Jump to content

Multiple blocks to outgoing malicious IP sites


Recommended Posts

Hello,

Please help. Since Mwb was updated, it started displaying messages. I'm not sure if its normal for the new version to do this or there is something else going on. Here is the information requested by this forum: Thanks in advance for your help.

Albey

mbam-log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6809

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/8/2011 8:02:37 AM

mbam-log-2011-06-08 (08-02-36).txt

Scan type: Quick scan

Objects scanned: 155712

Time elapsed: 19 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Protection Log:

03:30:11 Sheila Malcolm MESSAGE Protection started successfully

03:30:22 Sheila Malcolm MESSAGE IP Protection started successfully

05:53:39 Sheila Malcolm MESSAGE Protection started successfully

05:54:07 Sheila Malcolm MESSAGE IP Protection started successfully

05:55:19 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

05:55:20 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

05:55:21 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

05:56:25 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

05:56:26 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

05:56:28 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

06:03:06 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

06:03:09 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

06:03:15 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

06:52:06 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

06:52:08 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

06:52:09 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

06:52:11 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

06:52:15 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

06:52:17 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

06:52:24 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

06:52:27 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

06:52:33 Sheila Malcolm IP-BLOCK 109.120.157.183 (Type: outgoing)

07:28:16 Sheila Malcolm MESSAGE Protection started successfully

07:28:26 Sheila Malcolm MESSAGE IP Protection started successfully

07:38:04 Sheila Malcolm MESSAGE Protection started successfully

07:38:13 Sheila Malcolm MESSAGE IP Protection started successfully

07:41:47 Sheila Malcolm MESSAGE IP Protection stopped

07:42:04 Sheila Malcolm MESSAGE Database updated successfully

07:42:11 Sheila Malcolm MESSAGE IP Protection started successfully

07:46:06 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

07:46:07 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

07:46:09 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

08:07:37 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

08:07:38 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

08:07:39 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

09:14:50 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

09:14:52 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

09:14:53 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

09:40:09 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

09:40:11 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

09:40:12 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

09:52:29 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

09:52:30 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

09:52:32 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

10:15:04 Sheila Malcolm IP-BLOCK 193.138.244.78 (Type: incoming)

10:15:04 Sheila Malcolm IP-BLOCK 193.138.244.78 (Type: outgoing)

10:15:05 Sheila Malcolm IP-BLOCK 193.138.244.78 (Type: outgoing)

10:15:07 Sheila Malcolm IP-BLOCK 193.138.244.78 (Type: outgoing)

10:53:57 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

10:53:58 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

10:53:59 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

11:13:52 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

11:13:54 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

11:13:55 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

11:33:48 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

11:33:50 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

11:33:51 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

11:37:04 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

11:37:06 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

11:37:07 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

12:33:01 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

12:33:03 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

12:33:04 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

13:27:33 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

13:27:34 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

13:27:36 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

13:52:28 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

13:52:29 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

13:52:30 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

15:12:03 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

15:12:05 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

15:20:30 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

15:20:32 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

15:51:26 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

15:51:27 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

15:51:29 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

16:33:40 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

16:33:42 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

16:52:57 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

16:52:58 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

16:53:00 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

DDS.txt :

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Sheila Malcolm at 10:39:47 on 2011-06-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.893 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RamBooster 2.0\Rambooster.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\Sheila Malcolm\Application Data\mjusbsp\magicJack.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sheila Malcolm\Desktop\Defogger.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110530183526.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: InfinityMW Toolbar: {d6ecae88-2910-4a5b-a7c6-3dee8318a3bc} - c:\program files\infinitymw\prxtbInf0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client for internet explorer\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: InfinityMW Toolbar: {d6ecae88-2910-4a5b-a7c6-3dee8318a3bc} - c:\program files\infinitymw\prxtbInf0.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Power2GoExpress] NA

uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"

uRun: [cdloader] "c:\documents and settings\sheila malcolm\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [VMpTtray.exe] c:\program files\sony\vaio media plus\VMpTtray.exe

