Raineb

Hi Maniac. No was before I did the reset .. as thought would run Malawarebytes first and just see as the popups showed like I said only on the forum.. again.. well did the scan , they showed that pup infection.removed them and . then I reset the modem and all yesterday had trouble getting it back on to the net.. so now its ok and went to the site and no more of that popups.. seems like you fixed it up.. you do a good job with your knowledge.. thanks for that so any thing else I need to do now to see if its all gone or ok .. as the programs are still on and the scan logs on the desktop..thanks for your help.. bye for now Raine ..

Hi Maniac I did what you suggested and all seems ok , I haven`t had that pop up again since last night .. so fingers crossed thanks for your help.. I have Malawarebytes pro and did a scan this morning and it got rid of a pup infection.. or what I thought it was so will send you this scan here to check it out for me.. 2012/12/01 00:32:10 +1100 LORRAINE-RIYXGZ Lorraine IP-BLOCK 109.163.234.234 (Type: outgoing) 2012/12/01 00:32:13 +1100 LORRAINE-RIYXGZ Lorraine IP-BLOCK 109.163.234.234 (Type: outgoing) 2012/12/01 00:32:19 +1100 LORRAINE-RIYXGZ Lorraine IP-BLOCK 109.163.234.234 (Type: outgoing) 2012/12/01 00:42:07 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Stopping IP protection 2012/12/01 00:42:07 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection stopped successfully 2012/12/01 00:43:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting IP protection 2012/12/01 00:44:11 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully 2012/12/01 00:45:12 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting database refresh 2012/12/01 00:45:12 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Stopping IP protection 2012/12/01 00:45:13 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection stopped successfully 2012/12/01 00:45:48 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Database refreshed successfully 2012/12/01 00:45:48 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting IP protection 2012/12/01 00:46:25 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully 2012/12/01 11:56:07 +1100 LORRAINE-RIYXGZ MESSAGE Starting protection 2012/12/01 11:56:08 +1100 LORRAINE-RIYXGZ MESSAGE Protection started successfully 2012/12/01 11:56:08 +1100 LORRAINE-RIYXGZ MESSAGE Starting IP protection 2012/12/01 11:58:25 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully 2012/12/01 12:08:11 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Executing scheduled update: Daily 2012/12/01 12:09:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Scheduled update executed successfully: database updated from version v2012.11.30.06 to version v2012.12.01.02 2012/12/01 12:09:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting database refresh 2012/12/01 12:09:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Stopping IP protection 2012/12/01 12:09:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection stopped successfully 2012/12/01 12:09:54 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Database refreshed successfully 2012/12/01 12:09:54 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting IP protection 2012/12/01 12:10:26 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully 2012/12/01 12:37:42 +1100 LORRAINE-RIYXGZ MESSAGE Starting protection 2012/12/01 12:37:42 +1100 LORRAINE-RIYXGZ MESSAGE Protection started successfully 2012/12/01 12:37:42 +1100 LORRAINE-RIYXGZ MESSAGE Starting IP protection 2012/12/01 12:39:19 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully Have a look and tell me what you think?

Now 7 or so hrs after I posted to you I go to that forum where those warnings of malaware bytes successfully blocked a malicious website and it came back again .. do you think its on that forum ... and its outgoing does that mean its from there or my computer? I don`t have any trouble in any other forums just this Senior one.. thanks for the help but feel its not right yet.. even though the computer is going great.. I worry that I might be doing something that is not right..

Hi there Maniac... Yes there doesn`t seem to be those popups now as went to the forum I usually get them from SHS forum its a seniors forum and it never popped up once so maybe its all gone hope so .. thanks for your help and hopefully thats all that is needed .. the computer is going really well.. take care..

