Redirected on Google searches

[alexboy]

After doing a Google search and clicking on the given links, I am often (but not always) redirected to another bogus site. A MBAM scan came back clean, and after running Spybot and allegedly "fixing" the problems it found, the Google problem persists. If anyone can help, I'd be very grateful. Here are the MBAM and HJT logs:

Malwarebytes' Anti-Malware 1.41

Database version: 3070

Windows 5.1.2600 Service Pack 2

10/31/2009 2:17:19 PM

mbam-log-2009-10-31 (14-17-19).txt

Scan type: Quick Scan

Objects scanned: 125948

Time elapsed: 18 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:54:48 PM, on 10/31/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\Documents and Settings\HP_Administrator\Desktop\yProxy.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.212.127.226 osguard-pro.microsoft.com

O1 - Hosts: 91.212.127.226 osguard-pro.com

O1 - Hosts: 91.212.127.226 www.osguard-pro.com

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\iexplore.exe.exe" /runcleanupscript

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238527934296

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0BA62877-8BEA-458E-9209-6F51E4CC697E}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{49E71310-75FF-497D-BECD-E9C49FE7B764}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{4B7B8D55-4C0A-480F-9C44-79656DC6EC28}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{0BA62877-8BEA-458E-9209-6F51E4CC697E}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS3\Services\Tcpip\..\{0BA62877-8BEA-458E-9209-6F51E4CC697E}: NameServer = 208.67.220.220,208.67.222.222

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: Google Update Service (gupdate1ca08a443d5b73e) (gupdate1ca08a443d5b73e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 7953 bytes

[alexboy]

Anyone have any ideas?

[Blade81]

Hello,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
     
  2. Attach.txt
     

  [*]Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
  
• Click rootkit-tab and then scan.
  
• Don't check
  Show All
  box while scanning in progress!
  
• When scanning is ready, click Copy.
  
• This copies log to clipboard
  
• Post log in your reply.
  

[alexboy]

Thanks for your help, I really appreciate it. I'm running the GMER scan now, and since it's taking quite a while to finish, I'm going to post the DDS and Attach logs you requested here, and when the scan finishes, I'll post it separately. Here's the DDS log:

DDS (Ver_09-10-26.01) - NTFSx86

Run by HP_Administrator at 16:55:26.98 on Sun 11/08/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1456 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\Documents and Settings\HP_Administrator\Desktop\yProxy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\iexplore.exe.exe" /runcleanupscript

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: trymedia.com

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238527934296

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {0BA62877-8BEA-458E-9209-6F51E4CC697E} = 208.67.220.220,208.67.222.222

TCP: {49E71310-75FF-497D-BECD-E9C49FE7B764} = 208.67.220.220,208.67.222.222

TCP: {4B7B8D55-4C0A-480F-9C44-79656DC6EC28} = 208.67.220.220,208.67.222.222

TCP: {892900FC-9814-4488-99C0-81491C1EE93D} = 208.67.220.220,208.67.222.222

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\gs1t2cw0.default\

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/

FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-3 108289]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]

R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-7-21 468768]

S2 gupdate1ca08a443d5b73e;Google Update Service (gupdate1ca08a443d5b73e);c:\program files\google\update\GoogleUpdate.exe [2009-7-19 133104]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-12-28 83496]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-23 20:47:44 0 d-----w- c:\program files\joogqs

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll

2009-09-13 21:08:03 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-09-13 21:08:03 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\dllcache\msv1_0.dll

2009-09-10 19:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\dllcache\msasn1.dll

2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll

2008-12-17 02:16:00 7518240 ----a-w- c:\program files\Firefox Setup 3.0.5.exe

2008-11-12 00:16:26 14622342 ----a-w- c:\program files\vlc-0.9.6-win32.exe

2008-11-06 23:38:24 2078831 ----a-w- c:\program files\mplayerc_20081005.zip

2006-08-29 23:13:44 599592 ----a-w- c:\program files\DMSetup.exe

2006-08-28 22:40:27 13736064 ----a-w- c:\program files\GoogleEarthWin.exe

2006-08-28 19:43:49 37518744 ----a-w- c:\program files\iTunesSetup.exe

2006-08-28 19:33:35 5834344 ----a-w- c:\program files\winzip100.exe

2006-08-28 02:42:33 410309 ----a-w- c:\program files\yproxy12.zip

2006-08-28 00:39:14 198656 ----a-w- c:\program files\yproxywizard.exe

2006-10-31 01:40:06 22 -csha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 16:57:00.42 ===============

And here's the Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/27/2006 12:58:42 PM

System Uptime: 11/8/2009 4:07:58 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Basswood

Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz

Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 159.803 GiB free.