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_S595.tmp" /EF "HKCU"

mRun: [LaunchApp]

mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\documents and settings\sheila malcolm\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{232A46F5-0941-4847-955E-47909183CC03} : DhcpNameServer = 207.69.188.186 207.69.188.187

TCP: Interfaces\{B5EFBCCE-2DE3-4D69-94EC-706E53302BDC} : NameServer = 204.194.232.200,204.194.234.200

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sheila malcolm\application data\mozilla\firefox\profiles\xobaoy73.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/

FF - plugin: c:\documents and settings\sheila malcolm\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-22 89368]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-7 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-27 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-22 165000]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-22 159832]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-22 148520]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]

R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2010-10-6 103712]

R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2010-10-6 353568]

R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2010-10-6 62752]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-2-13 5188968]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-22 57432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-7 22712]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-27 179248]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-27 59288]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-22 337912]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-22 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-22 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-22 85984]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-27 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-27 40552]

S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [2008-12-27 17648]

S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [2008-12-27 69744]

.

=============== Created Last 30 ================

.

2011-06-08 07:53:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-30 23:35:27 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

2011-05-15 18:17:08 -------- d-----w- c:\program files\Samsung

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-24 13:53:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-03-13 16:20:10 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-03-13 16:20:10 89368 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-03-13 16:20:10 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-03-13 16:20:10 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-03-13 16:20:10 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-03-13 16:20:10 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-03-13 16:20:10 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-03-13 16:20:10 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-03-13 16:20:10 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-03-13 16:20:10 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

.

============= FINISH: 10:40:45.31 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Updated to 6845

Here is the scan results:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6845

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/13/2011 2:56:47 AM

mbam-log-2011-06-13 (02-56-47).txt

Scan type: Quick scan

Objects scanned: 157875

Time elapsed: 17 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Here is the new DDS log:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Sheila Malcolm at 5:36:45 on 2011-06-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.796 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\RamBooster 2.0\Rambooster.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110530183526.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: InfinityMW Toolbar: {d6ecae88-2910-4a5b-a7c6-3dee8318a3bc} - c:\program files\infinitymw\prxtbInf0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client for internet explorer\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: InfinityMW Toolbar: {d6ecae88-2910-4a5b-a7c6-3dee8318a3bc} - c:\program files\infinitymw\prxtbInf0.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

uRun: [Power2GoExpress] NA

uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"

uRun: [cdloader] "c:\documents and settings\sheila malcolm\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [VMpTtray.exe] c:\program files\sony\vaio media plus\VMpTtray.exe

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\documents and settings\sheila malcolm\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{232A46F5-0941-4847-955E-47909183CC03} : DhcpNameServer = 207.69.188.186 207.69.188.187

TCP: Interfaces\{B5EFBCCE-2DE3-4D69-94EC-706E53302BDC} : NameServer = 204.194.232.200,204.194.234.200

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sheila malcolm\application data\mozilla\firefox\profiles\xobaoy73.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-22 89368]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-7 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-27 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-22 165000]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-22 159832]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-22 148520]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]

R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2010-10-6 103712]

R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2010-10-6 353568]

R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2010-10-6 62752]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-2-13 5188968]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-22 57432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-7 22712]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-27 179248]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-27 59288]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-22 337912]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-22 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-22 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-22 85984]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-27 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-27 40552]

S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [2008-12-27 17648]

S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [2008-12-27 69744]

.

=============== Created Last 30 ================

.

2011-06-13 08:45:30 -------- d-sha-r- C:\cmdcons

2011-06-13 08:41:09 98816 ----a-w- c:\windows\sed.exe

2011-06-13 08:41:09 518144 ----a-w- c:\windows\SWREG.exe

2011-06-13 08:41:09 256512 ----a-w- c:\windows\PEV.exe

2011-06-13 08:41:09 208896 ----a-w- c:\windows\MBR.exe

2011-06-11 14:48:24 -------- d-----w- c:\documents and settings\sheila malcolm\application data\go

2011-06-11 14:48:17 -------- d-----w- c:\documents and settings\all users\application data\Easybits GO

2011-06-08 07:53:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-30 23:35:27 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

2011-05-15 18:17:08 -------- d-----w- c:\program files\Samsung

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-24 13:53:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

.