Hi Maniac.. Here is the next file . had a little trouble locating it as not very knowledgable in lots of ways around the computer. it was by luck mainly but any way here it is.. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a679d1f0a7d4694f99ee735742477de6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-27 09:20:06 # local_time=2012-11-27 08:20:06 (+1000, AUS Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=41137 # found=0 # cleaned=0 # scan_time=2807 I really don`t know why the computers location is in United States as I have changed that before but still its computer locale is US,, very strange.. thanks again and will check for further post from you..

Here is the scan of the JRT log. for you.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.5.1 (11.25.2012) OS: Microsoft Windows XP x86 Ran by Lorraine on Mon 11/26/2012 at 15:15:07.32 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\conduit" Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit" Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Lorraine\Local Settings\Application Data\conduit" Successfully deleted: [Folder] "C:\Program Files\conduit" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 11/26/2012 at 15:24:14.34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks again for your help..

Hi Maniac.. the next reply and Combo fix scan for you ... ComboFix 12-11-23.02 - Lorraine 11/24/2012 12:44:10.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1247.722 [GMT 11:00] Running from: c:\documents and settings\Lorraine\Desktop\ComboFix.exe FW: BP Security Firewall *Disabled* {38254411-9AEC-4967-913E-F892C2A4DF89} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Lorraine\Application Data\PriceGong c:\documents and settings\Lorraine\Application Data\PriceGong\Data\1.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\5791.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\5938.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\a.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\b.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\c.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\d.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\e.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\f.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\g.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\h.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\i.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\j.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\k.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\l.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\m.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Lorraine\Application Data\PriceGong\Data\n.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\o.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\p.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\q.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\r.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\s.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\t.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\u.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\v.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\w.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\x.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\y.txt c:\documents and settings\Lorraine\Application Data\PriceGong\Data\z.txt c:\windows\TEMP\SBS_LIBNSIS_TEMP_20121024123200.796_ 9 c:\windows\TEMP\SBS_LIBNSIS_TEMP_20121024123210.218_ 13 . . ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 ))))))))))))))))))))))))))))))) . . 2012-11-22 21:37 . 2012-11-22 21:37 -------- d-----w- c:\windows\system32\wbem\Repository 2012-11-19 02:42 . 2010-06-14 03:54 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2012-11-19 02:42 . 2010-06-14 03:54 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2012-11-19 02:42 . 2012-11-19 02:42 -------- dc----w- c:\documents and settings\All Users\Application Data\BP Security 2012-11-19 02:33 . 2012-11-19 02:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt 2012-11-19 02:31 . 2012-11-19 02:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Authentium 2012-11-19 02:31 . 2012-11-19 02:42 -------- d-----w- c:\program files\Common Files\Sunbelt 2012-11-19 02:19 . 2012-11-19 02:30 -------- d-----w- c:\program files\Common Files\Authentium Shared 2012-11-18 12:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-11-18 12:47 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2012-11-18 12:47 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2012-11-18 12:47 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2012-11-18 12:47 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2012-11-18 12:47 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2012-11-18 12:47 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2012-11-18 12:47 . 