So, I'm actually OK then???

[8itall]

I looked in the Startup tab of msconfig and found mynabyoo.exe . After going through a lot of confusing web pages here's what I think is going on. Can anyone confirm?

- I got the file from download.com (100% Malware Free?). It is still listed at:
http://download.cnet.com/my-nabyoo/3000-27064_4-10437169.html

- A bunch of sloppy and/or unscrupulous anti-spyware developers think that the keylogger part of the above parental control software is actually malware. FYI, some of these include at least one real MS Partner and I won't even list the fake one:
http://www.paretologic.com/resources/definitions.aspx?remove=MyNabyoo
http://www.emsisoft.com/en/malware/?Adware.Win32.MyNabyoo

So I installed Pareto Logic's free malware scanner and all it found were some cookies (not mynabyoo.exe). The scanner (xoftspyse.exe) is still showing up in msconfig. Am I OK? Please check if there is anything else going wrong. THANKS!!!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 9:33:05 on 2012-02-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.197 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BHO_FILTER.BHO: {30734902-59aa-4c00-8df2-a757d87aa59e} - c:\windows\system32\FLTMN.DLL
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: IECatcher Class: {b930ba63-9e5a-11d3-a288-0000e80e2ede} - c:\program files\mass downloader\MDHELPER.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Bonjour: {9999a076-a9e2-4c99-8a2b-632fc9429223} - c:\program files\bonjour\ExplorerPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [E2A6CA641BD771C06D3776C293639FEB79099F12._service_run] "c:\documents and settings\owner\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Atray] atray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM -hidesplash
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Service Host] "c:\windows\system32\msnbios\mynabyoo.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\google~1.lnk - c:\documents and settings\owner\local settings\application data\google\chrome\application\chrome.exe
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
Trusted Zone: download.com\www
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D5A43111-9226-4DC2-A3B9-F3F338DC6B21} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 21512]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R1 NEOFLTR_610_13103;Juniper Networks TDI Filter Driver (NEOFLTR_610_13103);c:\windows\system32\drivers\NEOFLTR_610_13103.sys [2008-5-6 64160]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\a311.sys [2005-8-12 31799]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\a310.sys [2005-8-12 33335]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-12-28 36928]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2005-9-16 55808]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-12-19 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-12-19 73856]
S3 TCFilter;TCFilter;c:\windows\system32\drivers\tcfilter.sys --> c:\windows\system32\drivers\tcfilter.sys [?]
.
=============== Created Last 30 ================
.
2041-06-16 02:30:56 -------- dc----w- c:\documents and settings\all users\application data\AT&T
2012-02-18 04:18:59 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-18 04:18:59 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-18 01:44:11 -------- dc----w- c:\documents and settings\all users\application data\XoftSpySE
2012-02-18 01:17:39 6557240 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{534f5e2c-13ed-45e1-be98-7c095fe3901d}\mpengine.dll
2012-02-04 18:55:05 -------- d-----w- c:\documents and settings\owner\application data\Dropbox
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 18:06:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.

--------------------------------------------

Edit
Here's essentially the same post I left last Saturday. I tried to clean it up a bit.

After going through a lot of confusing web pages here's what I think is going on. Can anyone confirm?

- I got the mynabyoo.exe file as part of a parental control program from download.com (100% Malware Free?). I didn't like the software and uninstalled it about 2 years ago (it is still listed at:
http://download.cnet.com/my-nabyoo/3...-10437169.html)

- Last week, I looked in the Startup tab of msconfig and found mynabyoo.exe . I tried to investigate on the web.

- A bunch of sloppy and/or unscrupulous anti-spyware developers think that the keylogger part of the above parental control software is actually malware. FYI, some of these include at least one real MS Partner and I won't even list the fake one:
http://www.paretologic.com/resources...emove=MyNabyoo
http://www.emsisoft.com/en/malware/?...Win32.MyNabyoo

- So I installed Pareto Logic's free malware scanner and all it found were some cookies (not mynabyoo.exe). The scanner (xoftspyse.exe) is still showing up in msconfig.

So, am I OK? Please check if there is anything else going wrong. THANKS!!!


.
============= FINISH: 9:36:18.94 ===============

[shelf life]

Different vendors may flag this type of software and its capabilities, ie: keylogging, URL blocking, IM capturing, screenshots, site history etc. as malware. You probably could add a exception to it in your AV.

[8itall]

Thanks but, you seem to be repeating what I said above, or is otherwise obvious. Did you see anything in my log that was troubling? I do really appreciate your time.

[shelf life]

Can anyone confirm?

I was confirming the discrepancies between the different malware apps.

Log looks ok. A visit here may be helpful.