============= FINISH: 5:37:49.20 ===============

Link to post
Share on other sites

Here is the protection log since running combo fix:

00:04:40 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

00:04:41 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

00:04:43 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

00:13:04 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

00:13:05 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

00:13:07 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

00:38:03 Sheila Malcolm MESSAGE Scheduled update executed successfully

00:38:03 Sheila Malcolm MESSAGE IP Protection stopped

00:38:21 Sheila Malcolm MESSAGE Database updated successfully

00:38:32 Sheila Malcolm MESSAGE IP Protection started successfully

01:36:05 Sheila Malcolm IP-BLOCK 222.186.17.50 (Type: outgoing)

01:36:06 Sheila Malcolm IP-BLOCK 222.186.17.50 (Type: outgoing)

01:36:08 Sheila Malcolm IP-BLOCK 222.186.17.50 (Type: outgoing)

02:05:53 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

02:05:55 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

02:05:56 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

02:24:28 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

02:24:30 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

02:24:31 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

03:24:22 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

03:24:24 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

03:24:25 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

03:58:38 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: incoming)

04:03:46 Sheila Malcolm MESSAGE Protection started successfully

04:03:55 Sheila Malcolm MESSAGE IP Protection started successfully

04:37:49 Sheila Malcolm MESSAGE IP Protection stopped

04:54:34 Sheila Malcolm MESSAGE Protection started successfully

04:54:41 Sheila Malcolm MESSAGE IP Protection started successfully

05:04:24 Sheila Malcolm MESSAGE IP Protection stopped

05:04:37 Sheila Malcolm MESSAGE Database updated successfully

05:04:43 Sheila Malcolm MESSAGE IP Protection started successfully

05:22:54 Sheila Malcolm MESSAGE Protection started successfully

05:23:03 Sheila Malcolm MESSAGE IP Protection started successfully

05:51:48 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

05:51:50 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

05:51:51 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

06:43:56 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

06:43:58 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

06:43:59 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

07:45:12 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

07:45:13 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

07:45:15 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

07:45:58 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

07:45:59 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

07:46:01 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

08:23:59 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

08:24:00 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

08:24:02 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

09:05:46 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

09:05:47 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

09:05:49 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

09:32:17 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

09:32:18 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

09:32:20 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

09:38:37 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

09:38:38 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

09:38:40 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

Link to post
Share on other sites

  • Staff

Hi,

Please use the Add Reply button to reply instead of the "Reply button.

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Also uninstall the following:

Conduit Engine

InfinityMW Toolbar

Yahoo! Toolbar

Yontoo Layers Client for Internet Explorer 1.02.28

Reboot and see if the blocks persist. If so, post a fresh DDS log (both DDS.txt and attach.txt).

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

Thank you for your continued assistance.

I found and removed all but the Yontoo Layers Client for Internet Explorer 1.02.28, because It was not in the programs and features list. CCleaner was installed and used to remove any registry fragments in the hopes it would remove Yontoo Layers Client.