D: is FIXED (NTFS) - 233 GiB total, 20.73 GiB free.

E: is FIXED (FAT32) - 9 GiB total, 0.389 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is FIXED (NTFS) - 1397 GiB total, 948.051 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/1/2009 10:26:14 PM - System Checkpoint

RP2: 9/3/2009 4:55:24 PM - Installed Java 6 Update 15

RP3: 9/3/2009 4:56:46 PM - Installed Java 6 Update 16

RP4: 9/3/2009 9:55:22 PM - Avira AntiVir Personal - 9/3/2009 21:55

RP5: 9/5/2009 10:20:16 AM - System Checkpoint

RP6: 9/6/2009 3:48:57 PM - System Checkpoint

RP7: 9/7/2009 5:13:26 PM - Installed Hearts of Iron III

RP8: 9/7/2009 5:43:57 PM - Installed DirectX

RP9: 9/7/2009 6:02:52 PM - Installed Hearts of Iron III

RP10: 9/8/2009 6:16:51 PM - System Checkpoint

RP11: 9/9/2009 7:36:54 PM - System Checkpoint

RP12: 9/9/2009 11:06:34 PM - Software Distribution Service 3.0

RP13: 9/11/2009 6:55:36 PM - System Checkpoint

RP14: 9/13/2009 5:19:41 PM - System Checkpoint

RP15: 9/14/2009 7:09:40 PM - System Checkpoint

RP16: 9/15/2009 7:17:47 PM - System Checkpoint

RP17: 9/16/2009 10:33:28 PM - Software Distribution Service 3.0

RP18: 9/18/2009 7:20:21 PM - System Checkpoint

RP19: 9/20/2009 4:55:44 PM - System Checkpoint

RP20: 9/21/2009 7:45:26 PM - System Checkpoint

RP21: 9/22/2009 8:35:03 PM - System Checkpoint

RP22: 9/24/2009 1:43:59 PM - System Checkpoint

RP23: 9/25/2009 5:40:36 PM - System Checkpoint

RP24: 9/26/2009 5:50:40 PM - System Checkpoint

RP25: 9/27/2009 7:06:49 PM - System Checkpoint

RP26: 9/29/2009 5:59:46 PM - System Checkpoint

RP27: 10/1/2009 6:27:49 PM - System Checkpoint

RP28: 10/3/2009 8:02:22 AM - System Checkpoint

RP29: 10/4/2009 7:06:03 PM - System Checkpoint

RP30: 10/6/2009 4:50:37 PM - System Checkpoint

RP31: 10/7/2009 6:57:30 PM - System Checkpoint

RP32: 10/8/2009 7:46:58 PM - System Checkpoint

RP33: 10/10/2009 11:22:58 AM - System Checkpoint

RP34: 10/11/2009 5:41:07 PM - System Checkpoint

RP35: 10/13/2009 6:18:43 PM - System Checkpoint

RP36: 10/13/2009 10:50:20 PM - Software Distribution Service 3.0

RP37: 10/15/2009 7:02:41 PM - System Checkpoint

RP38: 10/16/2009 7:15:06 PM - System Checkpoint

RP39: 10/18/2009 2:12:45 AM - System Checkpoint

RP40: 10/19/2009 6:53:35 PM - System Checkpoint

RP41: 10/20/2009 8:21:54 PM - System Checkpoint

RP42: 10/22/2009 1:42:10 PM - System Checkpoint

RP43: 10/23/2009 6:24:13 PM - System Checkpoint

RP44: 10/25/2009 7:40:17 PM - System Checkpoint

RP45: 10/27/2009 8:06:20 PM - System Checkpoint

RP46: 10/29/2009 12:51:08 PM - System Checkpoint

RP47: 10/30/2009 1:38:11 PM - System Checkpoint

RP48: 10/31/2009 5:55:20 PM - System Checkpoint

RP49: 11/1/2009 7:09:22 PM - System Checkpoint

RP50: 11/2/2009 8:17:37 PM - System Checkpoint

RP51: 11/4/2009 8:09:44 PM - System Checkpoint

RP52: 11/4/2009 11:47:47 PM - Software Distribution Service 3.0

RP53: 11/7/2009 8:52:05 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.9

Apple Mobile Device Support

Apple Software Update

AutoUpdate

Avira AntiVir Personal - Free Antivirus

BitTornado 0.3.7

Bonjour

BufferChm

Combined Community Codec Pack 2006-05-01 (Remove Only)

