Google Redirect

My computer had a 7Search redirect about a week ago. I attempted to remove it using the tools suggested on this forum and now when I click on any of the links off of Google search it redirects me to other search sites.

Here is DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Ace Ducey at 20:23:47 on 2012-07-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2246 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
F:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
F:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={FCD82787-2558-4015-8507-585D13950717}&mid=82ad155a80a447d08851d145b71e0489-e2dd74a8a5f86ed4734d82507fa9f649d27771e8&lang=en&ds=gm011&pr=sa&d=2012-04-24 23:10:49&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Steam] "f:\program files\steam\steam.exe" -silent
mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PSUNMain] "f:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Free YouTube Download - c:\documents and settings\ace ducey\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\ace ducey\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302597116812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5AD40C12-AB1F-4132-AF3C-C02795098365} : DhcpNameServer = 75.75.75.75 75.75.76.76
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ace ducey\application data\mozilla\firefox\profiles\skwwuu8z.default-1342677914089\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-2 218688]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-11-23 130312]
R2 NanoServiceMain;Panda Cloud Antivirus Service;f:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-1-5 144008]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-11-30 112648]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-20 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-20 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 113120]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2011-5-3 223128]
.
=============== Created Last 30 ================
.
2012-07-25 02:59:53 -------- d-----w- c:\documents and settings\ace ducey\local settings\application data\Sun
2012-07-24 15:55:33 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-07-24 15:55:33 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-07-24 15:55:33 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-07-24 15:55:32 117728 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-07-24 03:21:28 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-23 22:44:09 -------- d-sha-r- C:\cmdcons
2012-07-23 22:41:28 98816 ----a-w- c:\windows\sed.exe
2012-07-23 22:41:28 518144 ----a-w- c:\windows\SWREG.exe
2012-07-23 22:41:28 256000 ----a-w- c:\windows\PEV.exe
2012-07-23 22:41:28 208896 ----a-w- c:\windows\MBR.exe
2012-07-23 22:36:52 -------- d-----w- c:\windows\system32\appmgmt
2012-07-19 05:55:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-19 05:55:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-19 05:41:50 -------- d-----w- c:\program files\Oracle
.
==================== Find3M ====================
.
2012-07-16 20:31:53 2011424 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSUNConsole.dll
2012-07-16 18:53:06 3387680 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSUNPnlConfig.dll
2012-07-16 18:29:29 101928 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\system32\drivers\vista_w7\PSINReg.sys
2012-07-16 18:29:23 112680 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\system64\drivers\vista_w7\PSINReg.sys
2012-07-16 18:29:18 102824 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\system32\drivers\xp\PSINReg.sys
2012-07-13 22:38:49 45856 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskalloc.dll
2012-07-13 20:07:14 174880 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSUASysTray.dll
2012-07-13 14:16:26 63776 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSUATranslator.dll
2012-07-13 14:16:26 55584 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSUAUtils.dll
2012-07-13 14:16:26 54560 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSUAWatchdog.dll
2012-07-13 14:16:25 102176 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSUASystrayObject.dll
2012-07-13 14:16:21 237856 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\x64\PSUAShell.dll
2012-07-13 14:16:17 98592 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\x86\PSUAShell.dll
2012-07-13 14:07:06 85792 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSNCGP64.dll
2012-07-13 14:07:06 80672 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\x64\PSNCSysAction.exe
2012-07-13 14:07:06 189216 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSNCIPC64.dll
2012-07-13 14:07:01 18720 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\x86\PSNCSysAction.exe
2012-07-13 14:03:57 336160 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSANCU.exe
2012-07-13 14:03:43 79648 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSANUpgSI.dll
2012-07-13 14:01:51 120872 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\system32\drivers\vista\PSINProt.sys
2012-07-13 14:00:58 46880 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSNEvts.dll
2012-07-13 13:59:55 167200 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSINEnAg.dll
2012-07-13 13:58:56 108832 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\psendecs.dll
2012-07-13 13:57:43 386848 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSANModAV.dll
2012-07-13 13:56:43 204064 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\NdkApi.dll
2012-07-13 13:56:42 238368 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\NdkApi.Configuration.dll
2012-07-13 13:56:42 207648 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\NdkApi.Communication.dll
2012-07-13 13:56:42 130336 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\NdkApi.Common.dll
2012-07-13 13:56:41 215328 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\NdkApi.Analysis.dll
2012-07-12 23:17:45 173344 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknact.dll
2012-07-12 18:18:56 219688 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\system64\drivers\NNSStrm.sys
2012-07-12 18:18:32 206632 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\system32\drivers\NNSStrm.sys
2012-07-10 15:36:18 847976 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\Setup.exe
2012-07-06 05:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 22:05:14 91936 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pkndtr.dll
2012-06-27 22:04:21 24352 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknDTLT.dll
2012-06-27 22:03:39 23840 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknMDT.dll
2012-06-27 22:02:57 24864 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknheu.dll
2012-06-27 22:02:15 87840 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pkndtl.dll
2012-06-27 21:57:41 83744 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknsysmw.dll
2012-06-27 21:56:48 98080 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknreg.dll
2012-06-27 21:55:37 93984 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknproc.dll
2012-06-27 21:52:50 27936 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknrbt.dll
2012-06-27 21:51:44 146208 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknQrt.dll
2012-06-27 21:50:29 95008 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pkndisk.dll
2012-06-27 21:49:16 132384 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pkncmp.dll
2012-06-27 21:48:13 95520 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknmime.dll
2012-06-27 21:47:26 110368 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknbufae.dll
2012-06-27 21:46:28 29472 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknboot.dll
2012-06-27 21:45:41 29472 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknfile.dll
2012-06-27 21:44:45 37152 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknaccess.dll
2012-06-27 21:43:57 196896 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknComCtrl.dll
2012-06-27 21:42:05 36128 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PKNComms.dll
2012-06-27 21:41:18 91424 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pkncomiexm.dll
2012-06-27 21:40:04 179488 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknplg.dll
2012-06-27 21:36:31 15648 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskisig.dll
2012-06-27 21:29:33 72480 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskcoord.dll
2012-06-27 21:28:36 21280 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\psksrf.dll
2012-06-27 21:28:01 48416 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskras.dll
2012-06-27 21:27:00 85792 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskglk.dll
2012-06-27 21:25:39 32544 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskxs.dll
2012-06-27 21:24:57 49952 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\psksys.dll
2012-06-27 21:24:11 11552 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskstr.dll
2012-06-27 21:23:38 460576 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSKSQLT.dll
2012-06-27 21:20:08 140576 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskutil.dll
2012-06-27 21:17:52 526112 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskxml.dll
2012-06-27 21:16:45 49440 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskfcmp.dll
2012-06-27 21:16:00 21792 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskcrypt.dll
2012-06-27 21:15:23 67360 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pskcrt.dll
2012-06-04 17:07:27 85280 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\pknedt.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 20:52:50 428136 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\dg\PAVSMCL.dll
2012-05-31 20:52:45 150120 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\dg\PAV2WSC.dll
2012-05-31 20:52:39 131688 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\dg\DGNano.dll
2012-05-31 20:52:33 308840 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\dg\SMCLPav.dll
2012-05-31 20:52:27 207464 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\dg\PGUse.exe
2012-05-31 20:52:21 213096 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\dg\SMCLpav.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-31 02:15:45 2726352 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\tools\PandaSecurityTb.exe
2012-05-29 23:55:04 342632 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\program files\panda security\panda cloud antivirus\PSINanoRun.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-03 16:11:36 112456 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\Launcher.exe
2012-05-03 15:54:15 4988744 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan8.tmp\SetupUI.dll
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160815A rev.3.AAC -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A26C4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a27393c]; MOV EAX, [0x8a273ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8ACB7AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A7C4240]
\Driver\atapi[0x8AC2CCA8] -> IRP_MJ_CREATE -> 0x8A26C4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A26C2E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:24:45.09 ===============

