Malware

Here is the aswMBR log:
17:26:26.656 is yellow and 17:26:32.015 is red.
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 16:51:05
-----------------------------
16:51:05.312    OS Version: Windows 5.1.2600 Service Pack 3
16:51:05.312    Number of processors: 2 586 0x403
16:51:05.312    ComputerName: D7SXQY91  UserName: Earl
16:51:05.625    Initialize success
17:00:43.890    AVAST engine defs: 12020100
17:26:14.093    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:26:14.093    Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
17:26:14.109    Disk 0 MBR read successfully
17:26:14.109    Disk 0 MBR scan
17:26:14.171    Disk 0 Windows XP default MBR code
17:26:14.171    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
17:26:14.203    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        72990 MB offset 80325
17:26:14.218    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     3255 MB offset 149565150
17:26:14.234    Disk 0 scanning sectors +156232125
17:26:14.296    Disk 0 scanning C:\WINDOWS\system32\drivers
17:26:26.390    Service scanning
17:26:26.656    Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
17:26:27.453    Modules scanning
17:26:31.968    Disk 0 trace - called modules:
17:26:32.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8ad9a6d9]<<
17:26:32.015    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b09eab8]
17:26:32.015    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b085d98]
17:26:32.250    AVAST engine scan C:\WINDOWS
17:26:39.515    AVAST engine scan C:\WINDOWS\system32
17:29:14.718    AVAST engine scan C:\WINDOWS\system32\drivers
17:29:30.359    AVAST engine scan C:\Documents and Settings\Earl
17:33:18.328    AVAST engine scan C:\Documents and Settings\All Users
17:35:10.703    Scan finished successfully
17:35:42.359    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Earl\Desktop\MBR.dat"
17:35:42.359    The log file has been saved successfully to "C:\Documents and Settings\Earl\Desktop\aswMBR1.txt"

[Malware Removal Specialist]

Please run the MBR check in Reply # 24

Okay, how's this..
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Home Edition
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x0000000d