2012-11-18 12:50 -------- dc----w- C:\a36998e1156791e799ef4bec 2012-11-18 11:03 . 2012-11-18 11:03 -------- dc----w- c:\documents and settings\All Users\Application Data\ESP Elements 2012-11-18 10:51 . 2012-11-18 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Bigpond 2012-11-18 10:51 . 2012-11-18 10:51 -------- d-----w- c:\documents and settings\Lorraine\Application Data\Bigpond 2012-11-18 10:44 . 2012-11-18 10:44 -------- d-----w- c:\program files\Disk Cleaner 2012-11-18 10:40 . 2012-11-18 10:43 -------- dcs---w- c:\documents and settings\Administrator 2012-11-18 01:11 . 2012-11-19 12:28 -------- d-----w- c:\windows\system32\XPSViewer 2012-11-18 01:11 . 2012-11-18 01:11 -------- d-----w- c:\program files\MSBuild 2012-11-18 01:10 . 2012-11-18 01:10 -------- d-----w- c:\program files\Reference Assemblies 2012-11-17 13:34 . 2012-11-18 10:53 -------- dc----w- C:\a6466590732ffae1e6a3089e4cae02 2012-11-17 06:12 . 2012-11-18 07:21 -------- d-----w- c:\documents and settings\Lorraine\My Pictures 2012-11-16 03:56 . 2012-11-18 10:57 -------- d-----w- c:\program files\Web Washer 2012-11-16 02:59 . 2012-11-16 02:59 14664 ----a-w- c:\windows\stinger.sys 2012-11-16 02:55 . 2012-11-16 03:19 -------- d-----w- c:\program files\stinger 2012-11-16 02:42 . 2004-03-08 13:00 132880 ----a-w- c:\windows\system32\MSINET.OCX 2012-11-16 02:42 . 1998-06-25 13:00 1008432 ----a-w- c:\windows\system32\MSCHRT20.OCX 2012-11-16 02:25 . 2012-11-16 02:25 -------- d-----w- c:\documents and settings\Lorraine\Application Data\ElevatedDiagnostics 2012-11-13 04:47 . 2012-11-13 04:48 -------- d-----w- c:\documents and settings\Lorraine\Application Data\Geek Uninstaller 2012-11-03 12:50 . 2012-11-03 12:50 -------- d-----w- c:\program files\MSECache 2012-10-31 10:38 . 2012-09-29 08:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-31 10:38 . 2012-10-31 10:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-29 00:56 . 2007-04-09 02:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2012-10-29 00:56 . 2007-04-09 02:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-10-29 00:50 . 2012-10-29 00:50 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-10-29 00:48 . 2012-10-29 00:51 -------- d-----w- c:\windows\SHELLNEW 2012-10-29 00:33 . 2012-10-29 00:33 -------- dc----r- C:\MSOCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-19 09:58 . 2012-08-20 15:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-19 09:58 . 2012-08-20 15:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-22 08:37 . 2003-03-31 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-21 10:02 . 2012-10-21 10:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-21 10:02 . 2012-10-21 10:03 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-21 10:02 . 2012-09-14 12:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-02 18:04 . 2003-03-31 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-10-01 00:36 . 2012-10-01 00:36 444272 ----a-w- c:\windows\system32\grfilter.dll 2012-10-01 00:36 . 2012-10-01 00:36 40304 ----a-w- c:\windows\system32\drivers\GRTdiMon.sys 2012-10-01 00:36 . 2012-10-01 00:36 21616 ----a-w- c:\windows\system32\drivers\GRFilter.sys 2012-10-01 00:30 . 2012-10-01 00:30 149360 ----a-w- c:\windows\system32\AuthWSC.dll 2012-10-01 00:28 . 2012-09-04 11:47 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-10-01 00:28 . 2012-09-04 11:47 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-10-01 00:28 . 2012-09-04 11:47 106496 ----a-w- c:\windows\system32\atl71.dll 2012-10-01 00:27 . 2012-10-01 00:27 86016 ----a-w- c:\windows\system32\wscif.dll 2012-10-01 00:26 . 2012-10-01 00:26 103656 ----a-w- c:\windows\system32\authcrypt.dll 2012-09-22 10:08 . 2012-09-14 12:59 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:14 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2012-08-20 11:00 385024 ------w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344] "SiSPower"="SiSPower.dll" [2008-03-20 53248] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "CHotkey"="mHotkey.exe" [2003-03-28 524800] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848] "ESP"="c:\program files\bigpond\security\app\start.exe" [2012-10-01 62952] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Lorraine^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\documents and settings\Lorraine\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\Lorraine\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [10/1/2012 11:36 AM 21616] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [11/19/2012 1:42 PM 21464] R2 AuthElementsSvc;AuthElementsSvc;c:\program files\bigpond\ESP Elements\AuthElementsSvc.exe [10/22/2012 10:45 AM 243568] R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [10/1/2012 11:36 AM 40304] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/31/2012 9:38 PM 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2012 9:38 PM 676936] R2 SBAMSvc;AntiMalware;c:\program files\Common Files\Sunbelt\SBAMSvc.exe [8/20/2010 9:16 AM 2763080] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [11/19/2012 1:42 PM 69976] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2012 9:38 PM 22856] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 09:58] . 