Thank you in advance!

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Thank you for the reply, Gringo.

Here is the log from SecurityCheck:

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Panda Cloud Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 29
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Panda Security Panda Cloud Antivirus PSUAMain.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 34% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


Log from ComboFix:

ComboFix 12-07-27.02 - Ace Ducey 07/27/2012 0:16.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2906 [GMT -7:00]
Running from: c:\documents and settings\Ace Ducey\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 07:12 . 2011-03-11 01:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-07-25 02:59 . 2012-07-25 02:59 -------- d-----w- c:\documents and settings\Ace Ducey\Local Settings\Application Data\Sun
2012-07-24 15:55 . 2012-07-24 15:55 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-07-24 15:55 . 2012-07-24 15:55 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-07-24 15:55 . 2012-07-24 15:55 136672 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-07-24 15:55 . 2012-07-24 15:55 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-07-24 03:21 . 2012-07-24 03:21 -------- d-----w- c:\documents and settings\Ace Ducey\Application Data\Oracle
2012-07-24 03:21 . 2012-07-06 05:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-19 05:55 . 2012-07-19 05:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-19 05:42 . 2012-07-19 05:42 -------- d-----w- c:\program files\Common Files\Java
2012-07-19 05:41 . 2012-07-19 05:41 -------- d-----w- c:\program files\Oracle
2012-07-19 05:40 . 2012-07-19 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-07-18 09:31 . 2012-07-18 09:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-13 14:02 . 2012-07-13 14:02 120616 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-07-13 14:02 . 2012-07-13 14:02 179112 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-07-13 14:02 . 2012-07-13 14:02 114728 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-07-13 14:02 . 2012-07-13 14:02 101544 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-07-13 14:02 . 2012-07-13 14:02 149032 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-07-12 18:18 . 2012-07-12 18:18 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-06-27 22:51 . 2012-06-27 22:51 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-06-27 22:51 . 2012-06-27 22:51 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-06-27 22:51 . 2012-06-27 22:51 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-06-27 22:51 . 2012-06-27 22:51 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-06-27 22:51 . 2012-06-27 22:51 51496 ----a-w- c:\windows\system32\drivers\NNSpihs.sys
2012-06-27 22:51 . 2012-06-27 22:51 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-06-27 22:51 . 2012-06-27 22:51 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-06-27 22:51 . 2012-06-27 22:51 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-06-27 22:51 . 2012-06-27 22:51 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-06-27 22:51 . 2012-06-27 22:51 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 05:07 . 2011-08-03 03:51 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06 . 2011-08-03 03:51 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-04-12 19:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2003-07-16 16:45 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-04-12 18:38 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2003-07-16 16:31 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2003-07-16 16:37 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2011-04-12 08:32 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2011-04-12 08:32 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2011-04-12 08:32 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2011-04-12 08:32 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2009-08-07 02:23 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2011-04-12 08:32 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2011-04-12 08:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2011-04-12 08:32 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2011-04-12 07:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2003-07-16 16:19 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2011-04-12 08:32 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2011-04-12 08:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2011-04-12 07:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2003-03-20 23:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2003-07-16 16:33 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2002-08-29 01:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-04-12 07:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-24 15:55 . 2012-07-24 15:55 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" [X]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2003-07-16 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"PSUAMain"="f:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- f:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- f:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-08 02:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Winamp\\winamp.exe"=
"f:\\Program Files\\Steam\\Steam.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\rome total war gold\\RomeTW.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\rome total war gold\\RomeTW-BI.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\Sony Online Entertainment\\Installed Games\\EverQuest\\EQVoiceService.exe"=
"f:\\Program Files\\Opera\\opera.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\napoleon total war\\Napoleon.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/2/2011 12:32 PM 218688]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [6/27/2012 3:51 PM 82472]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [6/27/2012 3:51 PM 120744]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [6/27/2012 3:51 PM 122664]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [6/27/2012 3:51 PM 93992]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [6/27/2012 3:51 PM 104104]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [6/27/2012 3:51 PM 286376]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [6/27/2012 3:51 PM 153000]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [6/27/2012 3:51 PM 106536]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [7/12/2012 11:18 AM 206632]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [6/27/2012 3:51 PM 92840]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [7/13/2012 7:02 AM 179112]
R2 NanoServiceMain;Panda Cloud Antivirus Service;f:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [7/13/2012 6:57 AM 140064]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [7/13/2012 7:02 AM 149032]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [7/13/2012 7:02 AM 101544]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [7/13/2012 7:02 AM 114728]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [7/13/2012 7:02 AM 120616]
R2 PSUAService;Panda Product Service;f:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [7/13/2012 7:15 AM 36640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2011 12:16 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2011 12:16 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/7/2012 8:45 AM 113120]
S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [9/9/2011 1:54 PM 38536]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [5/3/2011 12:13 AM 223128]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [6/27/2012 3:51 PM 51496]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PSKMAD
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-20 19:16]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-20 19:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={FCD82787-2558-4015-8507-585D13950717}&mid=82ad155a80a447d08851d145b71e0489-e2dd74a8a5f86ed4734d82507fa9f649d27771e8&lang=en&ds=gm011&pr=sa&d=2012-04-24 23:10&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\documents and settings\Ace Ducey\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Ace Ducey\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Ace Ducey\Application Data\Mozilla\Firefox\Profiles\skwwuu8z.default-1342677914089\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-27 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160815A rev.3.AAC -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1AD2E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-07-27 00:28:05
ComboFix-quarantined-files.txt 2012-07-27 07:27
ComboFix2.txt 2012-07-27 06:55
ComboFix3.txt 2012-07-25 00:19
ComboFix4.txt 2012-07-23 23:07
.
Pre-Run: 108,139,048,960 bytes free
Post-Run: 108,134,412,288 bytes free
.
- - End Of File - - 0726A4A0F9B0DE8AC357D54F70707542

Google search is still getting redirected.

