\NtmsData
2010-10-05 17:00 . 2010-10-05 17:00 -------- d-----w- C:\VundoFix Backups
2010-10-05 16:20 . 2010-10-05 16:20 -------- d-----w- c:\program files\Trend Micro
2010-10-05 15:10 . 2010-10-05 15:10 -------- d-----w- c:\documents and settings\DDialbert\Application Data\AVG10
2010-10-05 15:10 . 2010-10-05 15:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-05 15:09 . 2010-10-14 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-05 14:35 . 2010-10-05 14:35 -------- d-----w- C:\$AVG
2010-10-05 14:21 . 2010-10-14 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-04 14:04 . 2010-10-05 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-04 14:04 . 2010-10-04 14:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-19 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-19 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-19 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-17 50688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-17 07:20 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"stllssvr"=3 (0x3)
"STacSV"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"GoToAssist"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/14/2010 8:47 AM 135336]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/17/2008 4:43 AM 105984]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 5:34 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-14 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2010-09-24 17:54]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:34]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:34]

2010-10-14 c:\windows\Tasks\User_Feed_Synchronization-{CB1AB0A0-B178-4D1C-B338-EC92C4F37F95}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081117
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3352)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2010-10-14 09:14:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-14 13:14

Pre-Run: 89,807,101,952 bytes free
Post-Run: 90,043,133,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2DD7283EFC1D109F8FE2AAEC550D9220
 
How is redirection?

Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Status
Not open for further replies.
Back