2012-11-24 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2012-09-08 06:14] . 2012-11-23 c:\windows\Tasks\User_Feed_Synchronization-{83B47298-E7EA-4BFC-9126-0AE23CE49174}.job - c:\windows\system32\msfeedssync.exe [2009-03-07 18:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com.au/ TCP: DhcpNameServer = 10.0.0.138 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-24 12:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-515967899-854245398-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2892) c:\windows\system32\WININET.dll c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\ieframe.dll c:\program files\bigpond\ESP Elements\elements\el00000000000130\bigpondslx.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\bigpond\security\App\syssvcnt.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\SOUNDMAN.EXE c:\windows\mHotkey.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\bigpond\security\app\Console.exe c:\windows\system32\wscntfy.exe c:\program files\Bigpond\ESP Elements\bigpond.exe . ************************************************************************** . Completion time: 2012-11-24 13:04:52 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-24 02:04 . Pre-Run: 27,617,120,256 bytes free Post-Run: 27,646,353,408 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 153F148429FCC8D29506AEA7D340287D Thanks again for your help ,, I really appreciate it,. have a good day there ..

Hi Maniac.. Thanks for being my helper.. I have run the scan and will post under this message.. Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.22.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Lorraine :: LORRAINE-RIYXGZ [administrator] 11/23/2012 12:12:15 AM mbar-log-2012-11-23 (00-12-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 24849 Time elapsed: 31 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.600000 GHz Memory total: 1308082176, free: 659689472 ------------ Kernel report ------------ 11/22/2012 23:39:14 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\System32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\System32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\System32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys uagp35.sys Mup.sys GRFILTER.sys \SystemRoot\System32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\sisgrp.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\imapi.sys \SystemRoot\System32\DRIVERS\cdrom.sys \SystemRoot\System32\DRIVERS\redbook.sys \SystemRoot\System32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ALCXWDM.SYS \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ALCXSENS.SYS \SystemRoot\System32\DRIVERS\usbohci.sys \SystemRoot\System32\DRIVERS\USBPORT.SYS \SystemRoot\System32\DRIVERS\usbehci.sys \SystemRoot\System32\DRIVERS\HSFBS2S2.sys \SystemRoot\System32\DRIVERS\HSFDPSP2.sys \SystemRoot\System32\DRIVERS\HSFCXTS2.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\System32\DRIVERS\RTL8139.SYS \SystemRoot\System32\DRIVERS\fdc.sys \SystemRoot\System32\DRIVERS\serial.sys \SystemRoot\System32\DRIVERS\serenum.sys \SystemRoot\System32\DRIVERS\parport.sys \SystemRoot\System32\DRIVERS\i8042prt.sys \SystemRoot\System32\DRIVERS\kbdclass.sys \SystemRoot\System32\DRIVERS\audstub.sys \SystemRoot\System32\DRIVERS\rasl2tp.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\DRIVERS\ndiswan.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\raspptp.sys \SystemRoot\System32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\psched.sys \SystemRoot\System32\DRIVERS\msgpc.sys \SystemRoot\System32\DRIVERS\ptilink.sys \SystemRoot\System32\DRIVERS\raspti.sys \SystemRoot\System32\DRIVERS\termdd.sys \SystemRoot\System32\DRIVERS\mouclass.sys \SystemRoot\System32\DRIVERS\swenum.sys \SystemRoot\System32\DRIVERS\update.sys \SystemRoot\System32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\DRIVERS\usbhub.sys \SystemRoot\System32\DRIVERS\USBD.SYS \SystemRoot\System32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\System32\DRIVERS\ipsec.sys \SystemRoot\System32\DRIVERS\tcpip.