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Hiya Gringo!

One thing I noticed when I first turned on my computer is that I got a blue screen. I started it up in Safe Mode then restarted the computer normally after. Seems okay for now. Here are the scans:

TDSKiller Log:

21:54:49.0093 3496 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:54:49.0703 3496 ============================================================
21:54:49.0703 3496 Current date / time: 2012/07/27 21:54:49.0703
21:54:49.0703 3496 SystemInfo:
21:54:49.0703 3496
21:54:49.0703 3496 OS Version: 5.1.2600 ServicePack: 3.0
21:54:49.0703 3496 Product type: Workstation
21:54:49.0703 3496 ComputerName: XPS-CXN9X5C5LB3
21:54:49.0703 3496 UserName: Ace Ducey
21:54:49.0703 3496 Windows directory: C:\WINDOWS
21:54:49.0703 3496 System windows directory: C:\WINDOWS
21:54:49.0703 3496 Processor architecture: Intel x86
21:54:49.0703 3496 Number of processors: 1
21:54:49.0703 3496 Page size: 0x1000
21:54:49.0703 3496 Boot type: Normal boot
21:54:49.0703 3496 ============================================================
21:54:50.0546 3496 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:54:50.0562 3496 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:54:50.0562 3496 ============================================================
21:54:50.0562 3496 \Device\Harddisk0\DR0:
21:54:50.0562 3496 MBR partitions:
21:54:50.0562 3496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:54:50.0562 3496 \Device\Harddisk1\DR1:
21:54:50.0562 3496 MBR partitions:
21:54:50.0562 3496 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
21:54:50.0562 3496 ============================================================
21:54:50.0796 3496 C: <-> \Device\Harddisk0\DR0\Partition0
21:54:50.0796 3496 F: <-> \Device\Harddisk1\DR1\Partition0
21:54:50.0796 3496 ============================================================
21:54:50.0796 3496 Initialize success
21:54:50.0796 3496 ============================================================
21:55:20.0437 3736 ============================================================
21:55:20.0437 3736 Scan started
21:55:20.0437 3736 Mode: Manual;
21:55:20.0437 3736 ============================================================
21:55:20.0640 3736 Abiosdsk - ok
21:55:20.0656 3736 abp480n5 - ok
21:55:20.0718 3736 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:55:20.0734 3736 ACPI - ok
21:55:20.0765 3736 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:55:20.0765 3736 ACPIEC - ok
21:55:20.0781 3736 adpu160m - ok
21:55:20.0812 3736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:55:20.0812 3736 aec - ok
21:55:20.0875 3736 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:55:20.0890 3736 AFD - ok
21:55:20.0906 3736 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:55:20.0906 3736 agp440 - ok
21:55:20.0906 3736 Aha154x - ok
21:55:20.0921 3736 aic78u2 - ok
21:55:20.0921 3736 aic78xx - ok
21:55:20.0984 3736 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:55:21.0000 3736 Alerter - ok
21:55:21.0031 3736 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:55:21.0031 3736 ALG - ok
21:55:21.0046 3736 AliIde - ok
21:55:21.0046 3736 amsint - ok
21:55:21.0203 3736 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:55:21.0203 3736 Apple Mobile Device - ok
21:55:21.0250 3736 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:55:21.0265 3736 AppMgmt - ok
21:55:21.0265 3736 asc - ok
21:55:21.0281 3736 asc3350p - ok
21:55:21.0281 3736 asc3550 - ok
21:55:21.0375 3736 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:55:21.0375 3736 aspnet_state - ok
21:55:21.0406 3736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:55:21.0406 3736 AsyncMac - ok
21:55:21.0421 3736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:55:21.0437 3736 atapi - ok
21:55:21.0437 3736 Atdisk - ok
21:55:21.0468 3736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:55:21.0468 3736 Atmarpc - ok
21:55:21.0515 3736 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:55:21.0515 3736 AudioSrv - ok
21:55:21.0593 3736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:55:21.0593 3736 audstub - ok
21:55:21.0656 3736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:55:21.0656 3736 Beep - ok
21:55:21.0718 3736 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:55:21.0750 3736 BITS - ok
21:55:21.0859 3736 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:55:21.0875 3736 Bonjour Service - ok
21:55:21.0937 3736 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:55:21.0937 3736 Browser - ok
21:55:22.0031 3736 catchme - ok
21:55:22.0078 3736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:55:22.0078 3736 cbidf2k - ok
21:55:22.0078 3736 cd20xrnt - ok
21:55:22.0171 3736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:55:22.0171 3736 Cdaudio - ok
21:55:22.0234 3736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:55:22.0234 3736 Cdfs - ok
21:55:22.0250 3736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:55:22.0250 3736 Cdrom - ok
21:55:22.0265 3736 Changer - ok
21:55:22.0312 3736 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:55:22.0312 3736 CiSvc - ok
21:55:22.0343 3736 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:55:22.0343 3736 ClipSrv - ok
21:55:22.0421 3736 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:22.0421 3736 clr_optimization_v2.0.50727_32 - ok
21:55:22.0437 3736 CmdIde - ok
21:55:22.0453 3736 COMSysApp - ok
21:55:22.0453 3736 Cpqarray - ok
21:55:22.0484 3736 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:55:22.0484 3736 CryptSvc - ok
21:55:22.0531 3736 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
21:55:22.0531 3736 ctljystk - ok
21:55:22.0546 3736 dac2w2k - ok
21:55:22.0562 3736 dac960nt - ok
21:55:22.0625 3736 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:55:22.0640 3736 DcomLaunch - ok
21:55:22.0718 3736 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:55:22.0718 3736 Dhcp - ok
21:55:22.0734 3736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:55:22.0734 3736 Disk - ok
21:55:22.0750 3736 dmadmin - ok
21:55:22.0796 3736 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:55:22.0828 3736 dmboot - ok
21:55:22.0843 3736 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:55:22.0843 3736 dmio - ok
21:55:22.0890 3736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:55:22.0890 3736 dmload - ok
21:55:22.0921 3736 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:55:22.0921 3736 dmserver - ok
21:55:22.0937 3736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:55:22.0937 3736 DMusic - ok
21:55:22.0984 3736 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:55:22.0984 3736 Dnscache - ok
21:55:23.0046 3736 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:55:23.0062 3736 Dot3svc - ok
21:55:23.0062 3736 dpti2o - ok
21:55:23.0109 3736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:55:23.0109 3736 drmkaud - ok
21:55:23.0218 3736 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:55:23.0218 3736 dtsoftbus01 - ok
21:55:23.0281 3736 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
21:55:23.0281 3736 E1000 - ok
21:55:23.0312 3736 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:55:23.0312 3736 EapHost - ok
21:55:23.0375 3736 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
21:55:23.0390 3736 emu10k - ok
21:55:23.0406 3736 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
21:55:23.0406 3736 emu10k1 - ok
21:55:23.0453 3736 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:55:23.0453 3736 ERSvc - ok
21:55:23.0515 3736 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:55:23.0515 3736 Eventlog - ok
21:55:23.0593 3736 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
21:55:23.0609 3736 EventSystem - ok
21:55:23.0656 3736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:55:23.0671 3736 Fastfat - ok
21:55:23.0718 3736 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:55:23.0718 3736 FastUserSwitchingCompatibility - ok
