used Malwarebytes anti-malware to remove xp security 2012 problem and it worked great! (thanks for that BTW) only problem is now i have a pop-up window that contstantly reads " MALWAREBYTES ANTI-MALWARE Successfully blocked access to a potentially malicious website: 83.133.12*.*** Type: Outgoing *** = random address this happens almost every 5 seconds and even more while im online Please Help, how do i stop these pop ups from occuring, or if its a deeper problem, how to i find what is causing them to occur THANKS!! DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Costco Wholesale at 14:53:45 on 2012-01-16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.287 [GMT -5:00] . FW: AVG Firewall *Enabled* . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\Lexmark 6500 Series\lxdfamon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\QuickTime\qttask.exe svchost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\AVG\AVG2012\avgfws.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Documents and Settings\Costco Wholesale\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe c:\program files\common files\installshield\updateservice\isuspm.exe c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR uSearch Bar = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [AdobeBridge] mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [icoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Lexmark 6500 Series] mRunOnce: [lxdfUninstallRan] StartupFolder: c:\docume~1\costco~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\costco wholesale\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mediac~1.lnk - c:\program files\hotalbummybox\MediaChecker.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL LSP: mswsock.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176149791640 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 64.71.255.198 TCP: Interfaces\{06749792-798C-4E25-8B66-F80AD54B2154} : DhcpNameServer = 64.71.255.198 TCP: Interfaces\{382ABB04-4EBF-49A3-AF8B-1333153EEA92} : DhcpNameServer = 64.71.255.198 Filter: text/html - {6255a776-5f60-41ac-b7e5-bcbf23b202d8} - Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\senior\tax\qt 2009\ic2009pp.dll Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\senior\tax\turbotax 2010\ic2010pp.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2007-12-31 15172] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-30 54752] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-14 652872] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-14 20464] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2012-01-15 03:43:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-15 03:04:07 -------- d-----w- c:\documents and settings\costco wholesale\application data\AVG2012 2012-01-15 03:01:22 -------- d-----w- c:\windows\system32\drivers\AVG 2012-01-15 03:01:22 -------- d-----w- c:\documents and settings\all users\application data\AVG2012 2012-01-15 02:50:25 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2012-01-15 01:04:58 -------- d-----w- c:\documents and settings\costco wholesale\application data\Malwarebytes 2012-01-15 01:04:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-01-15 01:04:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-15 01:04:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-09 17:18:18 -------- d-----w- c:\documents and settings\costco wholesale\application data\Adobe Mini Bridge CS5 2012-01-08 19:47:39 -------- d-----w- c:\documents and settings\costco wholesale\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-01-08 18:46:08 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe 2012-01-06 00:22:53 -------- d-----w- C:\Pictures . ==================== Find3M ==================== . 2012-01-15 03:42:03 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 14:55:20.37 =============== attach.txt dds.txt