Block messages persist after reboot. Here is the Updated DDS:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Sheila Malcolm at 19:48:34 on 2011-06-15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.593 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\RamBooster 2.0\Rambooster.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110530183526.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client for internet explorer\YontooIEClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Power2GoExpress] NA

uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe

uRun: [cdloader] "c:\documents and settings\sheila malcolm\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [VMpTtray.exe] c:\program files\sony\vaio media plus\VMpTtray.exe

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\documents and settings\sheila malcolm\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{232A46F5-0941-4847-955E-47909183CC03} : DhcpNameServer = 207.69.188.186 207.69.188.187

TCP: Interfaces\{B5EFBCCE-2DE3-4D69-94EC-706E53302BDC} : NameServer = 204.194.232.200,204.194.234.200

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sheila malcolm\application data\mozilla\firefox\profiles\xobaoy73.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-22 89368]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-7 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-27 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-22 165000]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-22 159832]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-22 148520]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]

R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2010-10-6 103712]

R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2010-10-6 353568]

R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2010-10-6 62752]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-2-13 5188968]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-22 57432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-7 22712]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-27 179248]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-27 59288]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-22 337912]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-22 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-7 39984]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-22 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-22 85984]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-27 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-27 40552]

S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [2008-12-27 17648]

S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [2008-12-27 69744]

.

=============== Created Last 30 ================

.

2011-06-15 21:12:51 -------- d-----w- c:\program files\ESET

2011-06-15 19:54:52 -------- d-----w- c:\program files\CCleaner

2011-06-15 16:19:39 59904 ----a-w- c:\windows\system32\wbemdisp.tlb

2011-06-15 16:19:38 203976 ----a-w- c:\windows\system32\RichTx32.ocx

2011-06-15 16:19:38 108336 ----a-w- c:\windows\system32\MSWinSck.ocx

2011-06-15 16:19:33 -------- d-----w- c:\program files\AnswersThatWork

2011-06-15 16:19:32 368912 ----a-w- c:\windows\system32\vbar332.dll

2011-06-15 16:19:31 140288 ----a-w- c:\windows\system32\COMDLG32.OCX

2011-06-13 08:45:30 -------- d-sha-r- C:\cmdcons

2011-06-13 08:41:09 98816 ----a-w- c:\windows\sed.exe

2011-06-13 08:41:09 518144 ----a-w- c:\windows\SWREG.exe

2011-06-13 08:41:09 256512 ----a-w- c:\windows\PEV.exe

2011-06-13 08:41:09 208896 ----a-w- c:\windows\MBR.exe

2011-06-08 07:53:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-30 23:35:27 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-24 13:53:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

.

============= FINISH: 19:49:29.15 ===============

Here is the updated Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-03.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 12/26/2008 3:31:42 PM

System Uptime: 6/15/2011 3:58:57 PM (4 hours ago)

.

Motherboard: eMachines | | WMCP61M

Processor: AMD Athlon Processor 2650e | Socket AM2 | 1607/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 69 GiB total, 42.747 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 39.9 GiB free.

E: is CDROM ()

F: is Removable

G: is CDROM (CDFS)

H: is Removable

Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP826: 4/23/2011 5:39:56 PM - System Checkpoint

RP827: 4/24/2011 6:19:14 PM - System Checkpoint

RP828: 4/25/2011 6:59:29 PM - System Checkpoint

RP829: 4/26/2011 7:52:29 PM - System Checkpoint

RP830: 4/27/2011 7:53:08 PM - System Checkpoint

RP831: 4/28/2011 3:00:19 AM - Software Distribution Service 3.0

RP832: 4/29/2011 11:46:16 AM - System Checkpoint

RP833: 4/30/2011 12:41:32 PM - System Checkpoint

RP834: 5/1/2011 12:50:16 PM - System Checkpoint

RP835: 5/2/2011 5:44:33 AM - 05022011

RP836: 5/3/2011 7:17:55 AM - System Checkpoint

RP837: 5/4/2011 7:30:16 AM - System Checkpoint

RP838: 5/5/2011 8:09:10 AM - System Checkpoint

RP839: 5/6/2011 9:16:07 AM - System Checkpoint

RP840: 5/7/2011 9:40:23 AM - System Checkpoint

RP841: 5/8/2011 10:52:02 AM - System Checkpoint

RP842: 5/9/2011 11:22:10 AM - System Checkpoint

RP843: 5/10/2011 11:56:11 AM - System Checkpoint

RP844: 5/12/2011 3:00:21 AM - Software Distribution Service 3.0

RP845: 5/13/2011 9:28:47 PM - System Checkpoint

RP846: 5/15/2011 1:16:59 PM - Installed SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6

