Jump to content

smacn27076


Recommended Posts

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Steve at 18:44:59.26 on Sat 04/16/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1958 [GMT -7:00]

.

AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\iGive_Toolbar\igvtt.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Fisher-Price\Music Player\MP_Middleware.exe

C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\iGive_Toolbar\igvtp.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Steve\My Documents\Downloads\dds.pif

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.msn.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: iGive Toolbar: {fa73ae1b-4ba9-4e8b-832b-54a287ff1b7f} - c:\program files\igive_toolbar\igvtb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Conime] %windir%\system32\conime.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [igvtm] "c:\program files\igive_toolbar\igvtt.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Launch Kid-Touch Music Player Middleware] "c:\program files\fisher-price\music player\MP_Middleware.exe"

mRun: [FPPhotoMiddleWare] c:\program files\fisher-price\photo software\util\Fisher-Price Photo Software Middleware.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: iGive Toolbar - file://c:\documents and settings\steve\application data\igive_toolbar\igvtt\igvtC5.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: microsoft.com\www.update

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295804343375

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295804337281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-26 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-26 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-26 29584]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-26 243024]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-25 54752]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-7-10 8960]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-1-14 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-7-26 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-26 363344]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-4-14 88176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-26 20952]

S2 0130211302835273mcinstcleanup;McAfee Application Installer Cleanup (0130211302835273);c:\windows\temp\013021~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\013021~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S2 srv9C4;srv9C4;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-7-10 11264]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-7-10 16640]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-04-17 01:44:50 -------- d--h--w- c:\windows\PIF

2011-04-15 02:57:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-04-15 02:57:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-04-15 02:41:13 -------- d-----w- c:\program files\common files\McAfee

2011-04-15 02:41:07 -------- d-----w- c:\program files\McAfee

2011-04-05 03:05:57 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

2011-04-05 03:05:56 -------- d-----w- c:\program files\Belarc

2011-03-29 03:59:32 -------- d-----w- c:\program files\CCleaner

2011-03-29 03:58:41 -------- d-----w- c:\program files\VS Revo Group

2011-03-28 15:46:17 -------- d-----w- c:\docume~1\steve\applic~1\OfferBox

2011-03-28 15:46:13 -------- d-----w- c:\program files\OfferBox

2011-03-28 15:45:36 0 ----a-w- c:\windows\Lsasobogise.bin

2011-03-28 15:45:31 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\{BA4F3446-8D81-43B0-BDAB-3E33D90208EC}

2011-03-20 23:36:42 -------- d-----w- c:\docume~1\steve\applic~1\Fit3DLive

2011-03-20 02:47:36 -------- d-----w- c:\program files\iPod

2011-03-20 02:37:08 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-02-24 20:13:30 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-15 03:36:17 6275960 ----a-w- c:\program files\Silverlight.exe

2010-12-25 05:42:12 110914304 ----a-w- c:\program files\Fisher-Price_Digital_Camera_Photo_2.0.0.9.exe

2010-12-24 20:23:26 16553552 ----a-w- c:\program files\Fisher-Price Music Player Setup_v1.0.0.33.exe

2009-11-25 19:24:39 1146184 ----a-w- c:\program files\wlsetup-web.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3250310AS rev.4.ADA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AD07439]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ad0d7d0]; MOV EAX, [0x8ad0d84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AD63030]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006f[0x8AD21F18]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8ACB8940]

\Driver\atapi[0x8AD47030] -> IRP_MJ_CREATE -> 0x8AD07439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250310AS_____________________________4.ADA___#5&38708f67&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8AD0727F

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 18:46:32.53 ===============

GMER 1.0.15.15570 - http://www.gmer.net

Rootkit scan 2011-04-16 19:45:37

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3250310AS rev.4.ADA

Running: t38brysq.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\pwtdapod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8A60000, 0x18FFBC, 0xE8000020]

? C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A6000A

.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A7000A

.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A5000C

.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01F5000A

.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 01F6000A

.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 01F7000A

.text C:\WINDOWS\System32\svchost.exe[1332] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F3000A

