Need help getting rid of browser redirect

[rabbitgtibbar]

Anyone want ot help me analyze my Hijackthis log?

So, no then?

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

Next.....

Please start at the link below:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post back the 2 logs.

MrC

[rabbitgtibbar]

RougeKiller report:

RogueKiller V7.3.0 [03/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: doug [Admin rights]

Mode: Scan -- Date: 03/09/2012 13:46:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

67.215.245.19 www.google-analytics.com.

67.215.245.19 ad-emea.doubleclick.net.

67.215.245.19 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++

--- User ---

[MBR] 677aeab646d56d46eb412273f73bef83

[bSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 750 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1617920 | Size: 476149 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[rabbitgtibbar]

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by doug at 13:47:49 on 2012-03-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3944.2425 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\atashost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWow64\IntelCpHeciSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\HPSIsvc.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\VisionWeb Trace Server\VWServer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Vision Web Optronics Trace Server] C:\VisionWeb Trace Server\VWServer.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\Users\doug\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pandora.lnk - C:\Program Files (x86)\Pandora\Pandora.exe

StartupFolder: C:\Users\doug\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRACEM~1.LNK - C:\TraceMeister\TraceMeister.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.10.101

TCP: Interfaces\{7BA8260E-6C79-4B87-8520-F5B786B6EF37} : DhcpNameServer = 192.168.10.101

TCP: Interfaces\{9AF542B9-D92E-456B-AE78-A89E99C3553F} : DhcpNameServer = 172.26.38.1 172.26.38.2 8.8.8.8

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

Hosts: 67.215.245.19 www.google-analytics.com.

Hosts: 67.215.245.19 ad-emea.doubleclick.net.

Hosts: 67.215.245.19 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\2evo8to3.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-5 98208]

R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-5-2 133944]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-5 13336]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-7-5 45056]

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-5-10 265744]

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2010-5-10 42000]

R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]

R3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys --> C:\Windows\system32\Drivers\mvusbews.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 StnSport;PCIe to High Speed Serial Port;C:\Windows\system32\DRIVERS\StnSport.sys --> C:\Windows\system32\DRIVERS\StnSport.sys [?]

R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2009-7-15 595960]

S2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -s --> C:\Program Files (x86)\AirPrint\airprint.exe -s [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-7-15 917768]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-09 18:36:00 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A4B0F66-95FC-489A-9CA3-6C2E57B36926}\offreg.dll

2012-03-09 14:40:17 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A4B0F66-95FC-489A-9CA3-6C2E57B36926}\mpengine.dll

2012-03-06 15:35:44 -------- d--h--w- C:\ProgramData\Common Files

2012-03-06 15:35:06 -------- d-----w- C:\Program Files (x86)\AVG

2012-03-06 15:33:12 -------- d-----w- C:\ProgramData\MFAData

2012-03-01 19:47:28 -------- d-----w- C:\Windows\System32\appmgmt

2012-03-01 16:56:18 -------- d-----w- C:\Users\doug\AppData\Roaming\Malwarebytes

2012-03-01 16:46:26 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-01 15:45:34 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-03-01 15:15:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-03-01 15:15:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-02-15 23:30:04 -------- d-----w- C:\Users\doug\AppData\Local\Apps

2012-02-15 14:43:53 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 14:43:52 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 14:43:52 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-14 23:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 23:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe

2012-02-14 23:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-02-14 23:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe

2012-02-14 23:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe

2012-02-14 23:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe

2012-02-14 23:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-02-14 23:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe

2012-02-14 23:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll

2012-02-14 23:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll

2012-02-14 23:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-02-14 23:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin

2012-02-14 23:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin

2012-02-14 23:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll

2012-02-14 23:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin

2012-02-14 23:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin

2012-02-14 23:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-02-14 23:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll

2012-02-14 23:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-02-14 22:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-02-14 22:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-02-14 22:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll

2012-02-14 22:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-02-14 22:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-02-14 22:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-02-14 22:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-02-14 22:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-02-14 22:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-02-14 22:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-02-14 22:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-02-14 22:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-02-14 22:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-02-14 22:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-02-14 22:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2012-02-14 22:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-02-10 14:37:48 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{579D2110-FD42-4ABD-8B93-F1AB3B70005D}\gapaengine.dll

.

==================== Find3M ====================

.