RP847: 5/16/2011 1:24:11 PM - System Checkpoint

RP848: 5/17/2011 1:55:57 PM - System Checkpoint

RP849: 5/18/2011 2:22:04 PM - System Checkpoint

RP850: 5/19/2011 2:48:02 PM - System Checkpoint

RP851: 5/20/2011 2:55:02 PM - System Checkpoint

RP852: 5/21/2011 3:30:02 PM - System Checkpoint

RP853: 5/22/2011 4:17:13 PM - System Checkpoint

RP854: 5/23/2011 5:33:31 PM - System Checkpoint

RP855: 5/24/2011 4:07:58 AM - Software Distribution Service 3.0

RP856: 5/25/2011 8:04:30 AM - System Checkpoint

RP857: 5/26/2011 8:40:41 AM - System Checkpoint

RP858: 5/27/2011 11:11:24 AM - System Checkpoint

RP859: 5/28/2011 11:57:17 AM - System Checkpoint

RP860: 5/29/2011 12:42:50 PM - System Checkpoint

RP861: 5/30/2011 7:38:44 PM - System Checkpoint

RP862: 5/31/2011 8:25:57 PM - System Checkpoint

RP863: 6/2/2011 7:18:55 AM - System Checkpoint

RP864: 6/3/2011 4:30:03 PM - System Checkpoint

RP865: 6/4/2011 9:12:36 PM - System Checkpoint

RP866: 6/5/2011 9:57:00 PM - System Checkpoint

RP867: 6/6/2011 10:44:57 PM - System Checkpoint

RP868: 6/7/2011 11:54:20 PM - System Checkpoint

RP869: 6/9/2011 12:27:09 AM - System Checkpoint

RP870: 6/10/2011 1:13:35 AM - System Checkpoint

RP871: 6/11/2011 1:29:24 AM - System Checkpoint

RP872: 6/12/2011 2:27:51 AM - System Checkpoint

RP873: 6/13/2011 7:31:43 AM - System Checkpoint

RP874: 6/15/2011 11:08:41 AM - The Ultimate Troubleshooter Installation

RP875: 6/15/2011 2:14:01 PM - Removed Ask Toolbar.

RP876: 6/15/2011 2:22:39 PM - Removed Microsoft ActiveSync

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Adobe Shockwave Player 11.5

Agere Systems PCI-SV92EX Soft Modem

Apple Application Support

Apple Software Update

ArcSoft VideoImpression 2

Belarc Advisor 8.1

Carbonite

CCleaner

ChillVision 05.2009

ChillVision 1.0

ChillVision 20.02.07

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite

CyberLink Power2Go

eMachines Games

Epson CreativeZone

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 840 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.3

ESET Online Scanner v3

Gadwin PrintScreen

GearDrvs

Google Chrome

Google Earth Plug-in

Google Update Helper

Guild Wars

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Java Auto Updater

Java 6 Update 24

Java 6 Update 5

LightScribe 1.4.142.1

Logitech Audio Echo Cancellation Component

Logitech Vid HD

Logitech Video Enumerator

Logitech Webcam Software

Logitech Webcam Software Driver Package

Logitech

Link to post
Share on other sites

  • Staff

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    yontoo
    :filefind
    yontoo


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Hello, Thank you for your continued support. Here is the result of SystemLook:

SystemLook 04.09.10 by jpshortstuff

Log created at 10:15 on 22/06/2011 by Sheila Malcolm

Administrator - Elevation successful

========== regfind ==========

Searching for "yontoo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]

@="YontooIEClient"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]

@="C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]

@="Yontoo Layers Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]

@="C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]

@="YontooIEClient.Api.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]

@="YontooIEClient.Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

@="Yontoo Layers"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32]

@="C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID]

@="YontooIEClient.Layers.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID]

@="YontooIEClient.Layers"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]

@="YontooIEClient 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]

@="C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]

@="C:\Program Files\Yontoo Layers Client for Internet Explorer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

@="Yontoo Layers"

========== filefind ==========

Searching for "yontoo"

No files found.