.text C:\WINDOWS\Explorer.EXE[2508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0167000A

.text C:\WINDOWS\Explorer.EXE[2508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0168000A

.text C:\WINDOWS\Explorer.EXE[2508] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0166000C

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4364] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AD0727F

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AD0727F

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8AD0727F

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8AD0727F

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8AD0727F

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250310AS_____________________________4.ADA___#5&38708f67&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 9681

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82E36B62-F71E-4693-93AE-6DFFB308CC4B}@DhcpRetryTime 43191

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82E36B62-F71E-4693-93AE-6DFFB308CC4B}@DhcpRetryStatus 0

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

2011/04/17 17:10:53.0953 4288 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/17 17:10:54.0375 4288 ================================================================================

2011/04/17 17:10:54.0375 4288 SystemInfo:

2011/04/17 17:10:54.0375 4288

2011/04/17 17:10:54.0375 4288 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/17 17:10:54.0375 4288 Product type: Workstation

2011/04/17 17:10:54.0375 4288 ComputerName: OFFICE

2011/04/17 17:10:54.0375 4288 UserName: Steve

2011/04/17 17:10:54.0375 4288 Windows directory: C:\WINDOWS

2011/04/17 17:10:54.0375 4288 System windows directory: C:\WINDOWS

2011/04/17 17:10:54.0375 4288 Processor architecture: Intel x86

2011/04/17 17:10:54.0375 4288 Number of processors: 2

2011/04/17 17:10:54.0375 4288 Page size: 0x1000

2011/04/17 17:10:54.0375 4288 Boot type: Normal boot

2011/04/17 17:10:54.0375 4288 ================================================================================

2011/04/17 17:10:54.0609 4288 Initialize success

2011/04/17 17:11:08.0484 2820 ================================================================================

2011/04/17 17:11:08.0484 2820 Scan started

2011/04/17 17:11:08.0484 2820 Mode: Manual;

2011/04/17 17:11:08.0484 2820 ================================================================================

2011/04/17 17:11:08.0984 2820 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/04/17 17:11:09.0046 2820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/17 17:11:09.0093 2820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/17 17:11:09.0125 2820 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/04/17 17:11:09.0171 2820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/17 17:11:09.0234 2820 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/04/17 17:11:09.0265 2820 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/04/17 17:11:09.0281 2820 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/04/17 17:11:09.0296 2820 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/04/17 17:11:09.0312 2820 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/04/17 17:11:09.0328 2820 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/04/17 17:11:09.0359 2820 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/04/17 17:11:09.0390 2820 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/04/17 17:11:09.0390 2820 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/04/17 17:11:09.0421 2820 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/04/17 17:11:09.0453 2820 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/04/17 17:11:09.0468 2820 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/04/17 17:11:09.0500 2820 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/04/17 17:11:09.0515 2820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/17 17:11:09.0546 2820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/17 17:11:09.0687 2820 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/04/17 17:11:09.0765 2820 AtiHdmiService (eaece4a0d90d6e1fbe068cce9efd73a0) C:\WINDOWS\system32\drivers\AtiHdmi.sys

2011/04/17 17:11:09.0812 2820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/17 17:11:09.0843 2820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/17 17:11:09.0921 2820 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2011/04/17 17:11:09.0984 2820 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2011/04/17 17:11:10.0031 2820 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys

2011/04/17 17:11:10.0109 2820 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys

2011/04/17 17:11:10.0171 2820 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

2011/04/17 17:11:10.0234 2820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/17 17:11:10.0296 2820 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/04/17 17:11:10.0296 2820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/17 17:11:10.0343 2820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/17 17:11:10.0359 2820 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/04/17 17:11:10.0406 2820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/17 17:11:10.0421 2820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/17 17:11:10.0484 2820 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/17 17:11:10.0546 2820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/04/17 17:11:10.0593 2820 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/04/17 17:11:10.0625 2820 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/04/17 17:11:10.0640 2820 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/04/17 17:11:10.0703 2820 Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys

2011/04/17 17:11:10.0734 2820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/17 17:11:10.0765 2820 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

2011/04/17 17:11:10.0781 2820 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

2011/04/17 17:11:10.0796 2820 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/04/17 17:11:10.0812 2820 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

2011/04/17 17:11:10.0828 2820 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

2011/04/17 17:11:10.0843 2820 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

2011/04/17 17:11:10.0859 2820 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

2011/04/17 17:11:10.0859 2820 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/04/17 17:11:10.0875 2820 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

2011/04/17 17:11:10.0890 2820 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

2011/04/17 17:11:10.0937 2820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/17 17:11:10.0937 2820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/04/17 17:11:10.0953 2820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/17 17:11:11.0031 2820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/17 17:11:11.0078 2820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/04/17 17:11:11.0109 2820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/17 17:11:11.0171 2820 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/04/17 17:11:11.0187 2820 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/04/17 17:11:11.0250 2820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/17 17:11:11.0296 2820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/04/17 17:11:11.0343 2820 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/04/17 17:11:11.0375 2820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/17 17:11:11.0375 2820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/04/17 17:11:11.0437 2820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/04/17 17:11:11.0500 2820 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/04/17 17:11:11.0515 2820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/17 17:11:11.0593 2820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/17 17:11:11.0640 2820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/04/17 17:11:11.0671 2820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/17 17:11:11.0734 2820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/04/17 17:11:11.0765 2820 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/17 17:11:11.0812 2820 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/04/17 17:11:11.0828 2820 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/17 17:11:11.0875 2820 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/04/17 17:11:11.0890 2820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/04/17 17:11:11.0953 2820 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iaStor.sys

2011/04/17 17:11:12.0015 2820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/17 17:11:12.0078 2820 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/04/17 17:11:12.0218 2820 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/04/17 17:11:12.0265 2820 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/04/17 17:11:12.0312 2820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/17 17:11:12.0359 2820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/04/17 17:11:12.0375 2820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/17 17:11:12.0421 2820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/17 17:11:12.0453 2820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/17 17:11:12.0468 2820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/17 17:11:12.0515 2820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/17 17:11:12.0562 2820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/17 17:11:12.0578 2820 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\WINDOWS\system32\DRIVERS\jraid.sys

2011/04/17 17:11:12.0640 2820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/17 17:11:12.0640 2820 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/04/17 17:11:12.0671 2820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/17 17:11:12.0718 2820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/17 17:11:12.0796 2820 LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys

2011/04/17 17:11:12.0937 2820 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2011/04/17 17:11:12.0968 2820 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2011/04/17 17:11:13.0000 2820 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2011/04/17 17:11:13.0062 2820 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2011/04/17 17:11:13.0109 2820 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/04/17 17:11:13.0140 2820 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/04/17 17:11:13.0296 2820 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/04/17 17:11:13.0343 2820 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/04/17 17:11:13.0453 2820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/17 17:11:13.0515 2820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/17 17:11:13.0546 2820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/17 17:11:13.0609 2820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/17 17:11:13.0625 2820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/17 17:11:13.0656 2820 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/04/17 17:11:13.0671 2820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/17 17:11:13.0734 2820 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/17 17:11:13.0765 2820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/17 17:11:13.0812 2820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/17 17:11:13.0828 2820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/17 17:11:13.0843 2820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/17 17:11:13.0890 2820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/17 17:11:13.0937 2820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/17 17:11:13.0984 2820 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/17 17:11:14.0015 2820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/17 17:11:14.0062 2820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/17 17:11:14.0093 2820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/17 17:11:14.0125 2820 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/17 17:11:14.0140 2820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/17 17:11:14.0156 2820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/17 17:11:14.0203 2820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/17 17:11:14.0234 2820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/17 17:11:14.0234 2820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/17 17:11:14.0281 2820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/17 17:11:14.0343 2820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/17 17:11:14.0406 2820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/17 17:11:14.0437 2820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/17 17:11:14.0468 2820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/17 17:11:14.0500 2820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/04/17 17:11:14.0531 2820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/17 17:11:14.0562 2820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/17 17:11:14.0578 2820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/17 17:11:14.0656 2820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/17 17:11:14.0703 2820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/17 17:11:14.0843 2820 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/04/17 17:11:14.0890 2820 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/04/17 17:11:14.0968 2820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/17 17:11:14.0984 2820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/17 17:11:15.0000 2820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/17 17:11:15.0062 2820 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/17 17:11:15.0109 2820 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/04/17 17:11:15.0125 2820 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/04/17 17:11:15.0156 2820 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/04/17 17:11:15.0187 2820 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/04/17 17:11:15.0203 2820 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/04/17 17:11:15.0234 2820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/17 17:11:15.0250 2820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/17 17:11:15.0265 2820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/17 17:11:15.0281 2820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/17 17:11:15.0296 2820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/17 17:11:15.0312 2820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/17 17:11:15.0375 2820 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/17 17:11:15.0406 2820 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/17 17:11:15.0468 2820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/17 17:11:15.0546 2820 RTLE8023xp (20f8e21af426bf61881981452b3c3370) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/04/17 17:11:15.0593 2820 RTLVLAN (b9ca69921379ea2931c4450fe975bce7) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS

2011/04/17 17:11:15.0656 2820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/17 17:11:15.0718 2820 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/17 17:11:15.0734 2820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/17 17:11:15.0765 2820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/17 17:11:15.0906 2820 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/04/17 17:11:15.0968 2820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/17 17:11:16.0000 2820 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/04/17 17:11:16.0031 2820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/17 17:11:16.0093 2820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/17 17:11:16.0156 2820 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/17 17:11:16.0218 2820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/17 17:11:16.0265 2820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/17 17:11:16.0328 2820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/17 17:11:16.0375 2820 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/04/17 17:11:16.0390 2820 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/04/17 17:11:16.0406 2820 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/04/17 17:11:16.0437 2820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/04/17 17:11:16.0468 2820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/17 17:11:16.0531 2820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/17 17:11:16.0578 2820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/17 17:11:16.0593 2820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/17 17:11:16.0640 2820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/17 17:11:16.0687 2820 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/04/17 17:11:16.0718 2820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/17 17:11:16.0750 2820 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/04/17 17:11:16.0781 2820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/17 17:11:16.0843 2820 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/17 17:11:16.0875 2820 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/17 17:11:16.0921 2820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/17 17:11:16.0968 2820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/17 17:11:17.0031 2820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/17 17:11:17.0078 2820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/04/17 17:11:17.0125 2820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/17 17:11:17.0140 2820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/17 17:11:17.0187 2820 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/17 17:11:17.0218 2820 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/04/17 17:11:17.0265 2820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/17 17:11:17.0312 2820 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/04/17 17:11:17.0328 2820 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/04/17 17:11:17.0359 2820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/17 17:11:17.0437 2820 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys

2011/04/17 17:11:17.0453 2820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/17 17:11:17.0515 2820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/17 17:11:17.0625 2820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/17 17:11:17.0656 2820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/17 17:11:17.0671 2820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/17 17:11:17.0703 2820 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/04/17 17:11:17.0703 2820 ================================================================================

2011/04/17 17:11:17.0703 2820 Scan finished

2011/04/17 17:11:17.0703 2820 ================================================================================

2011/04/17 17:11:17.0718 7180 Detected object count: 1

2011/04/17 17:11:42.0109 7180 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/04/17 17:11:42.0109 7180 \HardDisk0 - ok

2011/04/17 17:11:42.0109 7180 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/04/17 17:12:04.0531 7256 Deinitialize success

As of now, I don't see any change in the performance of my computer, either better or worse than before I ran the scans. I am still getting IP-BLOCK (Type: outgoing) warnings from Malwarebytes, which is a symptom that has occurred only recently, and that I have been trying to eliminate for two weeks. I neglected to include my latest Malwarebytes scan log in my initial post. It is included here.

