[Google Redirect, My Secruity Shield, Malcious Websites, & DDS log]

I just want you to know that I will be unable to use the infected computer until Friday because I will be up at a friend's campground. Even now I am not posting from that computer, otherwise I would proceed with the next steps you have given me.

[Google Redirect, My Secruity Shield, Malcious Websites, & DDS log]

Ask, Retrogamer and Yahoo! toolbars were all uninstalled via Add or Remove Programs under Control Panel. Currently MBAM is blocking a malcious process from launching on every startup. If you need any logs and/or the message MBAM is giving me let me know. I successfully downloaded ComboFix and then began following the guide at the link you gave me. When I went to disable Windows Firewall I got the following message from Windows Firewall saying "Due to an unidentified problem, Windows cannot display Windows Firewall settings." The only button is "OK". I am unable to access the settings required to disable Windows Firewall in order to take the "preventative measures so that there are no conflicts with other programs when running ComboFix."

[Google Redirect, My Secruity Shield, Malcious Websites, & DDS log]

DDS.txt from the saved to Desktop scan.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Nick at 20:21:44 on 2012-07-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.476 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\dldtcoms.exe

C:\Program Files\Common Files\Nuance\dgnsvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Dell V305\dldtmon.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\PhotoStudio Expressions\PMMonitor.exe

C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Dell V305\dldtMsdMon.exe

C:\Program Files\DellTPad\Apntex.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

"C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uURLSearchHooks: N/A: {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Toolbar BHO: {03123bb6-a811-407e-b323-66cf0be510b1} - c:\progra~1\retrog~2\bar\1.bin\4wbar.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Search Assistant BHO: {d757dbfc-1494-4647-a8b3-abd654988dd8} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL

TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - c:\program files\retrogamer_4w\bar\1.bin\4wbar.dll

TB: {00000000-0000-0000-0000-000000000000} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"

mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini

mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe

mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [Retrogamer Search Scope Monitor] "c:\progra~1\retrog~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h

mRun: [Retrogamer_4w Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\photostudio expressions\PMMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

Trusted Zone: vizzed.com\www

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{2763F8DE-346C-4667-98D2-3993111B1FA6} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]

R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-7 654408]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-9 105984]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-7 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-8 40776]

S1 coqicavp;coqicavp;\??\c:\windows\system32\drivers\coqicavp.sys --> c:\windows\system32\drivers\coqicavp.sys [?]

S1 eaquwnwq;eaquwnwq;\??\c:\windows\system32\drivers\eaquwnwq.sys --> c:\windows\system32\drivers\eaquwnwq.sys [?]

S1 fdjdopff;fdjdopff;\??\c:\windows\system32\drivers\fdjdopff.sys --> c:\windows\system32\drivers\fdjdopff.sys [?]

S1 gxxbvgwq;gxxbvgwq;\??\c:\windows\system32\drivers\gxxbvgwq.sys --> c:\windows\system32\drivers\gxxbvgwq.sys [?]

S1 hfciwqcu;hfciwqcu;\??\c:\windows\system32\drivers\hfciwqcu.sys --> c:\windows\system32\drivers\hfciwqcu.sys [?]

S1 ieakgnib;ieakgnib;\??\c:\windows\system32\drivers\ieakgnib.sys --> c:\windows\system32\drivers\ieakgnib.sys [?]

S1 nqjuhdju;nqjuhdju;\??\c:\windows\system32\drivers\nqjuhdju.sys --> c:\windows\system32\drivers\nqjuhdju.sys [?]

S1 otvwtogq;otvwtogq;\??\c:\windows\system32\drivers\otvwtogq.sys --> c:\windows\system32\drivers\otvwtogq.sys [?]

S1 pljvprgz;pljvprgz;\??\c:\windows\system32\drivers\pljvprgz.sys --> c:\windows\system32\drivers\pljvprgz.sys [?]

S1 qlsgyfda;qlsgyfda;\??\c:\windows\system32\drivers\qlsgyfda.sys --> c:\windows\system32\drivers\qlsgyfda.sys [?]

S1 qvikqtje;qvikqtje;\??\c:\windows\system32\drivers\qvikqtje.sys --> c:\windows\system32\drivers\qvikqtje.sys [?]

S1 skkbnvwa;skkbnvwa;\??\c:\windows\system32\drivers\skkbnvwa.sys --> c:\windows\system32\drivers\skkbnvwa.sys [?]

S1 zbuqofzb;zbuqofzb;\??\c:\windows\system32\drivers\zbuqofzb.sys --> c:\windows\system32\drivers\zbuqofzb.sys [?]

S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-6-8 99568]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S2 Retrogamer_4wService;RetrogamerService;c:\progra~1\retrog~2\bar\1.bin\4wbarsvc.exe [2011-12-19 42504]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 253088]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

.

=============== Created Last 30 ================

.

