Random google redirections D:

[aap935]

Hi, i am seeking assistance regarding redirections when i click on links on google,

this has been happening alot and ive been doing the best i can to fix it but im coming up short

logs as requested

dds log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Owner at 13:23:06 on 2011-10-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1844 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\MediaMall\MediaMallServer.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\KeyScrambler\KeyScrambler.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110515151803.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Google Update]

uRun: [swg]

uRun: [Facebook Update]

uRun: [PlayOn]

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{1EB7BA9C-24E6-4046-90B4-8D156E435A50} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1EB7BA9C-24E6-4046-90B4-8D156E435A50}\07164756C6132333 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{1EB7BA9C-24E6-4046-90B4-8D156E435A50}\55D656378605164756C6 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{E9F7FDC8-BCFB-4841-B5C0-BE9B3D1724C9} : NameServer = 10.72.112.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {ENU841JL-I5LQ-72D3-L2J3-754NOHNXG4BJ} - c:\windows\system32\windir\svchost.exe Restart

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tr3w3soq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\picasa2\npPicasa2.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\owner\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: XULRunner: {8144AECF-294B-486E-9BC8-59C51B858605} - c:\users\owner\appdata\local\{8144AECF-294B-486E-9BC8-59C51B858605}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-15 387480]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-2-15 64584]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-15 165032]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-8 25896]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-7 176128]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-9-9 94880]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-15 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-15 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-15 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-15 171168]

R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-9-13 5135216]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-15 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-15 141792]

R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]

R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-9 656752]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-21 12920]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-15 56064]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-7-23 225592]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-15 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-15 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-15 314088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-9-30 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]

S1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2011-3-28 11392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-16 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-16 135664]

S3 iscFlash;iscFlash;c:\users\owner\appdata\local\temp\7zsc34e.tmp\iscflash.sys [2011-1-2 11520]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-15 84488]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-11-24 54416]

S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-11-24 160272]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-11-24 160272]

S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2009-11-24 11920]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-11-24 113680]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-1 1343400]

S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-13 2337144]

.

=============== Created Last 30 ================

.

2011-10-08 18:10:19 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-10-08 18:10:15 -------- d-----w- c:\program files\Trend Micro

2011-09-20 20:56:27 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll

2011-09-19 01:21:42 -------- d-----w- c:\program files\common files\ffdshowEx

2011-09-19 01:21:41 -------- d-----w- c:\program files\MediaMall

2011-09-19 01:17:09 -------- d-----w- c:\programdata\MediaMall

2011-09-13 01:48:10 -------- d-----w- c:\program files\iPod

2011-09-13 01:48:09 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2011-09-14 13:58:10 225592 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 16:32:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-26 16:03:54 2 --shatr- c:\windows\winstart.bat

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-20 21:28:41 64512 --sha-r- c:\windows\system32\dnsrslvre.dll

2011-07-20 20:50:19 174977 ----a-w- c:\users\owner\appdata\roaming\Owner3SQLite3.dll

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2009-12-04 00:43:30 98304 --sh--r- c:\windows\system32\wisdeskdc.dll

.

============= FINISH: 13:24:32.24 ===============

[aap935]

i forgot to attach the zip file

thanks, AAP935

Attach.zip

[screen317]

Hi and welcome to Malwarebytes.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[aap935]

Sorry for the delay in response, all requested files are attached

Hi and welcome to Malwarebytes.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

TDSSKiller.2.5.11.0_26.07.2011_10.54.57_log.zip

[screen317]

Hi,

Please don't attach anything unless specifically requested.

Next, please go to VirusTotal, and upload the following file(s) for analysis:

C:\windows\system32\userinit.exe

Post the results in your reply.

Also zip up that file and attach it to your reply.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!