21:55:23.0750 3736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:55:23.0750 3736 Fdc - ok
21:55:23.0796 3736 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:55:23.0796 3736 Fips - ok
21:55:23.0796 3736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:55:23.0812 3736 Flpydisk - ok
21:55:23.0812 3736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:55:23.0828 3736 FltMgr - ok
21:55:23.0968 3736 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:55:23.0968 3736 FontCache3.0.0.0 - ok
21:55:24.0000 3736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:55:24.0000 3736 Fs_Rec - ok
21:55:24.0015 3736 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:55:24.0015 3736 Ftdisk - ok
21:55:24.0062 3736 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:55:24.0062 3736 gameenum - ok
21:55:24.0109 3736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:55:24.0109 3736 GEARAspiWDM - ok
21:55:24.0156 3736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:55:24.0156 3736 Gpc - ok
21:55:24.0281 3736 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:55:24.0281 3736 gupdate - ok
21:55:24.0296 3736 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:55:24.0296 3736 gupdatem - ok
21:55:24.0390 3736 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:55:24.0390 3736 helpsvc - ok
21:55:24.0421 3736 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:55:24.0421 3736 HidServ - ok
21:55:24.0453 3736 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:55:24.0453 3736 HidUsb - ok
21:55:24.0515 3736 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:55:24.0515 3736 hkmsvc - ok
21:55:24.0531 3736 hpn - ok
21:55:24.0578 3736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:55:24.0609 3736 HTTP - ok
21:55:24.0625 3736 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:55:24.0625 3736 HTTPFilter - ok
21:55:24.0640 3736 i2omgmt - ok
21:55:24.0640 3736 i2omp - ok
21:55:24.0687 3736 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:55:24.0687 3736 i8042prt - ok
21:55:24.0750 3736 ICDSPTSV (05c0a75ba2f910f69a643ee4f9767acf) C:\WINDOWS\system32\IcdSptSv.exe
21:55:24.0750 3736 ICDSPTSV - ok
21:55:24.0875 3736 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:55:24.0937 3736 idsvc - ok
21:55:24.0984 3736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:55:24.0984 3736 Imapi - ok
21:55:25.0046 3736 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:55:25.0046 3736 ImapiService - ok
21:55:25.0062 3736 ini910u - ok
21:55:25.0078 3736 IntelIde - ok
21:55:25.0125 3736 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:55:25.0125 3736 intelppm - ok
21:55:25.0156 3736 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:55:25.0156 3736 ip6fw - ok
21:55:25.0187 3736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:55:25.0187 3736 IpFilterDriver - ok
21:55:25.0218 3736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:55:25.0218 3736 IpInIp - ok
21:55:25.0250 3736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:55:25.0265 3736 IpNat - ok
21:55:25.0375 3736 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:55:25.0406 3736 iPod Service - ok
21:55:25.0421 3736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:55:25.0421 3736 IPSec - ok
21:55:25.0468 3736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:55:25.0468 3736 IRENUM - ok
21:55:25.0515 3736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:55:25.0515 3736 isapnp - ok
21:55:25.0640 3736 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:55:25.0640 3736 JavaQuickStarterService - ok
21:55:25.0656 3736 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:55:25.0656 3736 Kbdclass - ok
21:55:25.0671 3736 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:55:25.0671 3736 kbdhid - ok
21:55:25.0734 3736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:55:25.0750 3736 kmixer - ok
21:55:25.0781 3736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:55:25.0796 3736 KSecDD - ok
21:55:25.0875 3736 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:55:25.0890 3736 lanmanserver - ok
21:55:25.0906 3736 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:55:25.0921 3736 lanmanworkstation - ok
21:55:25.0937 3736 lbrtfdc - ok
21:55:26.0000 3736 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:55:26.0000 3736 LmHosts - ok
21:55:26.0031 3736 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:55:26.0031 3736 Messenger - ok
21:55:26.0078 3736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:55:26.0078 3736 mnmdd - ok
21:55:26.0125 3736 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
21:55:26.0140 3736 mnmsrvc - ok
21:55:26.0156 3736 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:55:26.0156 3736 Modem - ok
21:55:26.0171 3736 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:55:26.0171 3736 Mouclass - ok
21:55:26.0218 3736 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:55:26.0218 3736 mouhid - ok
21:55:26.0250 3736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:55:26.0250 3736 MountMgr - ok
21:55:26.0343 3736 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:55:26.0359 3736 MozillaMaintenance - ok
21:55:26.0359 3736 mraid35x - ok
21:55:26.0406 3736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:55:26.0437 3736 MRxDAV - ok
21:55:26.0500 3736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:55:26.0515 3736 MRxSmb - ok
21:55:26.0578 3736 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
21:55:26.0578 3736 MSDTC - ok
21:55:26.0593 3736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:55:26.0593 3736 Msfs - ok
21:55:26.0593 3736 MSIServer - ok
21:55:26.0640 3736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:55:26.0656 3736 MSKSSRV - ok
21:55:26.0671 3736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:55:26.0687 3736 MSPCLOCK - ok
21:55:26.0718 3736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:55:26.0718 3736 MSPQM - ok
21:55:26.0734 3736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:55:26.0734 3736 mssmbios - ok
21:55:26.0781 3736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:55:26.0781 3736 Mup - ok
21:55:26.0890 3736 NanoServiceMain (07b2740cf3294b98380b9e1bf8ab05b8) F:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
21:55:26.0890 3736 NanoServiceMain - ok
21:55:26.0968 3736 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:55:26.0984 3736 napagent - ok
21:55:27.0031 3736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:55:27.0046 3736 NDIS - ok
21:55:27.0093 3736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:55:27.0093 3736 NdisTapi - ok
21:55:27.0109 3736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:55:27.0109 3736 Ndisuio - ok
21:55:27.0125 3736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:55:27.0125 3736 NdisWan - ok
21:55:27.0187 3736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:55:27.0187 3736 NDProxy - ok
21:55:27.0250 3736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:55:27.0250 3736 NetBIOS - ok
21:55:27.0265 3736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:55:27.0281 3736 NetBT - ok
21:55:27.0328 3736 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:55:27.0328 3736 NetDDE - ok
21:55:27.0343 3736 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:55:27.0343 3736 NetDDEdsdm - ok
21:55:27.0375 3736 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:27.0375 3736 Netlogon - ok
21:55:27.0390 3736 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:55:27.0406 3736 Netman - ok
21:55:27.0562 3736 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:55:27.0562 3736 NetTcpPortSharing - ok
21:55:27.0625 3736 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:55:27.0671 3736 Nla - ok
21:55:27.0734 3736 NNSALPC (cfee15a88280d369672da0e378bbc702) C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys
21:55:27.0734 3736 NNSALPC - ok
21:55:27.0750 3736 NNSHTTP (2708799adc223c4412341f0c68d032e3) C:\WINDOWS\system32\DRIVERS\NNSHttp.sys
21:55:27.0750 3736 NNSHTTP - ok
