Jump to content

Recommended Posts

I have mbam PRO, and everything was good until installing Skype. I also have a MagicJack installed on my system. The magicJack was always good... had it for several years. I ran into a problem about 6 months ago and with the help of mbam, I was successful in recovering my system. A couple days ago, I installed Skype and I suddenly get IP Blocks in and out. A system quick scan shows no infections. Is this related to Skype? The IP Blocks have come a couple times, and nothing seems to be infecting my computer.

protection-log-2011-05-11.txt

Link to post
Share on other sites

I have followed the instructions to the "I am infected post and am attaching the files. I believe the reminents of the previous infection are still present, but I had manually removed the problem causing registry entries to stop the main infection. As I said, the scans come up clean and my system seems to run fine.

DDS text is:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Kelvin at 23:07:59.45 on May/13/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.544 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PowerManager\upssrv.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\PowerManager\upsio.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Kelvin\Application Data\mjusbsp\magicJack.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Kelvin\Desktop\Defogger.exe

C:\Documents and Settings\Kelvin\Desktop\dds.pif

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: {9030d464-4c02-4abf-8ecc-5164760863c6} - Windows Live Sign-in Helper

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [cdloader] "c:\documents and settings\kelvin\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\magicJackLoader.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\setup.exe

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: magicjack.com\my

Trusted Zone: magicjack.com\www

Trusted Zone: talk4free.com\reg

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298136497000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://scotiaitrademeetings.webex.com/client/T27LB/nbr/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-2 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-2 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110430.001\BHDrvx86.sys [2011-5-2 802936]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-2 136312]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-6-1 10384]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-19 363344]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-2 130008]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-2-24 439632]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-23 102448]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110513.001\IDSXpx86.sys [2011-5-13 341944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-19 20952]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110513.019\NAVENG.SYS [2011-5-13 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110513.019\NAVEX15.SYS [2011-5-13 1393144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 DCALEXICO;DCALEXICO;c:\windows\system32\drivers\dcalexico.sys --> c:\windows\system32\drivers\DCalexico.sys [?]

S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2007-5-1 132232]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-05-11 01:40:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Skype Extras

2011-05-11 01:38:50 -------- d-----r- c:\program files\Skype

2011-05-08 08:09:54 -------- d-----w- c:\docume~1\kelvin\locals~1\applic~1\tjnet

2011-05-08 08:06:46 -------- d-----w- c:\docume~1\kelvin\locals~1\applic~1\magicJack

2011-05-08 07:40:27 -------- d-----w- c:\docume~1\kelvin\applic~1\mjusbsp

2011-05-08 07:20:38 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys

2011-05-05 20:07:09 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-05-02 23:06:04 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys

2011-05-02 23:06:03 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys

2011-05-02 23:06:03 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys

2011-05-02 23:06:03 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys

2011-05-02 23:06:02 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys

2011-05-02 23:06:02 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys

2011-05-02 23:06:02 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys

2011-05-02 23:06:02 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys

2011-05-02 23:05:32 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D

2011-04-30 02:50:18 5640352 ----a-w- C:\flashplayer_10_sa.exe

2011-04-30 00:53:59 36896797 ----a-w- c:\windows\AlienBreedAni-1024x768.scr

2011-04-30 00:53:59 -------- d-----w- c:\windows\AlienBreedAni-1024x768 Uninstaller

2011-04-29 18:16:07 36896758 ----a-w- c:\windows\AlienBreed.scr

2011-04-29 18:16:06 -------- d-----w- c:\windows\AlienBreed Uninstaller

2011-04-29 17:39:18 -------- d-----w- c:\program files\InstantStorm

2011-04-27 07:11:38 -------- d-----w- c:\docume~1\kelvin\locals~1\applic~1\Temp

2011-04-26 03:04:14 -------- d-----w- c:\docume~1\kelvin\applic~1\RealWorld

2011-04-26 03:03:53 -------- d-----w- c:\program files\RealWorld Cursor Editor

2011-04-25 03:24:13 -------- d-----w- c:\program files\iColorFolder

2011-04-24 23:25:01 -------- d--h--w- c:\windows\PIF

2011-04-24 19:17:35 -------- d-----w- C:\PCTemp

2011-04-24 19:10:18 -------- d-----w- C:\PowerManager

2011-04-24 08:25:24 -------- d-----w- c:\program files\common files\Zero G Software

.

==================== Find3M ====================

.

2011-05-02 23:06:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2004-10-01 21:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 23:09:32.48 ===============

the other files are attached.Attach.zip

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.