Jump to content

Recommended Posts

Hi,

I was infected by something when i was surfing through an unsecured wifi network at a hotel.

I have Mcafee VirusScan, malwarebytes and superspyware installed.

malwarebytes keeps on giving

IP-BLOCK 178.238.233.155 (Type: outgoing) kind of notifications.

The scan is clean for all the above software. I feared that there is a rootkit and i installed a bunch of other software.

Unhackme software helped removed some malwares but still i keep on getting the ip block outgoing type notification by mawarebytes.

But,

When i scan with mcafee it posts below message,

The On-Demand Scan found alterations to code or data which may indicate that a rootkit is attempting to hide files, registry keys, processes or other items. If this scan fails to find anything then the computer should be scanned with McAfee PreScan or booted into Safe Mode and this scan run again.

Mcafee, does not fine anything even in safe mode.

Your help will be really appreciated.

attach.txt

dds.txt

Link to post
Share on other sites

start of the DDS.txt copy-paste

=====================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by test at 22:23:04 on 2012-01-14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1074 [GMT -8:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\UnHackMe\hackmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.in/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070326

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [unHackMe Monitor] c:\program files\unhackme\hackmon.exe

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.aajtak.com/wfplayer/tdserver.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img4.orkut.com/activex/10036/photouploader.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.idesitv.com/livetv.ocx

DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3923DBB3-0D5A-47FB-A120-91F9ED0FBFAC} : DhcpNameServer = 192.168.1.1

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\test\application data\mozilla\firefox\profiles\4jl7amjt.default\

FF - plugin: c:\documents and settings\biren\application data\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\documents and settings\test\application data\mozilla\plugins\npatgpc.dll

FF - plugin: c:\documents and settings\test\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\test\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\test\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\documents and settings\test\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\meadco~1\npmeadax.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-1-14 42672]

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-19 652872]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-30 104000]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-1-24 144704]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-1-24 54608]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-1-14 439632]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-9-15 73216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-19 20464]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-30 72936]

R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-30 33960]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-30 171400]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-3 136176]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-26 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-3 136176]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-1-12 24416]

.

=============== Created Last 30 ================

.

2012-01-15 05:18:05 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-15 05:01:07 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2012-01-15 04:41:17 -------- d-----w- c:\program files\WinPcap

2012-01-15 04:40:42 -------- d-----w- c:\program files\Trend Micro

2012-01-13 05:57:39 -------- d-----w- c:\windows\RestoreSafeDeleted

2012-01-13 05:45:15 -------- d-----w- C:\BackSys

2012-01-13 05:23:45 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2012-01-13 04:58:18 39192 ----a-w- c:\windows\system32\Partizan.exe

2012-01-13 04:58:18 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2012-01-13 04:58:11 2 --shatr- c:\windows\winstart.bat

2012-01-13 04:58:05 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2012-01-13 04:57:59 -------- d-----w- c:\program files\UnHackMe

2012-01-04 06:00:32 -------- d-----w- c:\documents and settings\test\application data\SUPERAntiSpyware.com

2011-12-28 07:43:53 -------- d-----w- c:\documents and settings\test\application data\DDMSettings

2011-12-28 07:14:19 -------- d-----w- c:\program files\DivX

2011-12-20 02:07:18 -------- d-----w- c:\documents and settings\test\application data\webex

.

==================== Find3M ====================

.

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 23:56:29 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-12-03 09:02:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-29 02:28:28 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys

2011-11-29 02:28:28 133616 ------w- c:\windows\system32\pxafs.dll

2011-11-29 02:28:28 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-11-29 02:28:28 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A68949F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a690738]; MOV EAX, [0x8a6908ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7C0AB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007a[0x8A7B6F18]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A7C3940]

\Driver\atapi[0x8A7BF2E8] -> IRP_MJ_CREATE -> 0x8A68949F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A6892C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 22:28:25.07 ===============

Start of the log for Attach.txt

========================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 4/2/2007 3:33:01 PM

System Uptime: 1/14/2012 9:50:19 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0XD720

Processor: Intel® Core2 CPU T5200 @ 1.60GHz | Microprocessor | 1595/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 107 GiB total, 7.055 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ROOT\MEDIA\0000

Manufacturer:

Name:

PNP Device ID: ROOT\MEDIA\0000

Service:

.

