Servant

It still occurs.

I reset my router and tried the scan again.

MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x000001ec Kernel Drivers (total 150): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E3000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF7358000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7347000 pci.sys 0xF7487000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7497000 MountMgr.sys 0xF7328000 ftdisk.sys 0xF74A7000 \WINDOWS\system32\drivers\CLASSPNP.SYS 0xF770F000 PartMgr.sys 0xF74B7000 VolSnap.sys 0xF72FA000 atapi.sys 0xF72C6000 nvata.sys 0xF74C7000 disk.sys 0xF72A6000 fltMgr.sys 0xF7294000 sr.sys 0xF727E000 DRVMCDB.SYS 0xF7717000 PxHelp20.sys 0xF7267000 KSecDD.sys 0xF71DA000 Ntfs.sys 0xF71AD000 NDIS.sys 0xF7192000 Mup.sys 0xF7547000 \SystemRoot\system32\DRIVERS\processr.sys 0xF6D83000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF6D6F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF787F000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF6D4C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7887000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF7557000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF79A1000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xF7567000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7577000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF6D29000 \SystemRoot\system32\DRIVERS\ks.sys 0xF788F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF7587000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0xF6CF5000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys 0xF6BF6000 \SystemRoot\system32\DRIVERS\HSF_DP.sys 0xF6B4F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF7727000 \SystemRoot\System32\Drivers\Modem.SYS 0xF6B29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF7B96000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7597000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7947000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF6B12000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF75A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF75B7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7737000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF6B01000 \SystemRoot\system32\DRIVERS\psched.sys 0xF75C7000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF773F000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7747000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF75D7000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF774F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7757000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF79A3000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF6ACD000 \SystemRoot\system32\DRIVERS\update.sys 0xF7953000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF775F000 \SystemRoot\system32\DRIVERS\ss.sys 0xF6371000 \SystemRoot\system32\drivers\sthda.sys 0xF634F000 \SystemRoot\system32\drivers\portcls.sys 0xF7617000 \SystemRoot\system32\drivers\drmk.sys 0xF7627000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7647000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7977000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF79BF000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF79C1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7B8B000 \SystemRoot\System32\Drivers\Null.SYS 0xF79C3000 \SystemRoot\System32\Drivers\Beep.SYS 0xF779F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS 0xF77A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF77AF000 \SystemRoot\System32\drivers\vga.sys 0xF79C5000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79C7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF77B7000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF77BF000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF716E000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF3C22000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF3BCA000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF3B69000 \SystemRoot\System32\Drivers\SYMTDI.SYS 0xF2E75000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF2E50000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 0xF77E7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF2E37000 \SystemRoot\System32\Drivers\avgtdix.sys 0xF2E0F000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF2DED000 \SystemRoot\System32\drivers\afd.sys 0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF2D8A000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 0xF7527000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF793F000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF7537000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7957000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF2C82000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 0xF2C57000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF2BE8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF631F000 \SystemRoot\System32\Drivers\Fips.SYS 0xF2B85000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0xF628F000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF2B66000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0xF777F000 \SystemRoot\System32\Drivers\avgmfx86.sys 0xF2B15000 \SystemRoot\System32\Drivers\avgldx86.sys 0xF2CA6000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF2AD3000 \SystemRoot\System32\Drivers\dump_nvata.sys 0xF79ED000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF7927000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77FF000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7BBB000 \SystemRoot\System32\drivers\dxgthk.sys 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xF2CD6000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0xF7B18000 \SystemRoot\System32\DLA\DLADResN.SYS 0xBA4D2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xBA550000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xF7A15000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xF782F000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0xBA4BA000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0xBA4A4000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0xF7847000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xF2AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB9964000 \SystemRoot\System32\Drivers\SYMREDRV.SYS 0xB9688000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF7807000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xB9768000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xF781F000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xB93D9000 \SystemRoot\system32\DRIVERS\srv.sys 0xB9520000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xB92AA000 \??