Hi,
Thank you for your service. I am working on my mother-in-laws computer. She got one of those pop ups that said your computer is infected, click here to remove them. Well, she clicked it. It brought up a fake spyware program and it changed the desktop to a spyware warning. It might have uninstalled the avg antvirus, it was on there before. I Googled the fake program and there was a post that said do a system restore in the safe mode, and that will fix your problem. I did that and that got rid of the fake spyware program and restored the desktop, but there is some kind of browser redirect going on. I cannot go to most websites that have anything to do with antivirus, or malware removal. I cannot load spybot, it says the server name or address could not be resolved. I installed Mallware bytes, it found a few things, but did not resolve the issue. Attached are the dds log files as requested.
Thanks again.


DDS (Ver_10-12-12.02) - NTFSx86
Run by matt at 14:45:22.12 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.88 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\matt\My Documents\downloaded programs\dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.net
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://att.net
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\matt\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.0.0971.20/WinSSWebAgent.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147964966421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {AED98630-0251-4E83-917D-43A23D66D507} - hxxp://activex.microgaming.com/DLhelper/version7/dlhelper.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {5D6E76B7-8F83-4710-A889-AB4E87A69B84} = 192.168.1.254,4.2.2.2
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2000-6-6 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2001-9-4 19534]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-3-1 517448]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-03-04 15:56:24 -------- d-----w- C:\logfile
2011-03-04 15:52:50 388096 ----a-r- c:\docume~1\matt\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-04 15:52:48 -------- d-----w- c:\program files\Trend Micro
2011-03-04 13:51:42 -------- d-----w- c:\docume~1\matt\applic~1\Malwarebytes
2011-03-04 13:50:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 13:50:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-04 13:50:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 13:50:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 13:33:55 -------- d-sh--w- c:\documents and settings\matt\IECompatCache
2011-03-04 00:50:11 -------- dc-h--w- c:\windows\ie8
2011-03-03 23:18:43 -------- d-----w- c:\docume~1\matt\locals~1\applic~1\Threat Expert
2011-03-03 22:34:01 -------- d-----w- c:\program files\PC Tools Security
2011-03-03 22:28:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-02 20:02:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-02 20:02:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-02 16:17:50 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-02 16:14:35 -------- d-----w- c:\docume~1\matt\locals~1\applic~1\Sunbelt Software
2011-03-02 16:11:03 -------- d-----w- c:\program files\Lavasoft
2011-03-02 15:19:32 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
2011-03-02 13:06:35 -------- d-----w- c:\docume~1\matt\applic~1\QuickScan
2011-03-02 00:03:34 -------- d-----w- c:\docume~1\matt\locals~1\applic~1\Temp
2011-03-02 00:03:06 -------- d-----w- c:\docume~1\matt\locals~1\applic~1\Google
2011-03-01 22:18:49 -------- d-----w- c:\docume~1\matt\applic~1\AVG10
2011-03-01 22:15:31 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-01 22:15:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-03-01 22:11:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-01 22:11:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-03-01 21:36:49 5943120 ------w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{73594f76-2850-415b-8ee4-8b7b2cf45b97}\mpengine.dll
2011-03-01 21:33:26 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-01 21:33:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-01 21:32:51 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-01 21:32:51 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-01 21:30:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-01 21:30:15 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-28 22:53:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\bBjKgGn08520

==================== Find3M ====================

2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 78336 ------w- c:\windows\system32\ieencode.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2003-03-31 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 14:47:26.20 ===============

Hi,

Please download MBRCheck (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.