21:55:27.0781 3736 NNSIDS (533f19056b98d9cce466b64186905bc1) C:\WINDOWS\system32\DRIVERS\NNSIds.sys
21:55:27.0781 3736 NNSIDS - ok
21:55:27.0828 3736 NNSNAHS (5f7a83b1fc6cae3e46b215f5e5c759e9) C:\WINDOWS\system32\DRIVERS\NNSNAHS.sys
21:55:27.0828 3736 NNSNAHS - ok
21:55:27.0843 3736 NNSPICC (1f054c5ca627fcd3983538d74574016b) C:\WINDOWS\system32\DRIVERS\NNSPicc.sys
21:55:27.0843 3736 NNSPICC - ok
21:55:27.0890 3736 NNSPIHS (1aba7d70e4f029892a381c75ee144c16) C:\WINDOWS\system32\DRIVERS\NNSPihs.sys
21:55:27.0890 3736 NNSPIHS - ok
21:55:27.0937 3736 NNSPOP3 (5f8c023775b8f4a0a8ffc93dd0a27285) C:\WINDOWS\system32\DRIVERS\NNSPop3.sys
21:55:27.0937 3736 NNSPOP3 - ok
21:55:27.0968 3736 NNSPROT (ca541ce4a1fc034eec8cfd6c155b9d30) C:\WINDOWS\system32\DRIVERS\NNSProt.sys
21:55:27.0968 3736 NNSPROT - ok
21:55:28.0000 3736 NNSPRV (938e8ccc7ac5922f2e3dbdf3e7a3035c) C:\WINDOWS\system32\DRIVERS\NNSPrv.sys
21:55:28.0000 3736 NNSPRV - ok
21:55:28.0015 3736 NNSSMTP (2458e950f0a0dd9ad08385209b5e1702) C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys
21:55:28.0015 3736 NNSSMTP - ok
21:55:28.0031 3736 NNSSTRM (75d990651236a570c4c80ed56bfb4009) C:\WINDOWS\system32\DRIVERS\NNSStrm.sys
21:55:28.0031 3736 NNSSTRM - ok
21:55:28.0062 3736 NNSTLSC (9d526b79e7d438056ed7d382ab94019a) C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys
21:55:28.0062 3736 NNSTLSC - ok
21:55:28.0109 3736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:55:28.0109 3736 Npfs - ok
21:55:28.0140 3736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:55:28.0156 3736 Ntfs - ok
21:55:28.0203 3736 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:55:28.0203 3736 NtLmSsp - ok
21:55:28.0281 3736 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:55:28.0296 3736 NtmsSvc - ok
21:55:28.0343 3736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:55:28.0343 3736 Null - ok
21:55:28.0750 3736 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:55:29.0015 3736 nv - ok
21:55:29.0156 3736 NVSvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\System32\nvsvc32.exe
21:55:29.0156 3736 NVSvc - ok
21:55:29.0203 3736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:55:29.0203 3736 NwlnkFlt - ok
21:55:29.0203 3736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:55:29.0218 3736 NwlnkFwd - ok
21:55:29.0296 3736 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
21:55:29.0296 3736 OMCI - ok
21:55:29.0343 3736 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:55:29.0359 3736 Parport - ok
21:55:29.0375 3736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:55:29.0375 3736 PartMgr - ok
21:55:29.0421 3736 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:55:29.0421 3736 ParVdm - ok
21:55:29.0437 3736 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:55:29.0437 3736 PCI - ok
21:55:29.0453 3736 PCIDump - ok
21:55:29.0484 3736 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:55:29.0484 3736 PCIIde - ok
21:55:29.0531 3736 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:55:29.0531 3736 Pcmcia - ok
21:55:29.0546 3736 PDCOMP - ok
21:55:29.0546 3736 PDFRAME - ok
21:55:29.0562 3736 PDRELI - ok
21:55:29.0562 3736 PDRFRAME - ok
21:55:29.0578 3736 perc2 - ok
21:55:29.0578 3736 perc2hib - ok
21:55:29.0640 3736 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:55:29.0640 3736 PlugPlay - ok
21:55:29.0671 3736 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:29.0687 3736 PolicyAgent - ok
21:55:29.0750 3736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:55:29.0750 3736 PptpMiniport - ok
21:55:29.0796 3736 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:55:29.0796 3736 Processor - ok
21:55:29.0812 3736 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:29.0812 3736 ProtectedStorage - ok
21:55:29.0828 3736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:55:29.0828 3736 PSched - ok
21:55:29.0890 3736 PSINAflt (8abbc5f1492bfde63feae2718a630e5c) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
21:55:29.0890 3736 PSINAflt - ok
21:55:29.0906 3736 PSINFile (d92fd5186c6ed7a0cfe5e4fa69cfef59) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
21:55:29.0906 3736 PSINFile - ok
21:55:29.0921 3736 PSINKNC (c24fa396ff16d8c671d9e5807a0bc8b7) C:\WINDOWS\system32\DRIVERS\psinknc.sys
21:55:29.0921 3736 PSINKNC - ok
21:55:29.0937 3736 PSINProc (c52b3e1631cfa5e3bbde6d2558c0cc72) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
21:55:29.0937 3736 PSINProc - ok
21:55:29.0953 3736 PSINProt (0e4c4813c2aa327229f387e3921e69c3) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
21:55:29.0953 3736 PSINProt - ok
21:55:30.0078 3736 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:55:30.0078 3736 PSI_SVC_2 - ok
21:55:30.0125 3736 PSKMAD (476769481841007583875023f7ecc4ca) C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
21:55:30.0125 3736 PSKMAD - ok
21:55:30.0171 3736 PSUAService (98a9d3236c6301503571de79b86e8538) F:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
21:55:30.0171 3736 PSUAService - ok
21:55:30.0203 3736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:55:30.0203 3736 Ptilink - ok
21:55:30.0312 3736 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:55:30.0312 3736 PxHelp20 - ok
21:55:30.0328 3736 ql1080 - ok
21:55:30.0328 3736 Ql10wnt - ok
21:55:30.0343 3736 ql12160 - ok
21:55:30.0343 3736 ql1240 - ok
21:55:30.0359 3736 ql1280 - ok
21:55:30.0406 3736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:55:30.0406 3736 RasAcd - ok
21:55:30.0453 3736 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:55:30.0453 3736 RasAuto - ok
21:55:30.0500 3736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:55:30.0500 3736 Rasl2tp - ok
21:55:30.0562 3736 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:55:30.0578 3736 RasMan - ok
21:55:30.0593 3736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:55:30.0593 3736 RasPppoe - ok
21:55:30.0609 3736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:55:30.0609 3736 Raspti - ok
21:55:30.0656 3736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:55:30.0671 3736 Rdbss - ok
21:55:30.0671 3736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:55:30.0687 3736 RDPCDD - ok
21:55:30.0718 3736 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:55:30.0734 3736 rdpdr - ok
21:55:30.0796 3736 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:55:30.0796 3736 RDPWD - ok
21:55:30.0828 3736 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:55:30.0828 3736 RDSessMgr - ok
21:55:30.0859 3736 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:55:30.0859 3736 redbook - ok
21:55:30.0906 3736 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:55:30.0921 3736 RemoteAccess - ok
21:55:30.0968 3736 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:55:30.0968 3736 RemoteRegistry - ok
21:55:30.0984 3736 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
21:55:30.0984 3736 RpcLocator - ok
21:55:31.0046 3736 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:55:31.0046 3736 RpcSs - ok
21:55:31.0109 3736 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
21:55:31.0125 3736 RSVP - ok
21:55:31.0171 3736 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:31.0171 3736 SamSs - ok
21:55:31.0187 3736 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:55:31.0203 3736 SCardSvr - ok
21:55:31.0250 3736 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:55:31.0265 3736 Schedule - ok
21:55:31.0328 3736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:55:31.0328 3736 Secdrv - ok
21:55:31.0343 3736 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:55:31.0343 3736 seclogon - ok
21:55:31.0359 3736 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:55:31.0359 3736 SENS - ok
21:55:31.0375 3736 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:55:31.0375 3736 serenum - ok
21:55:31.0390 3736 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:55:31.0390 3736 Serial - ok
21:55:31.0421 3736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:55:31.0421 3736 Sfloppy - ok
