Malware

[SuperDave]

How's your computer working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[earmic]

At this point, I'm not seeing much of any change, my google homepage is still going to UK, Latvia, or maybe someother 10 lettter name, despite the google homepage on my internet options page.  when entering site addresses from my regular homepage, which does come up if I select it on the favorites list, I'm redirected to an 'Ask the crew' site and not where I want to go.  I'm downloading the ESET on line scanner and will post the log when I'm done.  I don't see the 'ask' toolbar on my screen and can't find any mention of it in the add remove programs page.

[earmic]

I ran the eset and it found two threats, both trojans, and cleaned them. I couldn't find the first log(sorry) so I ran it again this time it didn't find anything.  In the meantime I found the first log and post it here.  After disinfection, I'm still being redirected and hijacked when I enter in an address on my homepage.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3fb132dba621784f9af12f29bfd21ebe
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-26 11:50:58
# local_time=2012-01-26 06:50:58 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 18744783 18744783 0 0
# compatibility_mode=1024 16777175 100 0 10194265 10194265 0 0
# compatibility_mode=6401 16777213 66 100 0 6531006 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=97723
# found=2
# cleaned=2
# scan_time=4022
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\29c85f\71.mof.vir   Win32/RogueAV.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP177\A0052181.mof   Win32/RogueAV.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251

[SuperDave]

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
*********************************************************
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[earmic]

The mrt.exe scan found no infections.  Did the AVP from Kaspersky it also found no threats. Posted the log, only the top part as you asked, the whole thing says OK down through it.  Things seem to be okay now, for the moment, I'm not being redirected anywhere and all seems okay. Wait and see seems to be the path to follow, so unless you have anything else and nothing happens over the weekend, I'll update Monday and hope for the best.  I'll continue to run scans AVG, SAS, MBAM etc. check hijackthis.
Automatic Scan: completed 4 minutes ago   (events: 326806, objects: 327327, time: 02:31:06)   
1/27/2012 10:00:59 PM   Task completed         
1/27/2012 10:00:58 PM   OK   C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll   Object was not changed (iChecker)   
1/27/2012 10:00:58 PM   OK   C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll   Object was not changed (iChecker)   
1/27/2012 10:00:58 PM   OK   C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll   Object was not changed (iChecker)   
1/27/2012 10:00:58 PM   OK   C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll   Object was not changed (iChecker)   
1/27/2012 10:00:58 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll   Object was not changed (iChecker)   
1/27/2012 10:00:58 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll   Object was not changed (iChecker)   
1/27/2012 10:00:58 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll   Object was not changed (iChecker)   
1/27/2012 10:00:58 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll   Object was not changed (iChecker)   
1/27/2012 10:00:57 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll   Object was not changed (iChecker)   
1/27/2012 10:00:56 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll   Object was not changed (iChecker)   
1/27/2012 10:00:56 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll   Object was not changed (iChecker)   
1/27/2012 10:00:56 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll   Object was not changed (iChecker)   
1/27/2012 10:00:56 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll   Object was not changed (iChecker)   
1/27/2012 10:00:56 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll   Object was not changed (iChecker)   
1/27/2012 10:00:55 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll   Object was not changed (iChecker)   
1/27/2012 10:00:55 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll   Object was not changed (iChecker)   
1/27/2012 10:00:55 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll   Object was not changed (iChecker)   
1/27/2012 10:00:55 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll   Object was not changed (iChecker)   
1/27/2012 10:00:55 PM   OK   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll   Object was not changed (iChecker)

[SuperDave]

I'll update Monday and hope for the best.  I'll continue to run scans AVG, SAS, MBAM

That sounds like a good idea. I'll watch for your post.

[earmic]

Alas, the problem persists.  Internet searches reveal that this seems to be a rogue trojan that is hard for anti virus and malware scanners to pick up.  I'm still being redirected alot of the time.  I'll scan everything again with updated everything I've got and see what happens.  This process takes 5-6 hours.