Kernel Drivers (total 140):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9F79000 ACPI.sys
  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB9F68000 pci.sys
  0xBA0A8000 isapnp.sys
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xBA5AC000 intelide.sys
  0xBA0B8000 MountMgr.sys
  0xB9F49000 ftdisk.sys
  0xBA330000 PartMgr.sys
  0xBA0C8000 VolSnap.sys
  0xB9F31000 atapi.sys
  0xBA0D8000 disk.sys
  0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB9F11000 fltmgr.sys
  0xB9EFF000 sr.sys
  0xBA338000 PxHelp20.sys
  0xB9EE8000 KSecDD.sys
  0xB9E5B000 Ntfs.sys
  0xB9E2E000 NDIS.sys
  0xBA340000 speedfan.sys
  0xB9E14000 Mup.sys
  0xBA671000 giveio.sys
  0xBA348000 avgrkx86.sys
  0xBA4BC000 AVGIDSEH.Sys
  0xBA298000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB96CD000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
  0xB96B9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB9691000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xBA418000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB966D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA420000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB9639000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
  0xB9616000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB9517000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
  0xB9470000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xBA428000 \SystemRoot\System32\Drivers\Modem.SYS
  0xB944A000 \SystemRoot\system32\DRIVERS\e100b325.sys
  0xBA430000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xBA2A8000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xBA2B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xBA2C8000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xBA761000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xBA438000 \SystemRoot\system32\DRIVERS\rasirda.sys
  0xBA440000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xBA2D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xBA594000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB9433000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xBA2E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xBA2F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xBA448000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xBA450000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xBA5D2000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB93D5000 \SystemRoot\system32\DRIVERS\update.sys
  0xBA5A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB93A7000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
  0xBA318000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xBA57C000 \SystemRoot\system32\drivers\MODEMCSA.sys
  0xA8F79000 \SystemRoot\system32\drivers\sthda.sys
  0xA8F55000 \SystemRoot\system32\drivers\portcls.sys
  0xBA188000 \SystemRoot\system32\drivers\drmk.sys
  0xBA158000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xBA616000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xBA498000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xB9155000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xBA198000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
  0xBA61A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA7CB000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA61C000 \SystemRoot\System32\Drivers\Beep.SYS
  0xBA4A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xBA3D0000 \SystemRoot\System32\drivers\vga.sys
  0xA8E8D000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xBA208000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xBA662000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA664000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xBA3D8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xBA3E0000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xBA588000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xBA3E8000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
  0xA8E5A000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xA8E01000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xBA228000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
  0xA8DBA000 \SystemRoot\system32\DRIVERS\avgtdix.sys
  0xA8D6C000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xA8D44000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB9149000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xA8D22000 \SystemRoot\System32\drivers\afd.sys
  0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xA8D00000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xBA3F0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xA8CD5000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB980A000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
  0xBA258000 \??\C:\WINDOWS\system32\drivers\oahlp32.sys
  0xA8CA4000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
  0xA8C34000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xBA268000 \SystemRoot\System32\Drivers\Fips.SYS
  0xBA3F8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xA8B5D000 \SystemRoot\system32\DRIVERS\avgldx86.sys
  0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB97EA000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0xBA358000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xBA558000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xA8ACE000 \SystemRoot\system32\drivers\wisgostrm.sys
  0xBA568000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xA8EE5000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xA8A16000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xBA650000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xA8A4E000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBA3C0000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA7B7000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF021000 \SystemRoot\System32\ialmdnt5.dll
  0xBF012000 \SystemRoot\System32\ialmrnt5.dll
  0xBF043000 \SystemRoot\System32\ialmdev5.DLL
  0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
  0xBF16E000 \SystemRoot\System32\ATMFD.DLL
  0xA8820000 \SystemRoot\system32\DRIVERS\irda.sys
  0xA899E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA85F4000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xA849F000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA8688000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA824C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xBA5B2000 \SystemRoot\System32\Drivers\ASCTRM.SYS
  0xA84B8000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
  0xA8228000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA81A4000 \SystemRoot\system32\DRIVERS\srv.sys
  0xBA390000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
  0xA8044000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
  0xA7C6B000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA7379000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
       0 System Idle Process
       4 System
     512 C:\WINDOWS\system32\smss.exe
     544 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
     576 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
     780 csrss.exe
     812 C:\WINDOWS\system32\winlogon.exe
     856 C:\WINDOWS\system32\services.exe
     868 C:\WINDOWS\system32\lsass.exe
    1044 C:\WINDOWS\system32\svchost.exe
    1092 svchost.exe
    1172 C:\WINDOWS\system32\svchost.exe
    1300 svchost.exe
    1348 svchost.exe
    1672 C:\WINDOWS\explorer.exe
    1748 C:\Program Files\Online Armor\oacat.exe
    1780 C:\Program Files\Online Armor\oasrv.exe
     748 C:\WINDOWS\system32\spoolsv.exe
    2112 svchost.exe
    2344 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    2852 C:\WINDOWS\system32\svchost.exe
    3164 wdfmgr.exe
    3376 C:\WINDOWS\system32\wuauclt.exe
    3512 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    3788 C:\Program Files\AVG\AVG2012\avgnsx.exe
    3880 C:\Program Files\AVG\AVG2012\avgemcx.exe
    2588 alg.exe
    3276 C:\Program Files\AVG\AVG2012\avgtray.exe
    3340 C:\Program Files\Online Armor\oaui.exe
    4076 C:\Program Files\Online Armor\oahlp.exe
    2176 C:\WINDOWS\system32\svchost.exe
    1744 wmiprvse.exe
    4200 C:\Program Files\Internet Explorer\iexplore.exe
    4296 C:\Program Files\Internet Explorer\iexplore.exe
    5256 C:\Program Files\Internet Explorer\iexplore.exe
    5532 C:\Program Files\Internet Explorer\iexplore.exe
    2572 C:\Program Files\AVG\AVG2012\avgmfapx.exe
    2388 C:\Documents and Settings\Earl\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00  (NTFS)

PhysicalDrive0 Model Number: ST3808110AS, Rev: 3.ADH   

      Size  Device Name          MBR Status
  --------------------------------------------
     74 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A


Done!

[Malware Removal Specialist]

Now that the MBR code is repaired please update and run scans with SAS and MBAM and post the logs.

Updated and ran SAS, then MBAM
Administrator

Memory items scanned      : 403
Memory threats detected   : 0
Registry items scanned    : 35444
Registry threats detected : 1
File items scanned        : 96553
File threats detected     : 51