Class GUID:

Description:

Device ID: ROOT\MEDIA\0002

Manufacturer:

Name:

PNP Device ID: ROOT\MEDIA\0002

Service:

.

==== System Restore Points ===================

.

RP1: 1/12/2012 10:00:53 PM - System Checkpoint

RP2: 1/12/2012 10:01:26 PM - RegRun Virus Scan

RP3: 1/12/2012 10:06:03 PM - RegRun Virus Scan

RP4: 1/12/2012 10:54:31 PM - RegRun Virus Scan

RP5: 1/14/2012 7:52:43 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader X (10.1.1)

Adobe Shockwave Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BEA Products

BEA Products (BEAHOME 1)

BEA WebLogic Platform 8.1

BitTorrent

Bonjour

Broadcom Management Programs

Canon Camera Access Library

Canon Camera Support Core Library

Canon G.726 WMP-Decoder

CCleaner

Citrix Presentation Server Client - Web Only

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

Critical Update for Windows Media Player 11 (KB959772)

Dell Support 3.2.1

Dell System Restore

Dell Wireless WLAN Card

Digital Content Portal

Digital Line Detect

DivX Setup

EditPlus 2

Facebook Video Calling 1.0.0.8953

getPlus®_ocx

Google Chrome

Google Desktop

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Huawei Access Manager

iTunes

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_14

Java 2 SDK, SE v1.4.2_14

Java Auto Updater

Java 6 Update 20

Kundli - 2002 (053)

Malwarebytes Anti-Malware version 1.60.0.1800

McAfee VirusScan Enterprise

MCU

MediaDirect

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Live Image Uploader

Microsoft Office Professional Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MobileMe Control Panel

Modem Helper

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

NVIDIA Drivers

ooVoo

OutlookAddinSetup

Photo Viewer

Picasa 3

Qualxserve Service Agreement

QuickSet

QuickTime

RealPlayer

Safari

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype™ 5.5

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

Tata Photon+

TBS WMP Plug-in

TeamViewer 6

TeamViewer 7

Trend Micro RUBotted 2.0 Beta

UnHackMe 5.99 release

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

VC80CRTRedist - 8.0.50727.6195

Veoh Web Player

WD Diagnostics

WebEx

WebFldrs XP

WIDCOMM Bluetooth Software

Windows Defender

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 4.1.1

WinRAR archiver

WordWeb

Yahoo! Browser Services

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

1/9/2012 9:50:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

1/8/2012 8:56:36 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s).

1/14/2012 9:47:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.

1/14/2012 9:26:09 PM, error: System Error [1003] - Error code 1000000a, parameter1 90fd6eaa, parameter2 00000002, parameter3 00000000, parameter4 804e3120.

1/13/2012 10:44:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

1/13/2012 10:44:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.

1/12/2012 10:04:52 PM, error: Service Control Manager [7034] - The HWDeviceService.exe service terminated unexpectedly. It has done this 1 time(s).

1/11/2012 9:22:16 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

1/11/2012 9:20:38 AM, error: Service Control Manager [7023] - The Network ProService service terminated with the following error: The specified module could not be found.

1/11/2012 9:06:39 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s).

1/11/2012 8:37:23 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

1/11/2012 8:37:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

1/11/2012 8:37:23 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/11/2012 8:32:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/10/2012 8:57:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

1/10/2012 8:57:22 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/10/2012 8:56:18 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

1/10/2012 11:37:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Start of malwarebytes protection log

===============================

2012/01/14 09:10:17 -0800 BIREN-LAPTOP MESSAGE Starting protection

2012/01/14 09:10:49 -0800 BIREN-LAPTOP test MESSAGE Protection started successfully

2012/01/14 09:10:52 -0800 BIREN-LAPTOP test MESSAGE Starting IP protection

2012/01/14 09:11:09 -0800 BIREN-LAPTOP test MESSAGE IP Protection started successfully

2012/01/14 16:02:16 -0800 BIREN-LAPTOP test MESSAGE Starting protection

2012/01/14 16:02:36 -0800 BIREN-LAPTOP test MESSAGE Protection started successfully

2012/01/14 16:02:39 -0800 BIREN-LAPTOP test MESSAGE Starting IP protection

2012/01/14 16:02:59 -0800 BIREN-LAPTOP test MESSAGE IP Protection started successfully

2012/01/14 16:04:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/14 16:04:54 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/14 16:04:57 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

----there are more ipbloc which i am not including to save space.