21:55:31.0468 3736 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
21:55:31.0468 3736 sfman - ok
21:55:31.0531 3736 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:55:31.0546 3736 SharedAccess - ok
21:55:31.0593 3736 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:55:31.0609 3736 ShellHWDetection - ok
21:55:31.0609 3736 Simbad - ok
21:55:31.0625 3736 Sparrow - ok
21:55:31.0671 3736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:55:31.0671 3736 splitter - ok
21:55:31.0734 3736 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:55:31.0734 3736 Spooler - ok
21:55:31.0750 3736 sptd - ok
21:55:31.0796 3736 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:55:31.0796 3736 sr - ok
21:55:31.0843 3736 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:55:31.0859 3736 srservice - ok
21:55:31.0906 3736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:55:31.0937 3736 Srv - ok
21:55:31.0953 3736 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:55:31.0953 3736 SSDPSRV - ok
21:55:32.0031 3736 Steam Client Service - ok
21:55:32.0078 3736 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:55:32.0093 3736 stisvc - ok
21:55:32.0140 3736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:55:32.0140 3736 swenum - ok
21:55:32.0156 3736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:55:32.0156 3736 swmidi - ok
21:55:32.0156 3736 SwPrv - ok
21:55:32.0171 3736 symc810 - ok
21:55:32.0187 3736 symc8xx - ok
21:55:32.0187 3736 sym_hi - ok
21:55:32.0203 3736 sym_u3 - ok
21:55:32.0234 3736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:55:32.0250 3736 sysaudio - ok
21:55:32.0343 3736 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:55:32.0343 3736 SysmonLog - ok
21:55:32.0375 3736 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:55:32.0390 3736 TapiSrv - ok
21:55:32.0453 3736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:55:32.0468 3736 Tcpip - ok
21:55:32.0515 3736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:55:32.0515 3736 TDPIPE - ok
21:55:32.0531 3736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:55:32.0531 3736 TDTCP - ok
21:55:32.0562 3736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:55:32.0578 3736 TermDD - ok
21:55:32.0625 3736 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:55:32.0640 3736 TermService - ok
21:55:32.0703 3736 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:55:32.0703 3736 Themes - ok
21:55:32.0750 3736 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
21:55:32.0750 3736 TlntSvr - ok
21:55:32.0765 3736 TosIde - ok
21:55:32.0812 3736 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:55:32.0812 3736 TrkWks - ok
21:55:32.0875 3736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:55:32.0875 3736 Udfs - ok
21:55:32.0890 3736 ultra - ok
21:55:32.0890 3736 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
21:55:32.0890 3736 UMWdf - ok
21:55:32.0953 3736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:55:32.0968 3736 Update - ok
21:55:33.0000 3736 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:55:33.0015 3736 upnphost - ok
21:55:33.0046 3736 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:55:33.0046 3736 UPS - ok
21:55:33.0109 3736 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:55:33.0109 3736 USBAAPL - ok
21:55:33.0125 3736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:55:33.0125 3736 usbccgp - ok
21:55:33.0140 3736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:55:33.0140 3736 usbehci - ok
21:55:33.0156 3736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:55:33.0156 3736 usbhub - ok
21:55:33.0218 3736 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:55:33.0218 3736 usbscan - ok
21:55:33.0250 3736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:55:33.0250 3736 USBSTOR - ok
21:55:33.0265 3736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:55:33.0265 3736 usbuhci - ok
21:55:33.0296 3736 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
21:55:33.0359 3736 USRpdA - ok
21:55:33.0421 3736 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
21:55:33.0437 3736 vaxscsi - ok
21:55:33.0468 3736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:55:33.0468 3736 VgaSave - ok
21:55:33.0468 3736 ViaIde - ok
21:55:33.0531 3736 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:55:33.0531 3736 VolSnap - ok
21:55:33.0593 3736 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:55:33.0609 3736 VSS - ok
21:55:33.0671 3736 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:55:33.0703 3736 W32Time - ok
21:55:33.0750 3736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:55:33.0750 3736 Wanarp - ok
21:55:33.0765 3736 WDICA - ok
21:55:33.0796 3736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:55:33.0812 3736 wdmaud - ok
21:55:33.0828 3736 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:55:33.0828 3736 WebClient - ok
21:55:33.0937 3736 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:55:33.0953 3736 winmgmt - ok
21:55:34.0000 3736 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
21:55:34.0000 3736 WmdmPmSN - ok
21:55:34.0078 3736 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:55:34.0093 3736 Wmi - ok
21:55:34.0140 3736 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:55:34.0140 3736 WmiApSrv - ok
21:55:34.0203 3736 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:55:34.0203 3736 WS2IFSL - ok
21:55:34.0265 3736 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:55:34.0265 3736 wscsvc - ok
21:55:34.0312 3736 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:55:34.0312 3736 wuauserv - ok
21:55:34.0390 3736 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:55:34.0406 3736 WZCSVC - ok
21:55:34.0453 3736 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:55:34.0468 3736 xmlprov - ok
21:55:34.0500 3736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:55:34.0515 3736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:55:34.0515 3736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:55:34.0531 3736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:55:34.0921 3736 \Device\Harddisk1\DR1 - ok
21:55:34.0921 3736 Boot (0x1200) (e38bf0c4729e9b8ff761251970764839) \Device\Harddisk0\DR0\Partition0
21:55:34.0921 3736 \Device\Harddisk0\DR0\Partition0 - ok
21:55:34.0937 3736 Boot (0x1200) (47bec8aff40322a7a73d32deece9de13) \Device\Harddisk1\DR1\Partition0
21:55:34.0937 3736 \Device\Harddisk1\DR1\Partition0 - ok
21:55:34.0937 3736 ============================================================
21:55:34.0937 3736 Scan finished
21:55:34.0937 3736 ============================================================
21:55:34.0953 3284 Detected object count: 1
21:55:34.0953 3284 Actual detected object count: 1
21:56:03.0843 3284 \Device\Harddisk0\DR0\# - copied to quarantine
21:56:03.0843 3284 \Device\Harddisk0\DR0 - copied to quarantine
21:56:03.0859 3284 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:56:03.0859 3284 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:56:03.0875 3284 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:56:03.0875 3284 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:56:03.0890 3284 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:56:03.0890 3284 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:56:03.0921 3284 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:56:03.0921 3284 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:56:03.0937 3284 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:56:03.0937 3284 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:56:03.0937 3284 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:56:03.0953 3284 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:56:03.0953 3284 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:56:03.0953 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:56:03.0968 3284 \Device\Harddisk0\DR0 - ok
21:56:05.0093 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:56:12.0218 3380 Deinitialize success


aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 22:04:41
-----------------------------
22:04:41.312 OS Version: Windows 5.1.2600 Service Pack 3
22:04:41.312 Number of processors: 1 586 0x209
22:04:41.312 ComputerName: XPS-CXN9X5C5LB3 UserName: Ace Ducey
22:04:41.781 Initialize success
22:08:04.593 AVAST engine defs: 12072701
22:09:24.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:09:24.125 Disk 0 Vendor: ST3160815A 3.AAC Size: 152627MB BusType: 3
22:09:24.125 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
22:09:24.125 Disk 1 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
22:09:24.156 Disk 0 MBR read successfully
22:09:24.156 Disk 0 MBR scan
22:09:24.203 Disk 0 Windows XP default MBR code
22:09:24.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
22:09:24.203 Disk 0 scanning sectors +312560640
22:09:24.281 Disk 0 scanning C:\WINDOWS\system32\drivers
22:09:35.109 Service scanning
22:09:51.390 Modules scanning
22:09:57.343 Disk 0 trace - called modules:
22:09:57.875 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:09:57.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad51ab8]
22:09:57.875 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ad0db00]
22:09:58.421 AVAST engine scan C:\WINDOWS
22:10:14.390 AVAST engine scan C:\WINDOWS\system32
22:13:23.625 AVAST engine scan C:\WINDOWS\system32\drivers
22:13:42.703 AVAST engine scan C:\Documents and Settings\Ace Ducey
22:16:38.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ace Ducey\Desktop\MBR.dat"
22:16:38.890 The log file has been saved successfully to "C:\Documents and Settings\Ace Ducey\Desktop\aswMBR.txt"