00:02:12 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

00:02:15 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

00:02:20 Steve MESSAGE Scheduled update executed successfully

00:02:20 Steve MESSAGE IP Protection stopped

00:02:23 Steve MESSAGE Scheduled scan executed successfully

00:02:25 Steve MESSAGE Database updated successfully

00:02:32 Steve MESSAGE IP Protection started successfully

00:20:47 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

00:20:50 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

00:20:56 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

00:27:45 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

00:27:45 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

00:27:48 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

00:27:48 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

00:27:54 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

00:27:54 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

00:28:06 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

00:28:09 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

00:28:15 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

00:50:47 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

00:50:50 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

00:50:56 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:50:56 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

00:50:59 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:50:59 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

00:51:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

00:51:05 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:51:08 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

01:00:11 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:14 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:17 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:17 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:00:20 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:20 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:00:20 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:26 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:26 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:00:38 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:38 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:41 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:00:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:02:22 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:02:25 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:02:31 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:02:43 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:02:46 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:02:52 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:20:47 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:20:47 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

01:20:50 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:20:50 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

01:20:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:20:56 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

01:23:43 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:23:46 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:23:52 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:24:04 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:24:07 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:24:13 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:50:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:50:50 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:50:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:50:52 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:50:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:50:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:50:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:51:00 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:51:01 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:56:05 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:56:07 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:56:14 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

01:56:25 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:56:28 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

01:56:35 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

02:04:02 Steve MESSAGE Scheduled update executed successfully

02:04:03 Steve MESSAGE IP Protection stopped

02:04:05 Steve MESSAGE Scheduled scan executed successfully

02:04:08 Steve MESSAGE Database updated successfully

02:04:14 Steve MESSAGE IP Protection started successfully

02:20:50 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

02:20:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:20:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:20:53 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

02:20:54 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:20:54 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

02:20:59 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

02:20:59 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:21:00 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

02:28:48 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:28:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:28:57 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:29:09 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

02:29:12 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

02:29:18 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

02:50:47 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

02:50:48 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:50:51 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

02:50:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

02:50:52 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

02:50:55 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:50:57 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

02:50:57 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

02:50:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:51:00 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:51:01 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:51:06 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:00:39 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:00:39 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

03:00:42 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:00:42 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

03:00:48 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:00:48 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

03:01:00 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:01:03 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:01:09 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:20:47 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

03:20:48 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:20:50 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

03:20:51 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

03:20:57 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

03:20:57 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:22:00 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

03:22:03 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

03:22:09 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

03:22:21 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:22:24 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:22:30 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:30:49 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

03:30:52 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

03:30:58 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

03:32:23 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:24 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:24 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

03:32:26 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:27 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:32 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:32 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:45 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:45 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:32:53 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:50:47 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

03:50:50 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

03:50:50 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:50:50 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

03:50:53 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

03:50:53 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:50:56 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:50:57 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

03:50:59 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

03:51:02 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:51:10 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

03:51:13 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

03:51:19 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

03:51:31 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:51:34 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

03:51:39 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:00:30 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

04:00:33 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

04:00:39 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

04:01:31 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:01:34 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:01:39 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:01:52 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:01:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:02:00 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:20:48 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:20:48 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:20:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:20:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:20:57 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:20:57 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:22:52 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:22:55 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:23:01 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:23:13 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:23:16 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:23:22 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:32:36 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

04:32:39 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

04:32:45 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

04:33:13 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:33:16 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:33:22 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:50:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:50:49 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:50:50 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:50:52 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:50:53 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:50:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:50:58 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:50:59 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:51:14 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:51:17 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:51:23 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:51:35 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:51:38 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:51:44 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:54:34 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:54:37 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:54:43 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

04:54:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:54:58 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

04:55:04 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:20:48 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

05:20:48 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:20:49 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