[SuperDave]

Please update and run another scan with SAS and post the log.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[earmic]

Thank you for your patience...here are the two logs: SAS was updated and immedeiately scanned, then I did the aswmbr scan.  I haven't touched anything yet.  Two things on the aswmbr scan- 19:34:59.421 is yellow and 19:35:05.375 ntkrnlpa...is red.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/30/2012 at 06:51 PM

Application Version : 5.0.1142

Core Rules Database Version : 8182
Trace Rules Database Version: 5994

Scan type       : Complete Scan
Total Scan Time : 00:44:33

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 406
Memory threats detected   : 0
Registry items scanned    : 24127
Registry threats detected : 0
File items scanned        : 94825
File threats detected     : 0

MBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 19:24:08
-----------------------------
19:24:08.234    OS Version: Windows 5.1.2600 Service Pack 3
19:24:08.234    Number of processors: 2 586 0x403
19:24:08.234    ComputerName: D7SXQY91  UserName: Earl
19:24:17.750    Initialize success
19:34:40.781    AVAST engine defs: 12013000
19:34:44.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
19:34:44.656    Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
19:34:44.671    Disk 0 MBR read successfully
19:34:44.671    Disk 0 MBR scan
19:34:44.703    Disk 0 unknown MBR code
19:34:44.703    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
19:34:44.718    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        72990 MB offset 80325
19:34:44.750    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     3255 MB offset 149565150
19:34:44.781    Disk 0 scanning sectors +156232125
19:34:44.890    Disk 0 scanning C:\WINDOWS\system32\drivers
19:34:59.093    Service scanning
19:34:59.421    Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
19:35:00.296    Modules scanning
19:35:05.343    Disk 0 trace - called modules:
19:35:05.375    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8af9dfa9]<<
19:35:05.375    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b079ab8]
19:35:05.375    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b0afd98]
19:35:05.781    AVAST engine scan C:\WINDOWS
19:35:10.718    AVAST engine scan C:\WINDOWS\system32
19:37:41.890    AVAST engine scan C:\WINDOWS\system32\drivers
19:37:57.562    AVAST engine scan C:\Documents and Settings\Earl
19:40:00.296    AVAST engine scan C:\Documents and Settings\All Users
19:41:12.703    Scan finished successfully
19:53:51.750    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Earl\Desktop\MBR.dat"
19:53:51.812    The log file has been saved successfully to "C:\Documents and Settings\Earl\

[SuperDave]

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

[earmic]

MBR log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Home Edition
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x0000000d