-= EOF =-

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Folder::
c:\program files\yontoo layers client for internet explorer
KILLALL::
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Hello and thank you for your continued support.

Here is the new DDS result:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Sheila Malcolm at 2:56:02 on 2011-06-26

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.996 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110530183526.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

uRun: [Power2GoExpress] NA

uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe

uRun: [cdloader] "c:\documents and settings\sheila malcolm\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [VMpTtray.exe] c:\program files\sony\vaio media plus\VMpTtray.exe

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\documents and settings\sheila malcolm\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{232A46F5-0941-4847-955E-47909183CC03} : DhcpNameServer = 207.69.188.186 207.69.188.187

TCP: Interfaces\{B5EFBCCE-2DE3-4D69-94EC-706E53302BDC} : NameServer = 204.194.232.200,204.194.234.200

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-22 89368]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-7 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-27 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-22 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-22 165000]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-22 159832]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-22 148520]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]

R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2010-10-6 103712]

R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2010-10-6 353568]

R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2010-10-6 62752]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-2-13 5188968]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-22 57432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-7 22712]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-27 179248]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-22 337912]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-22 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-27 59288]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-22 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-22 85984]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-27 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-27 40552]

S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [2008-12-27 17648]

S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [2008-12-27 69744]

.

=============== Created Last 30 ================

.

2011-06-20 16:12:31 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-20 16:12:31 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-15 21:12:51 -------- d-----w- c:\program files\ESET

2011-06-15 16:19:33 -------- d-----w- c:\program files\AnswersThatWork

2011-06-13 08:45:30 -------- d-sha-r- C:\cmdcons

2011-06-13 08:41:09 98816 ----a-w- c:\windows\sed.exe

2011-06-13 08:41:09 518144 ----a-w- c:\windows\SWREG.exe

2011-06-13 08:41:09 256512 ----a-w- c:\windows\PEV.exe

2011-06-13 08:41:09 208896 ----a-w- c:\windows\MBR.exe

2011-06-08 07:53:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 17:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-05-30 23:35:27 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

.

==================== Find3M ====================

.

2011-06-20 17:12:34 720896 ----a-w- c:\windows\iun6002.exe

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 15:11:12 11081728 ----a-w- c:\windows\system32\ieframe(2).dll

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-24 13:53:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 2:56:54.96 ===============

New combofix result attached to accomodate post length requirements.

Blocking messages continue to display. Please advise.

00:18:21 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

00:18:23 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

00:18:24 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

01:47:04 Sheila Malcolm MESSAGE Protection started successfully

01:47:15 Sheila Malcolm MESSAGE IP Protection started successfully

01:47:23 Sheila Malcolm MESSAGE IP Protection stopped

01:47:26 Sheila Malcolm MESSAGE Scheduled update executed successfully

01:47:38 Sheila Malcolm MESSAGE Database updated successfully

01:47:48 Sheila Malcolm MESSAGE IP Protection started successfully

01:58:59 Sheila Malcolm MESSAGE IP Protection stopped

02:36:42 Sheila Malcolm MESSAGE Protection started successfully

02:36:51 Sheila Malcolm MESSAGE IP Protection started successfully

02:36:51 Sheila Malcolm MESSAGE IP Protection stopped

02:47:42 Sheila Malcolm MESSAGE Protection started successfully

02:48:02 Sheila Malcolm MESSAGE IP Protection started successfully

02:48:31 Sheila Malcolm MESSAGE IP Protection stopped

03:00:51 Sheila Malcolm MESSAGE Protection started successfully

03:01:03 Sheila Malcolm MESSAGE IP Protection started successfully

03:09:42 Sheila Malcolm IP-BLOCK 60.173.10.27 (Type: outgoing)

03:09:44 Sheila Malcolm IP-BLOCK 60.173.10.27 (Type: outgoing)

03:09:45 Sheila Malcolm IP-BLOCK 60.173.10.27 (Type: outgoing)

03:18:49 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

03:18:51 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

03:18:52 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

ComboFix.txt

Link to post
Share on other sites

Hello and thank you for your continued support.

