For about a week, Multiple times a day I am getting two different popups. One is Internet explorer wanting me to activate it, and the other is the Windows Malicious software removal tool which I have attached a picture of:

http://www.aww-kittah-aww.com/up/public/153604/Popup.png
(sorry for the poor quality, i cannot take a screenshot when this is on the screen)


I have ran a DDS and here is the log:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Ernie at 12:09:54.30 on Tue 05/18/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2746 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\program files (x86)\aim toolbar\aimtbServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ernie\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files (x86)\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files (x86)\aim toolbar\aimtb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files (x86)\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files (x86)\aim toolbar\aimtb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Aim] "c:\program files (x86)\aim\aim.exe" /d locale=en-US
uRun: [StartServicePCFADKSL] c:\users\ernie\appdata\local\pcfadksl\StartService.exe
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\ernie\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ernie\appdata\roaming\mozilla\firefox\profiles\e69pi170.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-4-13 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-4-13 35464]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-4-13 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-4-13 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-4-13 308064]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28x.sys [2009-6-10 620544]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-4-15 1038088]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-10 1255736]

=============== Created Last 30 ================

2010-05-17 22:19:43 0 d-----w- c:\users\ernie\appdata\roaming\GetRightToGo
2010-05-13 11:47:12 0 d-----w- c:\users\ernie\appdata\roaming\Malwarebytes
2010-05-13 11:47:06 0 d-----w- c:\programdata\Malwarebytes
2010-05-13 11:47:05 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 11:47:05 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-05-12 07:02:01 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 07:02:01 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-11 04:03:05 0 d-----w- c:\users\ernie\Comics
2010-05-11 03:53:24 0 d-----w- c:\program files\SmartFTP Client
2010-05-11 03:52:51 0 d-----w- c:\program files (x86)\SmartFTP Client 3.0 (x64) Setup Files
2010-05-10 17:54:59 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-05-10 17:51:36 0 d--h--w- c:\windows\msdownld.tmp
2010-05-10 17:51:35 0 d-----w- c:\windows\syswow64\directx
2010-05-10 17:51:33 0 d-----w- c:\users\ernie\appdata\roaming\XBMC
2010-05-10 17:51:22 0 d-----w- c:\program files (x86)\XBMC
2010-05-10 07:00:39 0 d-----w- c:\windows\syswow64\Wat
2010-05-10 07:00:33 0 d-----w- c:\windows\system32\Wat
2010-05-09 17:19:51 99384 ----a-w- c:\users\ernie\appdata\roaming\inst.exe
2010-05-09 17:19:51 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-09 17:19:51 82816 ----a-w- c:\users\ernie\appdata\roaming\pcouffin.sys
2010-05-09 17:19:45 0 d-----w- c:\program files (x86)\DVDFab 7
2010-05-01 00:28:21 0 d-----w- c:\program files (x86)\CDisplay
2010-04-30 15:33:41 0 d-----w- c:\program files (x86)\Razor
2010-04-30 15:28:39 0 d-----w- c:\program files (x86)\EA Games
2010-04-28 11:59:31 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 11:59:30 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-04-28 11:59:29 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-04-28 11:59:29 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-04-28 11:59:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 11:59:29 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-27 22:45:30 0 d-----w- c:\users\ernie\appdata\roaming\Foxit Software
2010-04-20 23:35:17 0 d-----w- c:\program files (x86)\Foxit Software
2010-04-20 12:19:03 0 d-----w- c:\users\ernie\appdata\roaming\OpenOffice.org
2010-04-20 12:17:22 0 d-----w- c:\program files (x86)\JRE
2010-04-20 03:14:53 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-04-20 03:01:02 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-20 03:01:01 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-20 03:01:01 145184 ----a-w- c:\windows\syswow64\java.exe

==================== Find3M ====================

2010-04-24 13:48:04 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-04-15 02:44:36 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-04-14 16:03:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-14 00:30:00 12976 ----a-w- c:\windows\system32\avgrssta.dll
2010-04-14 00:29:54 269320 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-04-14 00:29:53 35464 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:10:19.70 ===============

hi,

Internet Explorer dosnt have to be activated. We will get a download to use has a check for any malware. Its called Malwarebytes. Link and directions:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

I finished the scan and nothing was found.

Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4142

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/25/2010 1:19:07 PM
mbam-log-2010-05-25 (13-19-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 250172
Time elapsed: 31 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)



This is strange and I do not understand why the malicious tool keeps popping up. It is pissing me off.

Hi,

The tool is updated and downloaded via windows updates. I think the tool only runs one time looking for certain malware. But when its updated it will need to run again. User account control (UAC) kicks in on certain tasks that require elevated privileges. It is a failed security feature in Vista and W7.

If you have auto-updates on you will most likely have the tool updated frequently and asked to run it every time there is a update.

Do you know what your level is set at for UAC. There is a slider type setting to control UAC and what it might prompt you for based on the action you want to do. Like launching a .exe

http://www.microsoft.com/security/malwareremove/default.aspx

my UAC is set to the default. The only way to set it any lower is to turn it off completely.