Adware.SelectRebates
   C:\Program Files\SELECTREBATES\FFToolbar\chrome\sahtoolbar.jar
   C:\Program Files\SELECTREBATES\FFToolbar\chrome
   C:\Program Files\SELECTREBATES\FFToolbar\chrome.manifest
   C:\Program Files\SELECTREBATES\FFToolbar\defaults\preferences\sahtoolbar.js
   C:\Program Files\SELECTREBATES\FFToolbar\defaults\preferences
   C:\Program Files\SELECTREBATES\FFToolbar\defaults
   C:\Program Files\SELECTREBATES\FFToolbar\install.rdf
   C:\Program Files\SELECTREBATES\FFToolbar
   C:\Program Files\SELECTREBATES\SahImages\alert.png
   C:\Program Files\SELECTREBATES\SahImages\check.png
   C:\Program Files\SELECTREBATES\SahImages\close.png
   C:\Program Files\SELECTREBATES\SahImages
   C:\Program Files\SELECTREBATES\SelectAlerts.dat
   C:\Program Files\SELECTREBATES\SelectRebates.exe
   C:\Program Files\SELECTREBATES\SelectRebates.ini
   C:\Program Files\SELECTREBATES\SelectRebatesA.dat
   C:\Program Files\SELECTREBATES\SelectRebatesApi.exe
   C:\Program Files\SELECTREBATES\SelectRebatesB.dat
   C:\Program Files\SELECTREBATES\SelectRebatesBT.dat
   C:\Program Files\SELECTREBATES\SelectRebatesDownload.exe
   C:\Program Files\SELECTREBATES\SelectRebatesUninstall.exe
   C:\Program Files\SELECTREBATES\SRebates.dll
   C:\Program Files\SELECTREBATES\SRFF3.dll
   C:\Program Files\SELECTREBATES\Toolbar\AddtoList.bmp
   C:\Program Files\SELECTREBATES\Toolbar\basis.xml
   C:\Program Files\SELECTREBATES\Toolbar\Basis.xml.dym
   C:\Program Files\SELECTREBATES\Toolbar\Blank.bmp
   C:\Program Files\SELECTREBATES\Toolbar\Cache
   C:\Program Files\SELECTREBATES\Toolbar\CashBack.bmp
   C:\Program Files\SELECTREBATES\Toolbar\Coupons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\GroceryCoupon.bmp
   C:\Program Files\SELECTREBATES\Toolbar\icons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\ImageCache
   C:\Program Files\SELECTREBATES\Toolbar\i_magnifying.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo_24.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo_HotSpots.bmp
   C:\Program Files\SELECTREBATES\Toolbar\ReviewSite.bmp
   C:\Program Files\SELECTREBATES\Toolbar\RightControls.dym
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-alert.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-go.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-grocerycoupons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-icons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-restaurant.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-wishlist.bmp
   C:\Program Files\SELECTREBATES\Toolbar\Scissors.bmp
   C:\Program Files\SELECTREBATES\Toolbar
   C:\Program Files\SELECTREBATES
   C:\WINDOWS\Prefetch\SELECTREBATES.EXE-072AFA89.pf
   C:\WINDOWS\Prefetch\SELECTREBATESDOWNLOAD.EXE-053B5128.pf

Adware.ShopAtHomeSelect
   HKU\S-1-5-21-2856773612-2364928292-2262524725-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.CouponBar
   C:\WINDOWS\SYSTEM32\CPNPRT2.CID
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Earl :: D7SXQY91 [administrator]

2/3/2012 6:11:17 PM
mbam-log-2012-02-03 (18-11-17).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270947
Time elapsed: 37 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

[Malware Removal Specialist]

Thanks. How's your computer working now?

No real change.  this thing continues to make an appearance at random times.  You know, this computer isn't that far out of the box, it doesn't have any photos, files of any major concern, or anything that I can't afford to lose.  I have a WD backup that's been off now for 2 months so I know it's clean and it has got anything I might need on it.  This dell has the "out of the box" option which will wipe the HD clean except the Windows XP I think. I've got to go back in and read about it again.  I used it when I inherited it to begin with.  I'm now begining to think this might be the final solution.  If I wipe this clean and start it "right out of the box", except for the OS, will the malware/virus survive?  does it hide there, amoung other places?  You are welcome to try a few other things, and I have plenty of time to do them.  But like I said, I don't depend on this machine every day for anything.

[Malware Removal Specialist]

If you nothing to lose doing a Recovery would be the best option.

Okay, I'll give it a try... thanks

[Malware Removal Specialist]

Okay, I'll give it a try... thanks

Please let me know the results.

Dave,
  I wiped the drive and upgraded to Windows 7.  Reinstalled AVG, MBAM, SAS, Online armor.  Everything normal, "been a week now, ain't been sick once."  Thanks, now that  have a disk, it'll be easier next time. 

[Malware Removal Specialist]

Dave,
  I wiped the drive and upgraded to Windows 7.  Reinstalled AVG, MBAM, SAS, Online armor.  Everything normal, "been a week now, ain't been sick once."  Thanks, now that  have a disk, it'll be easier next time.

You're welcome. You'll be happy with Windows 7. I will lock this thread. If you need it re-opened, please send me a pm.