Kernel Drivers (total 140):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9F79000 ACPI.sys
  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB9F68000 pci.sys
  0xBA0A8000 isapnp.sys
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xBA5AC000 intelide.sys
  0xBA0B8000 MountMgr.sys
  0xB9F49000 ftdisk.sys
  0xBA330000 PartMgr.sys
  0xBA0C8000 VolSnap.sys
  0xB9F31000 atapi.sys
  0xBA0D8000 disk.sys
  0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB9F11000 fltmgr.sys
  0xB9EFF000 sr.sys
  0xBA338000 PxHelp20.sys
  0xB9EE8000 KSecDD.sys
  0xB9E5B000 Ntfs.sys
  0xB9E2E000 NDIS.sys
  0xBA340000 speedfan.sys
  0xB9E14000 Mup.sys
  0xBA671000 giveio.sys
  0xBA348000 avgrkx86.sys
  0xBA4BC000 AVGIDSEH.Sys
  0xBA2D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB9747000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
  0xB9733000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB970B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xBA420000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB96E7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA428000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB96B3000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
  0xB9690000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB9591000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
  0xB94EA000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xBA430000 \SystemRoot\System32\Drivers\Modem.SYS
  0xB94C4000 \SystemRoot\system32\DRIVERS\e100b325.sys
  0xBA438000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xBA2E8000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xBA2F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xBA308000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xBA7A7000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xBA440000 \SystemRoot\system32\DRIVERS\rasirda.sys
  0xBA448000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xBA318000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB9DDF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB94AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xBA108000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xBA118000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xBA128000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xBA460000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB944F000 \SystemRoot\system32\DRIVERS\update.sys
  0xB9DDB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB9421000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
  0xBA138000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB986C000 \SystemRoot\system32\drivers\MODEMCSA.sys
  0xA920E000 \SystemRoot\system32\drivers\sthda.sys
  0xA91EA000 \SystemRoot\system32\drivers\portcls.sys
  0xBA168000 \SystemRoot\system32\drivers\drmk.sys
  0xBA188000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xBA5DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xBA488000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xBA590000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xBA1D8000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
  0xBA60C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA68A000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA60E000 \SystemRoot\System32\Drivers\Beep.SYS
  0xBA498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
  0xBA610000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA612000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xBA4A8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB93DA000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xBA358000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
  0xA90EF000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xBA1F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xA9096000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xBA208000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
  0xA904F000 \SystemRoot\system32\DRIVERS\avgtdix.sys
  0xA9001000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xA8FD9000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xBA57C000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xA8FB7000 \SystemRoot\System32\drivers\afd.sys
  0xBA268000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xA8F95000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xBA3C0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xA8F6A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xBA588000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
  0xBA288000 \??\C:\WINDOWS\system32\drivers\oahlp32.sys
  0xA8F39000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
  0xA8EC9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS
  0xA8DF2000 \SystemRoot\system32\DRIVERS\avgldx86.sys
  0xA9043000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xBA1E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xBA408000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xA903B000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0xBA478000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xA9037000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xA8D63000 \SystemRoot\system32\drivers\wisgostrm.sys
  0xB9868000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xBA178000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xA8CAB000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xBA5EE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xA8D43000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBA3F0000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA688000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF021000 \SystemRoot\System32\ialmdnt5.dll
  0xBF012000 \SystemRoot\System32\ialmrnt5.dll
  0xBF043000 \SystemRoot\System32\ialmdev5.DLL
  0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
  0xBF16E000 \SystemRoot\System32\ATMFD.DLL
  0xA8AB5000 \SystemRoot\system32\DRIVERS\irda.sys
  0xA8B4F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA8889000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xA875C000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA88D5000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA84DF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xBA630000 \SystemRoot\System32\Drivers\ASCTRM.SYS
  0xA8520000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
  0xA8558000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA836F000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA8C9B000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
  0xA8237000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
  0xA7EAE000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA7A55000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
       0 System Idle Process
       4 System
     496 C:\WINDOWS\system32\smss.exe
     528 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
     560 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
     752 csrss.exe
     776 C:\WINDOWS\system32\winlogon.exe
     836 C:\WINDOWS\system32\services.exe
     848 C:\WINDOWS\system32\lsass.exe
    1020 C:\WINDOWS\system32\svchost.exe
    1068 svchost.exe
    1148 C:\WINDOWS\system32\svchost.exe
    1272 svchost.exe
    1308 svchost.exe
    1400 C:\Program Files\Online Armor\oacat.exe
    1516 C:\Program Files\Online Armor\oasrv.exe
    1668 C:\WINDOWS\explorer.exe
    1912 C:\WINDOWS\system32\spoolsv.exe
    1796 svchost.exe
     144 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    1508 C:\WINDOWS\system32\svchost.exe
    2176 wdfmgr.exe
    2472 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    2756 C:\Program Files\AVG\AVG2012\avgnsx.exe
    2836 C:\Program Files\AVG\AVG2012\avgemcx.exe
    3460 alg.exe
    3852 C:\Program Files\AVG\AVG2012\avgtray.exe
    4000 C:\Program Files\Online Armor\oaui.exe
    2884 C:\Program Files\Online Armor\oahlp.exe
    2648 C:\WINDOWS\system32\wuauclt.exe
    2448 C:\Program Files\Internet Explorer\iexplore.exe
    3308 C:\Program Files\Internet Explorer\iexplore.exe
    5384 C:\Documents and Settings\Earl\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00  (NTFS)

PhysicalDrive0 Model Number: ST3808110AS, Rev: 3.ADH   

      Size  Device Name          MBR Status
  --------------------------------------------
     74 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F7482 4


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:

Done!

[SuperDave]

Earlier on ComboFix installed the Recovery Console. We're going to use that now.

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)





When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter



Next type FIXMBR

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please post back and let me know how things are now.

[earmic]

It's absolutely amazing... no redirections at all! I'm going to try a few of the sites this evening, thank you thank you, I'll let you know.

[earmic]

Well that lasted about 20 minutes.  Back where we started.  UK, latvia, Spain...

[SuperDave]

Please run MBRCheck.exe again and post the log.