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\srvkp.sys \SystemRoot\system32\drivers\sbaphd.sys \SystemRoot\System32\DRIVERS\rdbss.sys \SystemRoot\System32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\System32\DRIVERS\ipnat.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\System32\DRIVERS\hidusb.sys \SystemRoot\System32\DRIVERS\HIDCLASS.SYS \SystemRoot\System32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\SiSGRV.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\sbapifs.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\GRTdiMon.sys \SystemRoot\System32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\ParVdm.SYS \SystemRoot\System32\DRIVERS\HSF_FALL.sys \SystemRoot\System32\DRIVERS\HSF_FSKS.sys \SystemRoot\System32\DRIVERS\HSF_K56K.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\DRIVERS\mdmxsdk.sys \SystemRoot\System32\DRIVERS\HSF_FAXX.sys \SystemRoot\System32\DRIVERS\HSF_TONE.sys \SystemRoot\System32\DRIVERS\HSF_V124.sys \SystemRoot\System32\DRIVERS\ipfltdrv.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\System32\DRIVERS\asyncmac.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff893d0ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff89341940 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.22.03 Downloaded database version: v2012.11.19.01 Initializing... Done! Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff893d0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff893d4900, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff893d0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89350f18, DeviceName: \Device\0000005c\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff89341940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe395be68, 0xffffffff893d0ab8, 0xffffffff88729ab8 Lower DeviceData: 0xffffffffe3c7c2a8, 0xffffffff89341940, 0xffffffff88ed8ca0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 3470346F Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 78156162 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 40020664320 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)... Done! Performing system, memory and registry scan... Read File: File "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Administrator\Application Data\Netsweeper\liger.cf9" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users\Application Data\Ament.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users\Application Data\Bigpond\ESP Elements\license.exl" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users\Application Data\Bigpond\ESP Elements\prefs.exl" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users\Application Data\Bigpond\ESP Elements\transactionlog.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users\Application Data\BP Security\AntiMalware\WSCConfig.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-uninstall.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\WSCConfig.xml" is compressed (flags = 1) Read File: File "C:\boot.ini" is compressed (flags = 1) Read File: File "C:\END" is compressed (flags = 1) Done! Scan finished ======================================= Will wait for your advice next .. thanks again and enjoy your day or evening there.. .

I posted last night about this scam I receive but its only when I go to a SHS Aust forum.. no other one , then a box down right hand side toolbar says Malwarebytes had successfully blocked access to a potentially malicious website and the number of it is always the same.. 109.163.234.234.. what does it mean.. is my computer infecting the forum ? as my computer goes all strange for a while , it freezes so I have done what firefox suggested here just so you can see what is happening.. DDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Lorraine at 15:07:44 on 2012-11-21 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1247.607 [GMT 11:00] . AV: BP Security AntiMalware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: BP Security Firewall *Enabled* . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Bigpond\ESP Elements\AuthElementsSvc.exe c:\Program Files\bigpond\security\App\syssvcnt.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\mHotkey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\bigpond\security\app\Console.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\System32\alg.exe c:\Program Files\Bigpond\ESP Elements\bigpond.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uWindow Title = Internet Explorer, optimized for Bing and MSN dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [CHotkey] mHotkey.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ESP] "c:\program files\bigpond\security\app\start.