There are actually six. Here they are:

19:09:34 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

20:05:07 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

20:06:52 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

21:50:51 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

20:53:44 Sheila Malcolm IP-BLOCK 60.173.10.27 (Type: outgoing)

11:09:28 Sheila Malcolm IP-BLOCK 60.173.11.56 (Type: outgoing)

This was after the computer was rebooted and just left on. These adresses were added to the block list in the McAfee software, rebooted again, but blocking messages continue to display. In further research of the McAfee support forum, a similar problem was "resolved". Here is the problem and solution solution:

Problem: My inquiry concerns an odd discrepancy between what McAfee's Firewall Log (for INCOMING events) is recording and what Malwarebytes Pro is showing for the exact same IP address and time the event occurred. (I just acquired MWB Pro yesterday).

At intermittent times throughout the day, MWB Pro will display a dialog box over the Taskbar stating it has blocked a particular IP address and lists the type as OUTGOING.. When I check the McAfee Firewall INCOMING events log, it shows the exact same IP address and time the block occurred as the MWB does. The only difference is McAfee records the event type as an INCOMING, whereas MWB records it as OUTGOING.

*Please note: the particular IP addresses involved (locations are in mainland China) have been repeatedly logged by McAfee's Firewall every day for the past 3 years (in the INCOMING event log)...even when I had 2 different computers than the one I have now.

Solution: Which is correct? I don't know. But you're quite likely to get some odd occurrences if you're running both McAfee and the always-on real-time version of Malwarebytes. McAfee classes Malwarebytes Pro as an incompatible application, although the on-demand scanner presents no problems.

Now for the guesswork. If the IP addresses are in China, it's incoming - UNLESS you've got some malware on your system that is trying to call home to China for instructions. Most likely the MWB "outgoing" message is a mistake. What you should do is open up your firewall settings and specifically add those IP addresses to the Blocked list. That should remove the problem at source.

Could this incompatibility between McAfee and MWB be the problem? The outgoing events posted here are also listed as incoming McAfee events log as well, although the claim of attempted access for three year can not be confirmed. Please advise.

albey

Link to post
Share on other sites

Hello and thank you for your continued support.

I'm not sure which files are to be excluded. Could you provide me with this list of files? The IP's identified by mwb were added to mcafee's block list but not sure about excluding which files and using what software though. Please advise.

albey

Link to post
Share on other sites

  • Staff

Hi,

McAfee Total Protection 2011

Set Exclusions for Malwarebytes' Anti-Malware in McAfee Total Protection 2011 on 32 bit Windows Versions:

  1. Open McAfee and click on Navigation in the upper right hand corner.
  2. Click on Firewall located under Features.
  3. Click on Program Permissions and wait for the list to populate.
  4. Click the Add button and then click browser.
  5. Add the following files to the firewall with full access:
    • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[*]Click OK

[*]Close the McAfee main window and restart your computer.

Set Exclusions for Malwarebytes' Anti-Malware in McAfee Total Protection 2011 on 64 bit Windows Versions:

  1. Open McAfee and click on Navigation in the upper right hand corner.
  2. Click on Firewall located under Features.
  3. Click on Program Permissions and wait for the list to populate.
  4. Click the Add button and then click browser.
  5. Add the following files to the firewall with full access:
    • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

[*]Click OK

[*]Close the McAfee main window and restart your computer.