My Google home page now looks like it should with YouTube link at the top bar and a "Google doodle" above the search box.

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

Hiya Gringo!

Here is the latest file from ComboFix:

ComboFix 12-07-29.02 - Ace Ducey 07/29/2012 15:38:38.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2888 [GMT -7:00]
Running from: c:\documents and settings\Ace Ducey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ace Ducey\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 22:32 . 2011-03-11 01:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-07-28 04:56 . 2012-07-28 04:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-25 02:59 . 2012-07-25 02:59 -------- d-----w- c:\documents and settings\Ace Ducey\Local Settings\Application Data\Sun
2012-07-24 15:55 . 2012-07-24 15:55 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-07-24 15:55 . 2012-07-24 15:55 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-07-24 15:55 . 2012-07-24 15:55 136672 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-07-24 15:55 . 2012-07-24 15:55 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-07-24 03:21 . 2012-07-24 03:21 -------- d-----w- c:\documents and settings\Ace Ducey\Application Data\Oracle
2012-07-24 03:21 . 2012-07-06 05:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-19 05:55 . 2012-07-19 05:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-19 05:42 . 2012-07-19 05:42 -------- d-----w- c:\program files\Common Files\Java
2012-07-19 05:41 . 2012-07-19 05:41 -------- d-----w- c:\program files\Oracle
2012-07-19 05:40 . 2012-07-19 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-07-18 09:31 . 2012-07-18 09:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-13 14:02 . 2012-07-13 14:02 120616 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-07-13 14:02 . 2012-07-13 14:02 179112 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-07-13 14:02 . 2012-07-13 14:02 114728 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-07-13 14:02 . 2012-07-13 14:02 101544 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-07-13 14:02 . 2012-07-13 14:02 149032 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-07-12 18:18 . 2012-07-12 18:18 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 05:07 . 2011-08-03 03:51 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06 . 2011-08-03 03:51 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-04-12 19:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 22:51 . 2012-06-27 22:51 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-06-27 22:51 . 2012-06-27 22:51 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-06-27 22:51 . 2012-06-27 22:51 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-06-27 22:51 . 2012-06-27 22:51 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-06-27 22:51 . 2012-06-27 22:51 51496 ----a-w- c:\windows\system32\drivers\NNSpihs.sys
2012-06-27 22:51 . 2012-06-27 22:51 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-06-27 22:51 . 2012-06-27 22:51 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-06-27 22:51 . 2012-06-27 22:51 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-06-27 22:51 . 2012-06-27 22:51 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-06-27 22:51 . 2012-06-27 22:51 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-06-13 13:19 . 2003-07-16 16:45 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-04-12 18:38 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2003-07-16 16:31 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2003-07-16 16:37 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2011-04-12 08:32 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2011-04-12 08:32 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2011-04-12 08:32 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2011-04-12 08:32 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2009-08-07 02:23 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2011-04-12 08:32 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2011-04-12 08:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2011-04-12 08:32 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2011-04-12 07:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2003-07-16 16:19 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2011-04-12 08:32 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2011-04-12 08:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2011-04-12 07:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2003-03-20 23:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2003-07-16 16:33 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2002-08-29 01:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-04-12 07:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-24 15:55 . 2012-07-24 15:55 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" [X]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2003-07-16 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"PSUAMain"="f:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- f:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- f:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-08 02:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Winamp\\winamp.exe"=
"f:\\Program Files\\Steam\\Steam.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\rome total war gold\\RomeTW.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\rome total war gold\\RomeTW-BI.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\Sony Online Entertainment\\Installed Games\\EverQuest\\EQVoiceService.exe"=
"f:\\Program Files\\Opera\\opera.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\napoleon total war\\Napoleon.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/2/2011 12:32 PM 218688]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [6/27/2012 3:51 PM 82472]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [6/27/2012 3:51 PM 120744]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [6/27/2012 3:51 PM 122664]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [6/27/2012 3:51 PM 93992]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [6/27/2012 3:51 PM 104104]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [6/27/2012 3:51 PM 286376]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [6/27/2012 3:51 PM 153000]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [6/27/2012 3:51 PM 106536]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [7/12/2012 11:18 AM 206632]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [6/27/2012 3:51 PM 92840]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [7/13/2012 7:02 AM 179112]
R2 NanoServiceMain;Panda Cloud Antivirus Service;f:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [7/13/2012 6:57 AM 140064]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [7/13/2012 7:02 AM 149032]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [7/13/2012 7:02 AM 101544]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [7/13/2012 7:02 AM 114728]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [7/13/2012 7:02 AM 120616]
R2 PSUAService;Panda Product Service;f:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [7/13/2012 7:15 AM 36640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2011 12:16 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2011 12:16 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/7/2012 8:45 AM 113120]
S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [9/9/2011 1:54 PM 38536]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [5/3/2011 12:13 AM 223128]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [6/27/2012 3:51 PM 51496]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PSKMAD
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-20 19:16]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-20 19:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={FCD82787-2558-4015-8507-585D13950717}&mid=82ad155a80a447d08851d145b71e0489-e2dd74a8a5f86ed4734d82507fa9f649d27771e8&lang=en&ds=gm011&pr=sa&d=2012-04-24 23:10&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\documents and settings\Ace Ducey\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Ace Ducey\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Ace Ducey\Application Data\Mozilla\Firefox\Profiles\skwwuu8z.default-1342677914089\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 15:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-07-29 15:49:00
ComboFix-quarantined-files.txt 2012-07-29 22:48
ComboFix2.txt 2012-07-28 06:23
ComboFix3.txt 2012-07-27 07:28
ComboFix4.txt 2012-07-27 06:55
ComboFix5.txt 2012-07-29 22:37
.
Pre-Run: 108,094,808,064 bytes free
Post-Run: 108,083,695,616 bytes free
.
- - End Of File - - 39CC7F46D5B5BFB126C068463FD7366A


I did not get a blue screen when I started my computer my Google home page is still the normal one, and searches on Google are not getting redirected.

Again, thank you for your help on this.

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29
[/list]

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.



Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
• Run the installer to install the application.
• When it gives you the option to install Yahoo toolbar uncheck the box next to it.
• Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
• Click Run Cleaner.
• Close CCleaner.

: Malwarebytes' Anti-Malware :

• I would like you to rerun MBAM
  
• Double-click mbam icon
• go to the update tab at the top
• click on check for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
• If you accidentally close it, the log file is saved here and will be named like this:
• C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

Hi Gringo!

Here are the new logs you requested.

MBAM Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ace Ducey :: XPS-CXN9X5C5LB3 [administrator]

7/30/2012 1:01:10 AM
mbam-log-2012-07-30 (01-01-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275847
Time elapsed: 42 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:01 AM, on 7/30/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
F:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
F:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
F:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
F:\My Documents\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={FCD82787-2558-4015-8507-585D13950717}&mid=82ad155a80a447d08851d145b71e0489-e2dd74a8a5f86ed4734d82507fa9f649d27771e8&lang=en&ds=gm011&pr=sa&d=2012-04-24 23:10:49&v=11.0.0.9&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSUAMain] "F:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [Steam] "F:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Ace Ducey\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Ace Ducey\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302597116812
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - F:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - F:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6701 bytes


Google does not seem to be getting redirected at all anymore.

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):
  
  
  • O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Steam] "F:\Program Files\Steam\steam.exe" -silent
    
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.
  
  NOTE**You can research each of those lines >here< and see if you want to keep them or not
  just copy the name between the brackets and paste into the search space
  O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• click on the Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
  
  • Click Start
• When asked, allow the add/on to be installed
  
  • Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings, ensure the options
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• wait for the virus definitions to be downloaded
• Wait for the scan to finish

When the scan is complete

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
• close program
• report to me that nothing was found

• If threats were found
  
• click on "list of threats found"
• click on "export to text file" and save it as ESET SCAN and save to the desktop
• Click on back
• put a checkmark in "Uninstall application on close"
• click on finish
• close program
• copy and paste the report here

Gringo

Hi Gringo!

ESET listed some threats:

C:\TDSSKiller_Quarantine\27.07.2012_21.54.49\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\27.07.2012_21.54.49\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\27.07.2012_21.54.49\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\27.07.2012_21.54.49\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\27.07.2012_21.54.49\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\27.07.2012_21.54.49\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\27.07.2012_21.54.49\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan


Thank you for your help in this!

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\TDSSKiller_Quarantine\<-- TDSSKiller

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

• To re-enable your Emulation drivers, double click DeFogger to run the tool.
  
• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

• turn off all active protection software
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

• Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  
• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
  
  Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

Hiya Gringo!

I read your last post in the thread and cleaned up the removal tools. Everything looks like it's all back to normal. Thank you again for your help in this problem!

you are more than welcome


gringo

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.