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys 0xB91CD000 \SystemRoot\system32\drivers\wdmaud.sys 0xB97E4000 \SystemRoot\system32\drivers\sysaudio.sys 0xF7857000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys 0xB8A4F000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 0xB8955000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071011.021\NavEx15.Sys 0xB8942000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071011.021\NAVENG.Sys 0xB880D000 \SystemRoot\System32\Drivers\HTTP.sys 0xB8E1F000 \SystemRoot\System32\Drivers\SYMDNS.SYS 0xB6B96000 \SystemRoot\System32\Drivers\SYMNDIS.SYS 0xB4957000 \SystemRoot\System32\Drivers\SYMFW.SYS 0xB50A6000 \SystemRoot\System32\Drivers\SYMIDS.SYS 0xB4912000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100804.001\symidsco.sys 0xB2C30000 \SystemRoot\system32\DRIVERS\rt73.sys 0xBFF50000 \SystemRoot\System32\TSDDD.dll 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xF79D5000 \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 0xAE21E000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 125): 0 System Idle Process 4 System 844 C:\WINDOWS\system32\smss.exe 892 csrss.exe 916 C:\WINDOWS\system32\winlogon.exe 960 C:\WINDOWS\system32\services.exe 972 C:\WINDOWS\system32\lsass.exe 1180 C:\WINDOWS\system32\svchost.exe 1248 svchost.exe 1464 C:\WINDOWS\system32\svchost.exe 1624 svchost.exe 1696 svchost.exe 120 C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE 188 C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE 308 C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE 320 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 380 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 432 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 1060 C:\WINDOWS\system32\spoolsv.exe 1328 svchost.exe 1380 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1392 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 1416 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe 1436 C:\Program Files\AirLink101\AWLL5026\WLService.exe 1452 C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe 1456 C:\Program Files\GE Security Supra\SyncService.exe 1508 C:\Program Files\AVG\AVG8\avgrsx.exe 1612 C:\PROGRA~1\AVG\AVG8\avgnsx.exe 1912 C:\Program Files\Java\jre6\bin\jqs.exe 2024 C:\WINDOWS\system32\lxctcoms.exe 1900 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 652 C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE 744 C:\Program Files\GE Security Supra\ProxyDaemon.exe 804 C:\WINDOWS\system32\nvsvc32.exe 876 C:\SSL\stunnel-4.10.exe 1364 C:\WINDOWS\system32\cryptainersrv.exe 2188 explorer.exe 2408 C:\WINDOWS\system32\svchost.exe 2428 C:\Program Files\Viewpoint\Common\ViewpointService.exe 2464 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 2500 C:\PROGRA~1\AVG\AVG8\avgemc.exe 2984 C:\Program Files\AVG\AVG8\avgcsrvx.exe 708 alg.exe 2088 DMXLauncher.exe 3084 stsystra.exe 3148 CCAPP.EXE 3348 DLACTRLW.EXE 3352 issch.exe 3428 GoogleDesktop.exe 2120 Corel Photo Downloader.exe 3612 iTunesHelper.exe 3264 lxctmon.exe 3784 ezprint.exe 3916 pptd40nt.exe 4044 BrMfcWnd.exe 576 avgtray.exe 640 BrccMCtl.exe 2056 opwareSE2.exe 2616 DSAgnt.exe 2920 GoogleToolbarNotifier.exe 3328 BrMfcMon.exe 3568 Skype.exe 3660 C:\WINDOWS\system32\svchost.exe 2216 g2mstart.exe 3912 ctfmon.exe 4036 DLG.exe 3096 SyncInfoApp.exe 1104 g2mcomm.exe 2076 soffice.exe 3844 soffice.bin 1996 g2mlauncher.exe 2664 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 4388 C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE 5768 C:\Program Files\iPod\bin\iPodService.exe 4816 skypePM.exe 5568 avgui.exe 5588 firefox.exe 5184 plugin-container.exe 1096 ISUSPM.exe 3316 agent.exe 4860 csrss.exe 1460 C:\WINDOWS\system32\winlogon.exe 4612 C:\WINDOWS\explorer.exe 2836 C:\WINDOWS\system32\rundll32.exe 2868 C:\WINDOWS\system32\wuauclt.exe 936 C:\WINDOWS\system32\rundll32.exe 3896 C:\Program Files\Dell\Media Experience\DMXLauncher.exe 1828 C:\WINDOWS\stsystra.exe 5744 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE 3720 C:\WINDOWS\system32\DLA\DLACTRLW.EXE 3012 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 2772 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe 4464 C:\Program Files\iTunes\iTunesHelper.exe 5556 C:\Program Files\Lexmark 5400 Series\lxctmon.exe 3028 C:\Program Files\Lexmark 5400 Series\ezprint.exe 1080 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 4200 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe 2028 C:\PROGRA~1\AVG\AVG8\avgtray.exe 6596 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe 6764 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe 6944 C:\Program Files\Dell Support\DSAgnt.exe 7048 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 7160 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe 7324 C:\Program Files\Skype\Phone\Skype.exe 7396 C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe 6160 C:\Program Files\AIM\aim.exe 3668 C:\Program Files\Messenger\msmsgs.exe 6472 C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe 6580 C:\WINDOWS\system32\ctfmon.exe 7592 C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe 7792 C:\Program Files\Digital Line Detect\DLG.exe 8152 C:\Program Files\GE Security Supra\SyncInfoApp.exe 2596 C:\Program Files\Windows NT\Accessories\wordpad.exe 3132 C:\Program Files\Windows NT\Accessories\wordpad.exe 6272 C:\Program Files\OpenOffice.org 3\program\soffice.exe 6388 C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe 6908 C:\Program Files\OpenOffice.org 3\program\soffice.bin 7028 C:\Program Files\Mozilla Firefox\firefox.exe 7676 wmiprvse.exe 8024 C:\Program Files\Skype\Plugin Manager\skypePM.exe 5724 C:\Program Files\Mozilla Firefox\plugin-container.exe 7500 C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 6504 C:\Program Files\AVG\AVG8\avgscanx.exe 6448 C:\Program Files\AVG\AVG8\avgcsrvx.exe 5516 C:\Documents and Settings\Rafiq Ali\My Documents\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS) PhysicalDrive0 Model Number: ST3160815AS, Rev: 3.ADA Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Dell MBR code detected SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E Done!