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345461389625 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346750924046 TCP: NameServer = 10.0.0.138 TCP: Interfaces\{8BDC6399-C25B-4BA6-BF01-1301852D4BD9} : DHCPNameServer = 10.0.0.138 Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [2012-10-1 21616] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-11-19 21464] R2 AuthElementsSvc;AuthElementsSvc;c:\program files\bigpond\esp elements\AuthElementsSvc.exe [2012-10-22 243568] R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [2012-10-1 40304] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-31 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-31 676936] R2 SBAMSvc;AntiMalware;c:\program files\common files\sunbelt\SBAMSvc.exe [2010-8-20 2763080] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-11-19 69976] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-31 22856] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . =============== Created Last 30 ================ . 2012-11-19 02:42:37 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2012-11-19 02:42:36 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2012-11-19 02:42:33 -------- dc----w- c:\documents and settings\all users\application data\BP Security 2012-11-19 02:33:35 -------- dc----w- c:\documents and settings\all users\application data\Sunbelt 2012-11-19 02:31:36 -------- dc----w- c:\documents and settings\all users\application data\Authentium 2012-11-19 02:31:17 -------- d-----w- c:\program files\common files\Sunbelt 2012-11-19 02:19:30 -------- d-----w- c:\program files\common files\Authentium Shared 2012-11-18 12:50:21 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-11-18 12:47:04 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2012-11-18 12:47:04 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2012-11-18 12:47:04 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2012-11-18 12:47:04 117760 ------w- c:\windows\system32\prntvpt.dll 2012-11-18 12:47:03 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2012-11-18 12:47:03 575488 ------w- c:\windows\system32\xpsshhdr.dll 2012-11-18 12:47:03 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2012-11-18 12:47:03 1676288 ------w- c:\windows\system32\xpssvcs.dll 2012-11-18 12:47:02 -------- dc----w- C:\a36998e1156791e799ef4bec 2012-11-18 11:03:44 -------- dc----w- c:\documents and settings\all users\application data\ESP Elements 2012-11-18 10:58:38 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-11-18 10:58:38 -------- d-----w- c:\windows\system32\wbem\Repository 2012-11-18 10:51:48 -------- dc----w- c:\documents and settings\all users\application data\Bigpond 2012-11-18 10:51:48 -------- d-----w- c:\documents and settings\lorraine\application data\Bigpond 2012-11-18 10:44:21 -------- d-----w- c:\program files\Disk Cleaner 2012-11-18 01:11:15 -------- d-----w- c:\windows\system32\XPSViewer 2012-11-17 13:34:14 -------- dc----w- C:\a6466590732ffae1e6a3089e4cae02 2012-11-17 06:12:55 -------- d-----w- c:\documents and settings\lorraine\My Pictures 2012-11-16 03:56:15 -------- d-----w- c:\program files\Web Washer 2012-11-16 02:59:56 14664 ----a-w- c:\windows\stinger.sys 2012-11-16 02:55:08 -------- d-----w- c:\program files\stinger 2012-11-16 02:42:41 132880 ----a-w- c:\windows\system32\MSINET.OCX 2012-11-16 02:42:40 1008432 ----a-w- c:\windows\system32\MSCHRT20.OCX 2012-11-16 02:25:12 -------- d-----w- c:\documents and settings\lorraine\application data\ElevatedDiagnostics 2012-11-13 04:47:45 -------- d-----w- c:\documents and settings\lorraine\application data\Geek Uninstaller 2012-11-03 12:50:41 -------- d-----w- c:\program files\MSECache 2012-10-31 10:38:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-31 10:38:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-29 00:56:57 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll 2012-10-29 00:56:57 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-10-29 00:50:40 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-10-29 00:48:18 -------- d-----w- c:\windows\SHELLNEW . ==================== Find3M ==================== . 