2012-02-23 14:24:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-14 23:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-02-14 23:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-02-14 22:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll

2012-02-14 22:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-21 17:44:07 0 ----a-w- C:\93B7.tmp

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 13:48:22.13 ===============

[rabbitgtibbar]

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 04/30/2011 9:47:00 AM

System Uptime: 03/07/2012 9:34:14 AM (52 hours ago)

.

Motherboard: Dell Inc. | | 0Y2MRG

Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 465 GiB total, 415.723 GiB free.

D: is CDROM ()

O: is NetworkDisk (NTFS) - 145 GiB total, 137.511 GiB free.

U: is NetworkDisk (NTFS) - 145 GiB total, 137.511 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP105: 02/26/2012 1:49:00 AM - Windows Update

RP106: 02/29/2012 9:57:59 AM - Windows Update

RP107: 03/01/2012 10:43:03 AM - Installed Ad-Aware

RP108: 03/01/2012 10:43:43 AM - Installed Ad-Aware

RP109: 03/01/2012 2:46:58 PM - Removed Ad-Aware

RP110: 03/03/2012 2:54:16 PM - Windows Update

RP111: 03/05/2012 4:52:42 PM - Installed Ad-Aware

RP112: 03/05/2012 4:53:11 PM - Installed Ad-Aware

RP113: 03/06/2012 9:45:04 AM - Removed Ad-Aware

RP114: 03/06/2012 10:34:58 AM - Installed AVG 2012

RP115: 03/06/2012 10:35:10 AM - Installed AVG 2012

RP116: 03/06/2012 11:11:24 AM - Removed AVG 2012

RP117: 03/06/2012 11:15:35 AM - Removed AVG 2012

RP118: 03/07/2012 9:31:48 AM - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 67.215.245.19 www.google-analytics.com.

Hosts: 67.215.245.19 ad-emea.doubleclick.net.

Hosts: 67.215.245.19 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

Hosts: 108.163.215.51 www.statcounter.com.

.

==== Installed Programs ======================

.

3D-EYE DRAW

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.2)

Apple Application Support

Apple Software Update

DirectX 9 Runtime

GIMP 2.6.11

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OfficeMate Suite

OfficeMate Suite 10.5

Optronics VisionWeb Trace Server

Pandora

PhotoShowExpress

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Sonic CinePlayer Decoder Pack

Stamps.com

Trend Micro Client/Server Security Agent

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2008 x64 Redistributables

WebEx

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

03/07/2012 9:34:52 AM, Error: Service Control Manager [7000] - The AirPrint service failed to start due to the following error: The system cannot find the file specified.

03/06/2012 11:10:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

03/06/2012 10:38:24 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

03/06/2012 10:38:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

03/06/2012 10:38:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

03/06/2012 10:38:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

03/06/2012 10:38:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

03/06/2012 10:38:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

03/06/2012 10:38:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi vpcnfltr vpcvmm Wanarpv6 WfpLwf

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

03/06/2012 10:38:04 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

03/05/2012 5:05:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi vpcnfltr vpcvmm Wanarpv6 WfpLwf

03/05/2012 4:50:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

03/05/2012 3:51:14 PM, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

03/05/2012 3:51:14 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

03/05/2012 3:51:14 PM, Error: Service Control Manager [7038] - The W32Time service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

03/05/2012 3:51:14 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

03/05/2012 3:51:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not start due to a logon failure.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The Trend Micro Unauthorized Change Prevention Service service failed to start due to the following error: The pipe has been ended.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

03/05/2012 3:51:14 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.

.

==== End Of File ===========================

[MrCharlie]

Please run RougeKiller again and press Scan > after the scan completes > Click on HostFix.

...............................

Then.......

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[rabbitgtibbar]

If I click the "report" button at the upper right of the TDSSKiller pane I can read the report; however, it won't let me copy it and I can't find a .txt file of it anywhere on my machine. That said, its result was that there are no threats.

[MrCharlie]

Well if no threats were found...that's good.

You did RougeKiller and fixed the Host file...right?

--------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

[rabbitgtibbar]

MBAM quick scan log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.09.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

doug :: LAB2 [administrator]

03/09/2012 3:09:08 PM

mbam-log-2012-03-09 (15-09-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214534

Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

How is it now?? MrC

[rabbitgtibbar]

It only happens occasionally. I'll keep an eye on it and report back.

[MrCharlie]

If you're still having problems.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

[rabbitgtibbar]

Seems to be resolved. Thanks for your help.

[MrCharlie]

OK......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!