Thanks

Suraj

Link to post
Share on other sites

Hello,

I was infected by some kind of rootkit which is very hard to reveal, i have download atleast 5-6 rootkit remover like superantispyware, malwarebytes, unhijakme, Rubotted,....

i found following issue while scanning with GMER. the problem is that, each malware/trojan/rootkit remover identifies something, cleans it, but still malwarebytes keep giving outgoing ip block notifications. i have pasted dds.txt, attach.txt and malwarebytes log in this message

following is the message GMER gave me

\Device\Harddisk0\DR0 tdl4@mbr code has been found

sector 00: rootkit like behaviour

But malwarebytes scan shows clean, and mccafee scan provides following message:

"The On-Demand Scan found alterations to code or data which may indicate that a rootkit is attempting to hide files, registry keys, processes or other items. If this scan fails to find anything then the computer should be scanned with McAfee PreScan or booted into Safe Mode and this scan run again."

here is my dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by test at 22:23:04 on 2012-01-14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1074 [GMT -8:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\UnHackMe\hackmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.in/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070326

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [unHackMe Monitor] c:\program files\unhackme\hackmon.exe

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.aajtak.com/wfplayer/tdserver.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img4.orkut.com/activex/10036/photouploader.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.idesitv.com/livetv.ocx

DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3923DBB3-0D5A-47FB-A120-91F9ED0FBFAC} : DhcpNameServer = 192.168.1.1

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\test\application data\mozilla\firefox\profiles\4jl7amjt.default\

FF - plugin: c:\documents and settings\biren\application data\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\documents and settings\test\application data\mozilla\plugins\npatgpc.dll

FF - plugin: c:\documents and settings\test\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\test\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\test\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\documents and settings\test\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\meadco~1\npmeadax.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-1-14 42672]

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-19 652872]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-30 104000]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-1-24 144704]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-1-24 54608]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-1-14 439632]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-9-15 73216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-19 20464]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-30 72936]

R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-30 33960]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-30 171400]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-3 136176]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-26 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-3 136176]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-1-12 24416]

.

=============== Created Last 30 ================

.

2012-01-15 05:18:05 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-15 05:01:07 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2012-01-15 04:41:17 -------- d-----w- c:\program files\WinPcap

2012-01-15 04:40:42 -------- d-----w- c:\program files\Trend Micro

2012-01-13 05:57:39 -------- d-----w- c:\windows\RestoreSafeDeleted

2012-01-13 05:45:15 -------- d-----w- C:\BackSys

2012-01-13 05:23:45 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2012-01-13 04:58:18 39192 ----a-w- c:\windows\system32\Partizan.exe

2012-01-13 04:58:18 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2012-01-13 04:58:11 2 --shatr- c:\windows\winstart.bat

2012-01-13 04:58:05 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2012-01-13 04:57:59 -------- d-----w- c:\program files\UnHackMe

2012-01-04 06:00:32 -------- d-----w- c:\documents and settings\test\application data\SUPERAntiSpyware.com

2011-12-28 07:43:53 -------- d-----w- c:\documents and settings\test\application data\DDMSettings

2011-12-28 07:14:19 -------- d-----w- c:\program files\DivX

2011-12-20 02:07:18 -------- d-----w- c:\documents and settings\test\application data\webex

.

==================== Find3M ====================

.

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 23:56:29 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-12-03 09:02:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-29 02:28:28 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys

2011-11-29 02:28:28 133616 ------w- c:\windows\system32\pxafs.dll

2011-11-29 02:28:28 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-11-29 02:28:28 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A68949F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a690738]; MOV EAX, [0x8a6908ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7C0AB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007a[0x8A7B6F18]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A7C3940]

\Driver\atapi[0x8A7BF2E8] -> IRP_MJ_CREATE -> 0x8A68949F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A6892C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 22:28:25.07 ===============

here is my attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 4/2/2007 3:33:01 PM

System Uptime: 1/14/2012 9:50:19 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0XD720

Processor: Intel® Core2 CPU T5200 @ 1.60GHz | Microprocessor | 1595/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 107 GiB total, 7.055 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ROOT\MEDIA\0000

Manufacturer:

Name:

PNP Device ID: ROOT\MEDIA\0000

Service:

.