2012-11-19 09:58:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-19 09:58:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-21 10:02:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-21 10:02:23 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-21 10:02:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-10-01 00:36:22 444272 ----a-w- c:\windows\system32\grfilter.dll 2012-10-01 00:36:18 40304 ----a-w- c:\windows\system32\drivers\GRTdiMon.sys 2012-10-01 00:36:18 21616 ----a-w- c:\windows\system32\drivers\GRFilter.sys 2012-10-01 00:30:46 149360 ----a-w- c:\windows\system32\AuthWSC.dll 2012-10-01 00:28:38 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-10-01 00:28:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-10-01 00:28:38 106496 ----a-w- c:\windows\system32\atl71.dll 2012-10-01 00:27:08 86016 ----a-w- c:\windows\system32\wscif.dll 2012-10-01 00:26:24 103656 ----a-w- c:\windows\system32\authcrypt.dll 2012-09-22 10:08:19 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll . ============= FINISH: 15:09:15.01 =============== then next one is UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 8/18/2012 4:38:55 PM System Uptime: 11/21/2012 1:44:51 PM (2 hours ago) . Motherboard: Acer | | E61ML Processor: Intel® Celeron® CPU 2.60GHz | Socket 478 | 2600/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 37 GiB total, 25.999 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 11/16/2012 2:51:57 PM - System Checkpoint RP2: 11/17/2012 6:34:47 PM - System Checkpoint RP3: 11/17/2012 11:54:39 PM - Software Distribution Service 3.0 RP4: 11/18/2012 11:26:17 AM - Software Distribution Service 3.0 RP5: 11/18/2012 12:08:30 PM - Software Distribution Service 3.0 RP6: 11/18/2012 12:29:31 PM - Printer Driver Microsoft XPS Document Writer Installed RP7: 11/18/2012 2:33:48 PM - Software Distribution Service 3.0 RP8: 11/18/2012 9:43:16 PM - Restore Operation RP9: 11/18/2012 10:39:10 PM - Software Distribution Service 3.0 RP10: 11/18/2012 11:43:27 PM - Software Distribution Service 3.0 RP11: 11/19/2012 12:36:55 PM - Printer Driver Microsoft XPS Document Writer Installed RP12: 11/19/2012 10:18:33 PM - Software Distribution Service 3.0 RP13: 11/19/2012 11:22:05 PM - Software Distribution Service 3.0 RP14: 11/20/2012 4:13:52 PM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Anti-Spyware (Sunbelt4) BigPond (BIUS) Bigpond Desktop BigPond Security Bing Rewards Client Installer Disk Cleaner 2.0 Dropbox ESP Firewall (Core 2) Firewall (User) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) HP Deskjet 2050 J510 series Basic Device Software HP Deskjet 2050 J510 series Help HP Photo Creations HP Update IrfanView (remove only) Java 7 Update 9 Java Auto Updater Java SE Development Kit 7 Update 7 Junk Mail filter update Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Basic Edition 2003 Microsoft Office File Validation Add-In Microsoft Office PowerPoint Viewer 2007 (English) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) SafeCentral Security Suite Web Install Helper Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI SiS 650/651/740/661FX/741/760 series Third Party Prerequisites Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) USB Multimedia Keyboard Driver Ver1.02 WebFldrs XP Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WOT for Internet Explorer Yahoo! Software Update Yahoo! Toolbar Yahoo!7 Messenger . ==== Event Viewer Messages From Past Week ======== . 11/18/2012 9:41:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 11/18/2012 9:41:53 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 11/18/2012 9:41:53 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/18/2012 9:41:53 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/18/2012 9:41:53 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 11/18/2012 9:41:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 11/18/2012 9:41:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/18/2012 12:30:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. 11/18/2012 12:30:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 11/18/2012 12:30:47 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/18/2012 10:55:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect. 11/18/2012 10:55:06 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/18/2012 10:01:01 PM, error: Service Control Manager [7000] - The Active Malware Protection Support Driver service failed to start due to the following error: The system cannot find the file specified. 11/16/2012 2:47:35 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 11/16/2012 10:55:23 AM, error: Service Control Manager [7000] - The Office Source Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/16/2012 10:55:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Office Source Engine service to connect. . ==== End Of File =========================== Hoping you can help me..

I get this message when ever I log on to a senior site.. its the only place I do .. what does this message mean? Malwarebytes had successfully blocked access to a potentially malicious website and the number of it is always the same.. 109.163.234.234.. what does it mean.. even today when I went to this site it still showed up then the computer goes all slow and unresponsive ... any one know or can help.?