I haven't even closed it yet, I guess I should have. I'll decline it for now and let you know when it comes back... The main issue has still not been resolved. I "use the web service to find the appropriate program" and it still redirects me to www.filecure.com.

In addition: I have a "Handle License Agreement" pop-up that came, purportedly from Microsoft, does that normally occur or is it a part of the malware itself? In addition, Malwarebytes did an automatic scan before I was able to do Combofix, here's the log for that:

The Problem: Note: The website is actually going http://www.helpmeopen.com/?n=app&l=0409&ext=DAT which then redirects to www.filecure.com. DDS: files.zip

Some time ago, when trying to look at .dat files, I clicked on "Use the web service to find the appropriate program". Microsoft suggested that I download "Free File Viewer". The website seemed a little shady, especially since it wanted mt o install a lot of pointless stuff too, but I installed it anyway (stupidly). "Free File Viewer" does work in allowing you to view the .dat file, but ".dat" can be opened up in many programs; what matters if you could actually understand it, and "Free File Viewer" failed in that regard. So I uninstalled it, woo-hoo. Except now, when I click on "Use the web service to find the appropriate program"...and instead of directing me to the Microsoft website, it directs me to www.filecure.com. I suspect this is the exact same company that made "Free File Viewer", and so I want to remove this browser-hijacking so that I return back to the Microsoft website and get their support (even though their "support" led me to this problem in the first place). The question is how? I have installed Malbytes and doing a Quick Search, but I can't find any Malware program. What should I do now?