2012-07-08 22:59:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-08 03:34:26 -------- d-----w- c:\documents and settings\nick\application data\Malwarebytes

2012-07-08 00:24:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-08 00:24:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-08 00:24:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-07 00:15:20 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1a3555e-3809-41f6-963b-fa134658127b}\mpengine.dll

2012-07-05 18:53:19 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

.

==================== Find3M ====================

.

2012-05-16 01:55:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-16 01:55:52 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-16 01:55:52 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-02 17:59:00 1409 ----a-w- c:\windows\QTFont.for

2012-04-17 13:44:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-17 13:44:38 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 20:24:05.93 ===============

[Google Redirect, My Secruity Shield, Malcious Websites, & DDS log]

Here's the MBAM Quick Scan log. Beginning DDS scan.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.08.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Nick :: RMPCOMPUTER [administrator]

Protection: Enabled

7/8/2012 7:01:54 PM

mbam-log-2012-07-08 (20-19-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 305581

Time elapsed: 1 hour(s), 16 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 17

HKCR\CLSID\{4cff1016-c2e2-4fdd-9c67-e32200c25ff9} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{d757dbfc-1494-4647-a8b3-abd654988dd8} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{5fdf0490-af67-495b-921d-2257a38ed9fe} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{dbaff658-ddd6-44bc-a78d-8d2d4dea210c} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{BC2B63F7-B977-4A42-B633-799390097080} (PUP.MyWebSearch) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\Retrogamer_4wService (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{03123bb6-a811-407e-b323-66cf0be510b1} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Retrogamer_4wbar Uninstall (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer_4w Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\RETROG~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h -> No action taken.

HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\n. -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 10

C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrstub.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wauxstb.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wdlghk.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wieovr.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrchMn.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wbarsvc.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll (PUP.MyWebSearch) -> No action taken.

C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.

(end)

[Google Redirect, My Secruity Shield, Malcious Websites, & DDS log]

Oh, "by" as in "created by". For some reason I thought you meant "by" as in "via". I have now updated MBAM from v2012.07.08.06 to v2012.07.08.07. MBAM has also detected more websites:

173.236.89.195

195.80.148.5

212.117.165.20

77.78.212.250 (I believe this one is the 77.something I was unable to screen cap earlier.)

MBAM Quick Scan is still scanning.

Also, I forgot to mention that My Secruity Essentials still suffers from that same error code even though My Secruity Shield seems to be removed and I also have a question. Should I continue to launch RKill every time I boot my computer or would it be interfering with the cleaning process? As of now, I am continuing to launch it upon start-up in an effort to stop any malcious processes from launching. (If there are any still attempting to launch, which I believe there is.)

[Google Redirect, My Secruity Shield, Malcious Websites, & DDS log]

Hello screen317,

Thank you for the fast reply. At first I only clicked Run for the first time I used DDS and it did produce the two logs. Would you like that log from the first scan or just the scan from where I download DDS and save it? By the way what do you mean by "download DDS by sUBs"? I'm not familar with sUBs. Also, all websites are detected as "outgoing". I will now update MBAM, run the Quick Scan, and post the log.

[Google Redirect, My Secruity Shield, Malcious Websites, & DDS log]

I was searching on Google yesterday when I started experience the Google Redirect Virus, I was able to pinpoint that it was Google when I went directly to the links that I wanted to go to in my URL bar instead of clicking on the link from Google. Shortly after that I had a pop-up for My Secruity Shield and my Internet Explorer displayed that the webpage (Google) was under a virus attack. I had never experienced either of these virus so I just clicked the X on the My Secruity Shield pop-up, intending to do a scan afterwards. Big mistake. My Secruity Shield infected my computer and made Windows Secruity Essentials unusable with Error code: 0x80070424. (Which as you probably know is the code for hijackware.) I hard-reset the computer and upon reboot My Secruity Shield was still active. I hard-reset again and this time I logged onto my other user. The other user appeared unaffected by My Security Shield except that Windows Secruity Essentials was still down. I then did some searching on the problem and followed the instructions at

http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield

I did not do Step 20 as I had to get up for work in 6 hours and didn't have the time to sit up doing another download and then a scan. Also, I am still running RKill every time when I log onto my user that I was infected on.

Now My Secruity Shield seems to be gone and Malwarebytes is detecting (and blocking) malcious websites. The following is a list of the websites detected so far. All of them are in IP format.

78.41.203.125

206.161.121.3

64.34.127.185

195.80.148.5

There was also a 77.something that I was unable to screen cap in time.

I followed the instructions on the matter which were given by user BornSlippy at

http://forums.malwarebytes.org/index.php?showtopic=111851

who directed towards

http://forums.malwarebytes.org/index.php?showtopic=9573

I followed the directions and ran DDS, now I am posting my logs as instructed by Admin AdvancedSetup. (I also read somewhere not to attach the files because if any real-time interaction happened between my computer and any of yours, it would be possible that my computer would infect any computers that interacted with mine.

Below this point are the pasted logs.

LOGS TO BE POSTED AS NOTEPAD WON'T OPEN UNTIL I REBOOT.