207.232.22.60

[SteveP25]

I get a blank page when opening a new tab, and a Malwarebytes pop up that says blocked 207.232.22.60.

Here are my DDS and Attach reports.. I have Win7 and IE8.

Steve

DDS sp 7-26-2012.txt

Attach sp 7-26-2012.txt

[Maniac]

Hello SteveP25 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall the following application: ShopAtHome.com Toolbar

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log

[SteveP25]

Thank you for your help. I followed the instructions. The Malwarebytes scan did not detect anything malicious. Attached are the logs.

Steve

Malewarebytes protection-log-2012-07-27.txt

aswMBR sp 7-27-2012.txt

[Maniac]

Steve, read my instructions again:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Copy&Paste the entire report in your next reply.

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

[SteveP25]

Here they are.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-27 12:47:47

-----------------------------

12:47:47.520 OS Version: Windows x64 6.1.7601 Service Pack 1

12:47:47.520 Number of processors: 2 586 0x170A

12:47:47.520 ComputerName: MAINHOMEPC UserName: Steve

12:47:49.501 Initialize success

12:48:19.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:48:19.090 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3

12:48:19.106 Disk 0 MBR read successfully

12:48:19.106 Disk 0 MBR scan

12:48:19.106 Disk 0 Windows VISTA default MBR code

12:48:19.106 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

12:48:19.106 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920

12:48:19.121 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920

12:48:19.137 Disk 0 scanning C:\Windows\system32\drivers

12:48:27.795 Service scanning

12:48:44.222 Modules scanning

12:48:44.222 Disk 0 trace - called modules:

12:48:44.237 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys

12:48:44.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033e3060]

12:48:44.253 3 CLASSPNP.SYS[fffff88001b4d43f] -> nt!IofCallDriver -> [0xfffffa8002f89520]

12:48:44.253 5 ACPI.sys[fffff88000ed47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ee7060]

12:48:44.253 Scan finished successfully

12:49:13.784 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"

12:49:13.784 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR sp 7-27-2012.txt"

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56012, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56014, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56016, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56018, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56020, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56022, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56024, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56026, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56028, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56030, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56032, Process: ccsvchst.exe)

2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56034, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59457, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59460, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59462, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59464, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59466, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59468, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59470, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59472, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59474, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59476, Process: ccsvchst.exe)

2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59478, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59515, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59517, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59519, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59521, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59523, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59525, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59527, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59529, Process: ccsvchst.exe)

2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59531, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49723, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49726, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49728, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49730, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49732, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49734, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49736, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49738, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49740, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49742, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49744, Process: ccsvchst.exe)

2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49746, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49838, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49840, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49842, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49844, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49846, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49848, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49850, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49852, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49854, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49856, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49858, Process: ccsvchst.exe)

2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49860, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53035, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53038, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53040, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53042, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53044, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53046, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53048, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53050, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53052, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53054, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53056, Process: ccsvchst.exe)

2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53058, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53130, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53132, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53134, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53136, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53138, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53140, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53142, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53144, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53146, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53148, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53150, Process: ccsvchst.exe)

2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53152, Process: ccsvchst.exe)

2012/07/27 11:40:01 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53398, Process: ccsvchst.exe)

2012/07/27 11:40:01 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53401, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53405, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53407, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53409, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53411, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53413, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53415, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53417, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53419, Process: ccsvchst.exe)

2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53421, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53479, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53481, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53483, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53485, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53487, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53489, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53491, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53493, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53495, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53497, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53499, Process: ccsvchst.exe)

2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53501, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55512, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55514, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55516, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55518, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55520, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55522, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55524, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55526, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55528, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55530, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55532, Process: ccsvchst.exe)

2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55534, Process: ccsvchst.exe)

2012/07/27 12:36:32 -0400 MAINHOMEPC Steve MESSAGE Starting database refresh

2012/07/27 12:36:32 -0400 MAINHOMEPC Steve MESSAGE Stopping IP protection

2012/07/27 12:38:55 -0400 MAINHOMEPC Steve MESSAGE IP Protection stopped

2012/07/27 12:39:27 -0400 MAINHOMEPC Steve MESSAGE Database refreshed successfully

2012/07/27 12:39:27 -0400 MAINHOMEPC Steve MESSAGE Starting IP protection

2012/07/27 12:39:31 -0400 MAINHOMEPC Steve MESSAGE IP Protection started successfully

[Maniac]

Please follow my instructions strictly. Read my instructions for step 2 again.

[SteveP25]

• I redid step 2 and here is the correct log. Still nothing detected.
  