Set Exclusions for McAfee Total Protection 2011 in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on McAfee and click OK.
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on McAfee.com and click OK.
    Note: For 64 bit Windows versions this will be C:\Program Files (x86)
  • Close Malwarebytes' Anti-Malware

Link to post
Share on other sites

Hello and thank you for your continued support,

Mbam and mbamservice were already in the list as stated by McAfee when attempting to add the programs. This was under a tab labeled "Internet Connections For Programs". Once the list built, each listed program could be selected for editing. Editing consisted of access level (full, outgoing, or block)and Net Guard status (on or off). Both mbam and mbamservice are configured with full access and Net Guard on.

Both folders McAfee.com and McAfee have been added to the Ignore List tab in mbam. The computer was then restarted however the outgoing block messages from mbam still appear. Here is a copy of the protection log after the last restart:

17:27:07 Sheila Malcolm MESSAGE Protection started successfully

17:27:23 Sheila Malcolm MESSAGE IP Protection started successfully

17:43:14 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

17:43:15 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

18:14:00 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

18:14:02 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

19:05:08 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

19:05:10 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

19:13:48 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

19:13:49 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

19:23:21 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

19:23:22 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

19:59:51 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

19:59:52 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

21:03:35 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

21:03:36 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

21:45:50 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

21:45:51 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

22:43:33 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

22:43:35 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

22:53:24 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

22:53:25 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

23:15:11 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

23:15:13 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

Please advise as how to proceed. Thank you,

albey

Link to post
Share on other sites

  • Staff

Hi,

Click Start--> Run and type in msconfig.exe

Click the Startup tab, then click Disable all...

Click the checkmark only next to the two Malwarebytes entries.

Click OK.

Restart your computer and use it normally for a bit, and let me know if the blocks persist. If not, that means one or more of your items running on startup are to blame. If the problem still persists, we will attempt other avenues of troubleshooting.

Let me know how it goes.

-screen317

Link to post
Share on other sites

Hello and thank you for your continued support,

The list displayed by msconfig.exe contained only one mbam reference from what I could determine. The list also contained an entry labeled "NA" which might be a replacement for the missing second mbam reference.(?) An appended list has been attached. Please advise on how proceed.

mscfg123-1.gif

Thank you,

albey

Link to post
Share on other sites

Hello and thank ou for your continuing support,

After the reboot, the msconfig startup tab looks like this:

cfgwcomb.gif

and the mbam protection log like this:

00:38:03 Sheila Malcolm MESSAGE Scheduled update executed successfully

00:38:05 Sheila Malcolm MESSAGE IP Protection stopped

00:39:04 Sheila Malcolm MESSAGE Database updated successfully

00:39:11 Sheila Malcolm MESSAGE IP Protection started successfully

00:39:59 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

00:40:01 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

01:58:43 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

01:58:44 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

02:20:28 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

02:20:29 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

03:02:46 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

03:02:47 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

03:18:51 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

03:18:53 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

03:54:10 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

03:54:12 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

04:14:41 Sheila Malcolm MESSAGE Protection started successfully

04:14:58 Sheila Malcolm MESSAGE IP Protection started successfully

04:58:06 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

04:58:07 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

05:35:08 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

05:35:10 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

05:41:13 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

05:41:15 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

05:58:45 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

05:58:47 Sheila Malcolm IP-BLOCK 58.218.199.227 (Type: outgoing)

06:28:41 Sheila Malcolm MESSAGE Protection started successfully

06:29:21 Sheila Malcolm MESSAGE IP Protection started successfully

06:53:12 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

06:53:14 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

07:22:09 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

07:22:10 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

08:48:52 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

08:48:53 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

08:56:16 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

08:56:18 Sheila Malcolm IP-BLOCK 58.218.199.250 (Type: outgoing)

09:02:28 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

09:02:30 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

10:43:07 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

10:43:09 Sheila Malcolm IP-BLOCK 221.192.199.49 (Type: outgoing)

10:44:14 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

10:44:15 Sheila Malcolm IP-BLOCK 58.218.199.147 (Type: outgoing)

Please advise as how to proceed, Thank you,

albey

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.