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

cp_UpdateProjectsConfig

Critical Update for Windows Media Player 11 (KB959772)

CueTour

Customer Experience Enhancement

Data Fax SoftModem with SmartCP

Destinations

DeviceManagementQFolder

DISCover

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Doomsday

Easy Internet Sign-up

Empire: Total War

Enhanced Multimedia Keyboard Solution

FLV Player 2.0 (build 25)

FullDPAppQFolder

GemMaster Mystic

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Hearts of Iron III

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 10 (KB910393)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB893357)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB912024)

Hotfix for Windows XP (KB918766)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB935448)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

HP Boot Optimizer

HP DigitalMedia Archive

HP DVD Play 2.1

HP Imaging Device Functions 7.0

HP Photosmart for Media Center PC

HP Photosmart Premier Software 6.5

HP Update

HP Web Helper

HPPhotoSmartExpress

HpSdpAppCoreApp

InstantShareDevices

Intel® Matrix Storage Manager

Intel® PRO Network Connections Drivers

Intel® Quick Resume Technology Drivers

Intel

[alexboy]

Here's the scan results:

GMER 1.0.15.15163 - http://www.gmer.net

Rootkit scan 2009-11-08 20:28:46

Windows 5.1.2600 Service Pack 2

Running: 7brderby.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwxyafob.sys

---- System - GMER 1.0.15 ----

SSDT BAFE05E6 ZwCreateKey

SSDT BAFE05DC ZwCreateThread

SSDT BAFE05EB ZwDeleteKey

SSDT BAFE05F5 ZwDeleteValueKey

SSDT BAFE05FA ZwLoadKey

SSDT BAFE05C8 ZwOpenProcess

SSDT BAFE05CD ZwOpenThread

SSDT BAFE0604 ZwReplaceKey

SSDT BAFE05FF ZwRestoreKey

SSDT BAFE05F0 ZwSetValueKey

SSDT BAFE05D7 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[584] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[2980] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[3072] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\internet explorer\iexplore.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT C:\Program Files\internet explorer\iexplore.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Elkbd.sys (Intel Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\F6MV0AIB\style[2].css 6242 bytes

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\F6MV0AIB\th_70658_x2_123_351lo[1].jpg 0 bytes

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K3XU48E3\t[2].gif 49 bytes

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MEQWD10N\viewtopic[1].htm 0 bytes

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\TFTQK6RI\viewtopic[1].htm 76615 bytes

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\TFTQK6RI\th_30591_2008_07_07_4900yummz_0_123_643lo[1].jpg 0 bytes

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\TP26BI2V\th_31915_2008_07_14_4944chic_2_123_984lo[1].jpg 0 bytes

---- EOF - GMER 1.0.15 ----

[Blade81]

Hi,

BitTornado

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

• Run Spybot-S&D in Advanced Mode
  
• If it is not already set to do this, go to the Mode menu
  select
  Advanced Mode
  
  
• On the left hand side, click on Tools
  
• Then click on the Resident icon in the list
  
• Uncheck
  Resident TeaTimer
  and OK any prompts.
  
• Restart your computer
  

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
2. Click Yes to allow ComboFix to continue scanning for malware.
   

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[alexboy]

OK, running Combofix seems to have crashed my system. It detected rootkit activity and had to reboot, but Windows could not restart from any mode I attempted. I had to use system recovery to get it to reboot, and that in itself seems to have solved my Google issue. Now I just need to restore my settings over the next few days.

[Blade81]

Sorry to hear that. Did you try last known good configuration too?

[alexboy]

Yes, I tried every option I was given, and Windows simply would not boot. I didn't see another option other than to use system recovery. Everything seems to be working fine now, but I have a few days of updating ahead of me. Thanks for your assistance, I think this thread can be locked unless you have anything else.

[Blade81]

Getting all things updated again is a con but positive thing is that you have clean system now for sure. To save from the trouble I recommend to create regular backup images of your system. I have good experience of Acronis True Image & Paragon Software Drive Backup.