Hi,
Here is the log file you requested.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF8AF7000 \WINDOWS\system32\KDCOM.DLL
0xF8A07000 \WINDOWS\system32\BOOTVID.dll
0xF85A8000 ACPI.sys
0xF8AF9000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8597000 pci.sys
0xF85F7000 isapnp.sys
0xF8607000 ohci1394.sys
0xF8617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF8BBF000 pciide.sys
0xF8877000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8627000 MountMgr.sys
0xF8578000 ftdisk.sys
0xF8AFB000 dmload.sys
0xF8552000 dmio.sys
0xF887F000 PartMgr.sys
0xF8637000 VolSnap.sys
0xF853A000 atapi.sys
0xF8647000 disk.sys
0xF8657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF851A000 fltmgr.sys
0xF8508000 sr.sys
0xF8667000 PxHelp20.sys
0xF84F1000 KSecDD.sys
0xF8464000 Ntfs.sys
0xF8437000 NDIS.sys
0xF841D000 Mup.sys
0xF8887000 avgrkx86.sys
0xF8677000 AVGIDSEH.Sys
0xF8687000 agp440.sys
0xF8817000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF791F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF790B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF894F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF78E7000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8957000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF8827000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF78C3000 \SystemRoot\System32\DRIVERS\EL2K_XP.sys
0xF77E5000 \SystemRoot\system32\DRIVERS\HCF_MSFT.sys
0xF895F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8837000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8ABB000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF8967000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF77D1000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8847000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7749000 \SystemRoot\system32\drivers\smwdm.sys
0xF7725000 \SystemRoot\system32\drivers\portcls.sys
0xF8857000 \SystemRoot\system32\drivers\drmk.sys
0xF7702000 \SystemRoot\system32\drivers\ks.sys
0xF76EA000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8CBD000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8867000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8ABF000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF76D3000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF86B7000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7AE7000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF896F000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF76C2000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7AD7000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF897F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8987000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7692000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7AC7000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF898F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8997000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8B19000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF760C000 \SystemRoot\System32\DRIVERS\update.sys
0xF8ADB000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7AB7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7AA7000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8B23000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF899F000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7A67000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF8B45000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D03000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B47000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89B7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF89BF000 \SystemRoot\System32\drivers\vga.sys
0xF8B49000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B4B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89CF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A87000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEE464000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE40B000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEE3C3000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xEE39D000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF86C7000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xEE34D000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEE32B000 \SystemRoot\System32\drivers\afd.sys
0xF86D7000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF86E7000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEE260000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEE1F0000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8727000 \SystemRoot\System32\Drivers\Fips.SYS
0xF89DF000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xEE1B4000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF8AAF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8737000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF89E7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF8AB7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF768E000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF87C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE124000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B99000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE1A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88F7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C29000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3CB000 \SystemRoot\System32\ATMFD.DLL
0xF890F000 \SystemRoot\System32\DRIVERS\TCAITDI.sys
0xEDC0D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xED988000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8B1F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF8B21000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xEDAED000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xED91F000 \SystemRoot\System32\Drivers\HTTP.sys
0xEDCE5000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xEDCB5000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xED91B000 \??\C:\WINDOWS\System32\tcaicchg.sys
0xEDA5D000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xED717000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xED6BF000 \SystemRoot\System32\DRIVERS\srv.sys
0xED55B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xED0E6000 \SystemRoot\system32\drivers\wdmaud.sys
0xED76F000 \SystemRoot\system32\drivers\sysaudio.sys
0xECD6F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
688 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
868 csrss.exe
896 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1124 C:\WINDOWS\system32\svchost.exe
1192 svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1388 svchost.exe
1416 svchost.exe
1584 C:\WINDOWS\system32\spoolsv.exe
1660 svchost.exe
1700 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1768 C:\WINDOWS\system32\svchost.exe
1788 C:\WINDOWS\system32\nvsvc32.exe
1876 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
1924 C:\WINDOWS\system32\svchost.exe
2008 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
240 wmpnetwk.exe
628 C:\Program Files\AVG\AVG10\avgnsx.exe
644 C:\Program Files\AVG\AVG10\avgemcx.exe
2296 alg.exe
3532 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
3548 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3888 C:\WINDOWS\system32\wuauclt.exe
2132 C:\WINDOWS\system32\wscntfy.exe
4024 C:\WINDOWS\explorer.exe
2812 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
2884 C:\WINDOWS\system32\rundll32.exe
2196 C:\Program Files\AVG\AVG10\avgtray.exe
1516 C:\WINDOWS\system32\ctfmon.exe
3324 C:\Program Files\Internet Explorer\iexplore.exe
2860 C:\Program Files\Internet Explorer\iexplore.exe
1856 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
580 C:\Program Files\AVG\AVG10\avgmfapx.exe
1724 C:\WINDOWS\system32\taskmgr.exe
1092 C:\Documents and Settings\matt\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD400EB-11CPF0, Rev: 06.04G06

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Hi


Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hi,
Sorry it took so long, I had to unistall AVG for the Combofix to work. Do you want me to reinstall the AVG now, or wait until we are finsihed? I will attach the logs you requested
Thanks

Hi,

Please keep AVG uninstalled until we've finished.


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
c:\documents and settings\All Users\Application Data\bBjKgGn08520
DDS::
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 24 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish.



Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Any issues left?

Hi,
Updated Java, and ran the ESET scan. It did not find any problems. I was looking to see if it produced a log but I could not find one. It seems to be ok now. I am able to surf without redirects and blocking. Attached are the log files you requested.
Thanks

Hi,

Adobe Reader still needs updating.


Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

PS. You may reinstall AVG after steps above are ready.

Hi,
Looks like everythings ok. Thanks again for your help!

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.