Class GUID:

Description:

Device ID: ROOT\MEDIA\0002

Manufacturer:

Name:

PNP Device ID: ROOT\MEDIA\0002

Service:

.

==== System Restore Points ===================

.

RP1: 1/12/2012 10:00:53 PM - System Checkpoint

RP2: 1/12/2012 10:01:26 PM - RegRun Virus Scan

RP3: 1/12/2012 10:06:03 PM - RegRun Virus Scan

RP4: 1/12/2012 10:54:31 PM - RegRun Virus Scan

RP5: 1/14/2012 7:52:43 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader X (10.1.1)

Adobe Shockwave Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BEA Products

BEA Products (BEAHOME 1)

BEA WebLogic Platform 8.1

BitTorrent

Bonjour

Broadcom Management Programs

Canon Camera Access Library

Canon Camera Support Core Library

Canon G.726 WMP-Decoder

CCleaner

Citrix Presentation Server Client - Web Only

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

Critical Update for Windows Media Player 11 (KB959772)

Dell Support 3.2.1

Dell System Restore

Dell Wireless WLAN Card

Digital Content Portal

Digital Line Detect

DivX Setup

EditPlus 2

Facebook Video Calling 1.0.0.8953

getPlus®_ocx

Google Chrome

Google Desktop

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Huawei Access Manager

iTunes

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_14

Java 2 SDK, SE v1.4.2_14

Java Auto Updater

Java 6 Update 20

Kundli - 2002 (053)

Malwarebytes Anti-Malware version 1.60.0.1800

McAfee VirusScan Enterprise

MCU

MediaDirect

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Live Image Uploader

Microsoft Office Professional Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MobileMe Control Panel

Modem Helper

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

NVIDIA Drivers

ooVoo

OutlookAddinSetup

Photo Viewer

Picasa 3

Qualxserve Service Agreement

QuickSet

QuickTime

RealPlayer

Safari

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype™ 5.5

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

Tata Photon+

TBS WMP Plug-in

TeamViewer 6

TeamViewer 7

Trend Micro RUBotted 2.0 Beta

UnHackMe 5.99 release

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

VC80CRTRedist - 8.0.50727.6195

Veoh Web Player

WD Diagnostics

WebEx

WebFldrs XP

WIDCOMM Bluetooth Software

Windows Defender

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 4.1.1

WinRAR archiver

WordWeb

Yahoo! Browser Services

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

1/9/2012 9:50:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

1/8/2012 8:56:36 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s).

1/14/2012 9:47:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.

1/14/2012 9:26:09 PM, error: System Error [1003] - Error code 1000000a, parameter1 90fd6eaa, parameter2 00000002, parameter3 00000000, parameter4 804e3120.

1/13/2012 10:44:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

1/13/2012 10:44:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.

1/12/2012 10:04:52 PM, error: Service Control Manager [7034] - The HWDeviceService.exe service terminated unexpectedly. It has done this 1 time(s).

1/11/2012 9:22:16 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

1/11/2012 9:20:38 AM, error: Service Control Manager [7023] - The Network ProService service terminated with the following error: The specified module could not be found.

1/11/2012 9:06:39 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s).

1/11/2012 8:37:23 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

1/11/2012 8:37:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

1/11/2012 8:37:23 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/11/2012 8:32:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/10/2012 8:57:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

1/10/2012 8:57:22 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/10/2012 8:56:18 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