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.01.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Steve :: MAINHOMEPC [administrator]

Protection: Enabled

7/31/2012 11:43:52 PM

mbam-log-2012-07-31 (23-43-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198444

Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-31 23:59:31

-----------------------------

23:59:31.412 OS Version: Windows x64 6.1.7601 Service Pack 1

23:59:31.412 Number of processors: 2 586 0x170A

23:59:31.412 ComputerName: MAINHOMEPC UserName: Steve

23:59:33.533 Initialize success

23:59:43.316 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

23:59:43.316 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3

23:59:43.332 Disk 0 MBR read successfully

23:59:43.332 Disk 0 MBR scan

23:59:43.332 Disk 0 Windows VISTA default MBR code

23:59:43.332 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

23:59:43.347 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920

23:59:43.347 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920

23:59:43.378 Disk 0 scanning C:\Windows\system32\drivers

23:59:52.317 Service scanning

00:00:08.916 Modules scanning

00:00:08.916 Disk 0 trace - called modules:

00:00:08.947 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys

00:00:08.947 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033e4610]

00:00:09.462 3 CLASSPNP.SYS[fffff88001bca43f] -> nt!IofCallDriver -> [0xfffffa8002f1f9b0]

00:00:09.462 5 ACPI.sys[fffff88000f487a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ef3680]

00:00:09.462 Scan finished successfully

00:00:35.202 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\Malwarebytes July 2012\7-31\MBR.dat"

00:00:35.202 The log file has been saved successfully to "C:\Users\Steve\Desktop\Malwarebytes July 2012\7-31\aswMBR 7-31-12.txt"

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[SteveP25]

Here is the log. It appears to have worked.

ComboFix 12-08-04.02 - Steve 08/04/2012 19:58:01.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1242 [GMT -4:00]

Running from: c:\users\Steve\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))

.

.

2012-08-05 00:03 . 2012-08-05 00:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-27 18:50 . 2012-07-27 18:50 -------- d-----w- c:\program files (x86)\Pandora

2012-07-27 14:29 . 2012-07-27 14:29 -------- d-----w- c:\windows\system32\drivers\NSMx64\0203000.016

2012-07-12 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 03:33 . 2012-07-06 03:33 -------- d-----w- c:\windows\en

2012-07-06 03:28 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 10:23 . 2012-05-08 00:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-03 10:23 . 2011-08-29 18:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 07:01 . 2010-01-16 04:32 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2010-04-20 03:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-02 22:19 . 2012-06-21 15:08 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 15:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 15:08 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 15:08 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 15:08 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 15:08 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 15:08 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 15:08 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 15:08 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-15 04:01 . 2012-06-13 19:27 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:59 . 2012-06-13 19:27 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:03 . 2012-06-13 19:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-04_21.44.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-01-09 23:33 . 2012-08-04 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-09 23:33 . 2012-08-04 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-09 23:33 . 2012-08-04 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-01-09 23:33 . 2012-08-04 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-08-05 00:05 . 2012-08-05 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-04 21:43 . 2012-08-04 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-05 00:05 . 2012-08-05 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-04 21:43 . 2012-08-04 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-08-05 00:04 316988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-08-04 21:42 316988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"HttpWatch_RegIEPlugin"="c:\program files (x86)\HttpWatch\regieplugin.exe" [2012-06-07 2283744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]

.

c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]

R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSMx64\0203000.016\SymRdrS.SYS [2011-11-17 218232]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-26 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [2011-11-04 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120803.002\IDSvia64.sys [2012-07-04 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-15 203264]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-06-11 335888]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 NOF;Norton Online;c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe [2011-11-30 138248]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-10 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 10:23]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1753098322-611350664-1751214061-1001Core.job

- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 22:54]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1753098322-611350664-1751214061-1001UA.job

- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 22:54]

.

2012-08-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2012-08-04 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: HttpWatch Basic - c:\program files (x86)\HttpWatch\httpwatch.dll/1351

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\xexkv5kf.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NOF]

"ImagePath"="\"c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files (x86)\Norton Online\Engine\2.3.0.7\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.22\tampmon.exe

.

**************************************************************************

.

Completion time: 2012-08-04 20:11:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-05 00:11

ComboFix2.txt 2012-08-04 21:50

.

Pre-Run: 152,291,717,120 bytes free

Post-Run: 152,203,296,768 bytes free

.

- - End Of File - - 01D527F740AF61893A23D323E4BCBAD6

[Maniac]

You mean that your blocking IPs are gone?

[SteveP25]

That seems to be correct. I no longer get a blank page when opening a new tab, nor do i get the Malwarebytes pop up that says blocked 207.232.22.60.

[Maniac]

Good!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[SteveP25]

I ran the Eset Scan. It did find three bugs.

The only log file i could find in the EsetOnline Scanner folder was this.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

However, here are the three items found and cleaned.

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll

a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll

probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

[Maniac]

Please locate and manually delete this folder:

C:\Program Files (x86)\Windows iLivid Toolbar

Then let me know how is your system.

[SteveP25]

Found and deleted the iLivid folder.

Seems to be better. I had been experiencing the "Internet Explorer Cannot Display this page" error a lot. After deleting the folder, I got it once for my Google homepage, but it was after i deleted history and rebooted,

[Maniac]

Glad I could help!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS and aswMBR. Next, uninstall ESET Online Scanner.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!