Now i just want a way to delete the program from my computer

the tool is downloaded as part of Windows update. It runs in the background one time. Why not just let it run? Its looking for specific malware on machines. In order to not have it down load you would have to turn auto-updates off and visit Windows Update yourself and chose not to download/install the tool. This is the only way as far as I know not to have the tool install to your computer.

http://support.microsoft.com/?kbid=890830

the tool is downloaded as part of Windows update. It runs in the background one time. Why not just let it run? Its looking for specific malware on machines. In order to not have it down load you would have to turn auto-updates off and visit Windows Update yourself and chose not to download/install the tool. This is the only way as far as I know not to have the tool install to your computer.

http://support.microsoft.com/?kbid=890830

Since your post I have clicked es to allow it to run It still has popped up four times today. I wouldn't mind it running but this is just annoying

go to start run and copy/paste in the window whats below;



c:\windows\debug\mrt.log


copy paste whats in the log in your reply

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Wed May 12 09:25:19 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:3356 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{44a6f6a8-59f0-11df-b5af-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3d12-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3dc4-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c668541-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c6685a9-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8cf7ffb6-53c2-11df-beed-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ff8d71ff-5a1c-11df-afc9-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
No infection found as part of the extended scan
-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 12 10:52:46 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Thu May 13 08:49:58 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:5064 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{44a6f6a8-59f0-11df-b5af-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3d12-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3dc4-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac42c5-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c668541-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c6685a9-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8cf7ffb6-53c2-11df-beed-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ff8d71ff-5a1c-11df-afc9-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
No infection found as part of the extended scan
-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 13 10:11:06 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Thu May 13 17:03:07 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:1636 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\ProgramData\avg9\Chjw\88c21775c217672a\5d49a8d6-5fb9-49ba-a840-401311e28028 (code 0x00000020 (32))
->Scan ERROR: resource file://C:\ProgramData\avg9\Chjw\88c21775c217672a\9a330a50-0a6c-46a9-96bd-b00d44e5a142 (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{44a6f6a8-59f0-11df-b5af-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3d12-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3dc4-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac42c5-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c668541-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c6685a9-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8cf7ffb6-53c2-11df-beed-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ff8d71ff-5a1c-11df-afc9-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
No infection found as part of the extended scan
-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 13 18:29:42 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Fri May 14 09:25:16 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:3396 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3228 (code 0x00000057 (87))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{44a6f6a8-59f0-11df-b5af-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3d12-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3dc4-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac42c5-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c668541-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c6685a9-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8cf7ffb6-53c2-11df-beed-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ff8d71ff-5a1c-11df-afc9-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
No infection found as part of the extended scan
-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 14 10:55:09 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Wed May 19 11:34:33 2010
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 19 11:34:41 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Wed May 19 13:09:05 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:3452 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{44a6f6a8-59f0-11df-b5af-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3d12-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3dc4-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac42c5-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c668541-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c6685a9-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8cf7ffb6-53c2-11df-beed-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ff8d71ff-5a1c-11df-afc9-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Wed May 26 00:03:15 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:4244 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{07b20b27-63c5-11df-9608-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{148ba571-6818-11df-aabe-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3d12-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3dc4-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac42c5-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c668541-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c6685a9-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ee3ecba4-654d-11df-a658-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Wed May 26 08:28:36 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:2720 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4732 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:2608 (code 0x00000057 (87))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\ProgramData\avg9\Chjw\88c21775c217672a\241df4de-be70-44eb-8ee0-eabc624f5979 (code 0x00000020 (32))
->Scan ERROR: resource file://C:\ProgramData\avg9\Chjw\88c21775c217672a\d72097ef-9e98-465b-ae34-515917917680 (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{07b20b27-63c5-11df-9608-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{148ba571-6818-11df-aabe-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3d12-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3dc4-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac42c5-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c668541-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c6685a9-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ee3ecba4-654d-11df-a658-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
No infection found as part of the extended scan
-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 26 10:15:33 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Wed May 26 17:07:01 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:3368 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{07b20b27-63c5-11df-9608-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{148ba571-6818-11df-aabe-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3d12-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac3dc4-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{5cac42c5-5caf-11df-beda-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c668541-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8c6685a9-5b8f-11df-9124-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ee3ecba4-654d-11df-a658-90e6bac59f68}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Thu May 27 09:45:06 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:3404 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2688 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:1872 (code 0x00000057 (87))

hi,

thanks for the info. As far as I know this tool should run in the background and not even prompt you unless if finds something on your machine. I thought maybe your User Account Control was set to 'prompt for everything' but even if that was the case the tool should only run once and not prompt you again and again.

copy this in the run window and post the log, maybe it will provide a clue:

C:\Windows\Debug\mrteng.log

I tried to run it just now and got this error:

'Windows cannot find c:\Windows\Debug\mrteng.log Make sure you typed the name correctly , and then try again

ok thanks for the info. I guess there is no log file. Just looking for some clues really.
There is a lot of scareware out there that can look just like legitimate software, but when you have let it run it is the actual Windows MRT utility.
Why its prompting you over and over I cant say because I dont know.

Malware on computers usually generates certain signs (http://www.virusvault.us/signs.html), are you having any of these? Just trying to rule out any malware on your machine. If it continues then i would suggest a Windows user forum.
What about those IE prompts to activate? Can you tell me more about those?

This thread has been closed due to inactivity. As it has been four days or more since your last post, it will not be re-opened.

If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.