1/10/2012 11:37:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 11:37:06 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

here is malwarebytes log file snippet

===================================

2012/01/15 00:00:02 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:00:08 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:00:20 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:00:23 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:00:29 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:01:41 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:01:44 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:01:50 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:02:02 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:02:05 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:02:11 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:03:23 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:03:26 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:03:32 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:03:44 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:03:47 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:03:53 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:05:05 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:05:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:05:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:05:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:05:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:05:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:06:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:06:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:06:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:07:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:07:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:07:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:08:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:08:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:08:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:08:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:08:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:08:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:10:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:10:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:10:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:10:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:10:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:10:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:11:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:11:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:12:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:12:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:12:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:12:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:13:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:13:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:13:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:13:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:13:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:14:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:15:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:15:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:15:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:15:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:15:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:15:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:16:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:17:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:17:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:17:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:17:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:17:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:18:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:18:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:18:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:19:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:19:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:19:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:20:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:20:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:20:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:20:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:20:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:20:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:22:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:22:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:22:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:22:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:22:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:22:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:23:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:23:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:23:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:24:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:24:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:24:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:25:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:25:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:25:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:25:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:25:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:25:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:27:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:27:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:27:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:27:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:27:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:27:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:28:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:28:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:29:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:29:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:29:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:29:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:30:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:30:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:30:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:30:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:30:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:31:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:32:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:32:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:32:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:32:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:32:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:32:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:33:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:34:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:34:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:34:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:34:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:34:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:35:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:35:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:35:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:36:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:36:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:36:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:37:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:37:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:37:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:37:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:37:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:37:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:39:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:39:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:39:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:39:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:39:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:39:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:40:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:40:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:40:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:41:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:41:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:41:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:42:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:42:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:42:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:42:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:42:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:42:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:44:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:44:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:44:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:44:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:44:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:44:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:45:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:45:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:46:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:46:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:46:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:46:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:47:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:47:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:47:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:47:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:47:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:48:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:49:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:49:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:49:24 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:49:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:49:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:49:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:50:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:51:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:51:06 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:51:10 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.151 (Type: outgoing)

2012/01/15 00:51:13 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.151 (Type: outgoing)

2012/01/15 00:51:19 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.151 (Type: outgoing)

2012/01/15 00:51:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:51:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:51:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:52:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:52:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:52:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:53:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:53:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:53:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:53:31 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.151 (Type: outgoing)

2012/01/15 00:53:34 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.151 (Type: outgoing)

2012/01/15 00:53:40 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.151 (Type: outgoing)

2012/01/15 00:54:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:54:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:54:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:54:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:54:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:54:51 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:55:52 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 00:55:55 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 00:56:01 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 00:56:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:56:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:56:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:56:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:56:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:56:33 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:57:46 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:57:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:57:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:58:07 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:58:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:58:13 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 00:58:15 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:58:22 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 00:59:28 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:59:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:59:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:59:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:59:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 00:59:57 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:00:34 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 01:00:37 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 01:00:43 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 01:01:10 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:01:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:01:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:01:31 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:01:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:01:40 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:02:52 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:02:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:03:01 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:03:13 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:03:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:03:22 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:04:34 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:04:37 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:04:43 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:04:55 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:04:58 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:05:04 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:06:16 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:06:19 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 01:06:25 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:14:57 -0800 BIREN-LAPTOP MESSAGE Starting protection

2012/01/15 09:15:31 -0800 BIREN-LAPTOP test MESSAGE Protection started successfully

2012/01/15 09:15:35 -0800 BIREN-LAPTOP test MESSAGE Starting IP protection

2012/01/15 09:15:39 -0800 BIREN-LAPTOP test MESSAGE IP Protection started successfully

2012/01/15 09:17:18 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:17:21 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:17:24 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.151 (Type: outgoing)

2012/01/15 09:17:33 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.151 (Type: outgoing)

2012/01/15 09:17:49 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:17:51 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:17:57 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:19:11 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:19:14 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:19:20 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:19:32 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:19:35 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:19:41 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:19:46 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 09:19:49 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 09:19:55 -0800 BIREN-LAPTOP test IP-BLOCK 141.136.16.152 (Type: outgoing)

2012/01/15 09:21:45 -0800 BIREN-LAPTOP test IP-BLOCK 178.238.233.155 (Type: outgoing)

2012/01/15 09:21:46 -0800 BIREN-LAPTOP test MESSAGE Stopping IP protection

2012/01/15 09:21:46 -0800 BIREN-LAPTOP test MESSAGE IP Protection stopped

2012/01/15 09:21:49 -0800 BIREN-LAPTOP test MESSAGE Starting database refresh

2012/01/15 09:21:55 -0800 BIREN-LAPTOP test MESSAGE Database refreshed successfully

Link to post
Share on other sites

  • 1 month later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 1 month later...
  • 5 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.