When it rains, it pours......

Sorry to have to post in this forum, too. I received this just minutes ago. It was a "pop up" that came up when I did a search for "Victorian ties". I clicked on a website that was rated ok by WOT, and this came up. It looked like a generic window.

"The page at http://www1.overpowerguard6.in says: WARNING ! Your computer is at risk of malware attacks. We recommend you to check your system immediately. Press OK to start the process now."

I did not press ok. I did not use the red "X" to close it. I brought up task manager to end it. I noticed that on the task manager, it is listed as "Security Analysis - Mozilla Firefox" with the Firefox symbol on it. I also use Glary Utilities, and I could not find the process on that, even though it was still open.

After everyting was properly closed out, I tried to open Firefox again, and the window came back up. I ended it again using task manager. I scanned using MBAM. Here it is.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4968

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/27/2010 6:35:03 PM
mbam-log-2010-10-27 (18-35-03).txt

Scan type: Quick scan
Objects scanned: 138381
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


As always, THANKS !

I don't know if this is needed, but here it is.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/27/2010 at 07:41 PM

Application Version : 4.33.1000

Core Rules Database Version : 5769
Trace Rules Database Version: 3581

Scan type : Quick Scan
Total Scan Time : 00:36:51

Memory items scanned : 496
Memory threats detected : 0
Registry items scanned : 221
Registry threats detected : 0
File items scanned : 43988
File threats detected : 0

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0f1d3060d0e738478822029392783c6b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-28 03:20:46
# local_time=2010-10-28 11:20:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 39816603 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16776573 100 77 6514019 8347805 0 0
# scanned=217287
# found=0
# cleaned=0
# scan_time=6114

Just before I ran this scan, there was a window that had the heading "http://jdn.monster.com/render/adimage.aspx" that was minimized. I put my house over it, and I could see that it said something like "pinned to Firefox" or something similar. Also, when I first turned the computer on today, there was a black screen that said : "Check file system on C. Type is NTFS. One of your disks needs to be checked for consistency. Windows will check disk. 196 large file records processed. 0 bad records processed. 0 EA records processed. 44 parsed (records checked). CHKDSK verify indexes. 0 unindexed scanned. 0 unindexed files recovered. CHKDSK verifying security descriptors. " This last part went so quickly, I could not see what it said after that.

Let's try this...

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Right-click on mbr.exe and click Run as Administrator to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

I downloaded from the gmer website the mbr that is renamed. My computer then allowed me to run the scan. I'll post it when it is done.

I'm pretty sure that the scan stopped without saving a log or continuing.....

I manually saved it. I still think it did not finish the scan, as it did not save a log. Seems like there was more to it than this, unless this part is all you need. What I mean is that there were other tabs, but this info was under the rootkit tab.


GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-01 19:47:24
Windows 6.1.7600
Running: im13xzv7.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137a7204
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137a7204 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\856DA7FAd01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\191CDB7Ad01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\A2E80E7Ed01 32007 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\24485117d01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\46CC8D3Bd01 20993 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\90A9473Bd01 32988 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\0874E3C5d01 28745 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\62F20B39d01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\28634A5Bd01 27891 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\29017675d01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\40C0A3B6d01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\E6644139d01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\E6AFACA8d01 30638 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\75C50996d01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\2679EBC7d01 39307 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\26F1BA3Ad01 0 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\5837EA24d01 33660 bytes
File C:\Users\Tricia\AppData\Local\Mozilla\Firefox\Profiles\co6rdodu.default\Cache\C8BB98F7d01 0 bytes

---- EOF - GMER 1.0.15 ----

Sorry for the delay. I asked my staff to drop in and help because I have been on vacation since Monday, but they have not returned. I will do my best to drop in to help.

Let me know how your computer is running.

I understand, thank you.

Well......I haven't had any more of the pop up window. I am still having the problem that I posted in the other topic, though. The only other thing happening is that I am getting random shut downs. What I mean is, the black screen with the typical windows explanation about it having to shut down to protect my computer. It was happening several times a day until about three days ago, when it started with it being about once a day. Not sure if that is related to my problem here, as this started prior to that. The only thing I've done to try to remedy the black screens is to change my Corel Paintshop Pro X2 to run like it is on XP (I may be explaining it in the wrong manner). I was not sure if Corel was causing the problem. I also use a printer, scanner, camera, and MP3 player on this laptop, so I guess it could be related to any one of those......