05:20:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

05:20:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:20:52 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

05:20:54 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

05:20:57 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

05:20:57 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:20:58 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

05:21:00 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

05:32:46 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:32:46 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

05:32:49 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:32:49 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

05:32:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:32:55 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

05:33:07 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:33:10 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:33:16 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:50:48 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

05:50:48 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:50:51 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

05:50:51 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

05:50:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:50:54 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

05:50:57 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

05:50:57 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:50:59 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

05:51:56 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:51:59 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:52:05 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:52:17 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:52:20 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:52:26 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:54:08 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

05:54:11 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

05:54:17 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

05:54:29 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:54:32 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

05:54:38 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:01:51 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

06:01:54 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

06:02:00 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

06:20:48 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:20:51 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

06:20:57 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

06:26:30 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

06:26:33 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

06:26:39 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

06:26:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:26:54 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:27:00 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:50:51 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

06:50:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:50:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:50:54 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

06:50:54 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

06:50:54 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:51:00 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

06:51:00 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

06:51:00 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:51:12 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:51:15 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:51:21 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

06:52:38 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:52:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:52:47 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:52:59 Steve IP-BLOCK 78.140.143.83 (Type: outgoing)

06:52:59 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:53:02 Steve IP-BLOCK 78.140.143.83 (Type: outgoing)

06:53:02 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:53:08 Steve IP-BLOCK 78.140.143.83 (Type: outgoing)

06:53:08 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:01:14 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

07:01:17 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

07:01:23 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

07:01:35 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:01:38 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:01:44 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:13:08 Steve ERROR Scheduled update failed: WinHttpQueryDataAvailable failed with error code 12002

07:20:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:20:57 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:20:59 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:20:59 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:21:00 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:21:02 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:21:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:21:05 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:21:08 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:22:37 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

07:22:40 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

07:22:46 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

07:22:58 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:23:01 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:23:07 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:32:58 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

07:33:01 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

07:33:07 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

07:50:57 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:50:58 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:51:01 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:51:01 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:51:06 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:51:07 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:51:09 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:51:09 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:51:12 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:51:16 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:51:18 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:53:20 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:53:23 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:53:29 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:53:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:53:44 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:53:50 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:55:04 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:55:07 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:55:13 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

07:57:19 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

07:57:22 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

07:57:28 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

07:57:40 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:57:43 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

07:57:49 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:13:09 Steve ERROR Scheduled update failed: WinHttpQueryDataAvailable failed with error code 12002

08:20:49 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:20:49 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:20:49 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:20:52 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:20:52 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:20:52 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:20:58 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:20:58 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:20:58 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:23:50 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

08:23:53 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

08:23:59 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

08:29:41 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:29:44 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:29:50 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:30:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:30:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:30:11 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:30:22 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

08:30:25 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

08:30:31 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

08:50:48 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

08:50:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:50:51 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

08:50:54 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:50:57 Steve IP-BLOCK 68.168.212.21 (Type: outgoing)

08:51:00 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:54:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:54:02 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:54:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:54:05 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:54:10 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

08:54:11 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:54:11 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:54:13 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

08:54:19 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

08:54:23 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:54:26 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:54:31 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:54:32 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:54:34 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:54:40 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:59:03 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:59:03 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:59:06 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:59:06 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:59:12 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:59:12 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

08:59:24 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:59:27 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

08:59:33 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:10:09 Steve ERROR Scheduled update failed: WinHttpQueryDataAvailable failed with error code 12002

09:20:51 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

09:20:52 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:20:54 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

09:20:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:21:00 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

09:21:01 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:21:04 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:21:07 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

09:21:13 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

09:26:36 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:26:39 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:26:40 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:26:40 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:26:42 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:26:45 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:26:49 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:27:00 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:27:01 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:27:03 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:27:10 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:50:58 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:51:00 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:51:01 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:51:03 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:51:07 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:51:07 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:51:09 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:51:10 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:51:16 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:51:46 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

09:51:49 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

09:51:55 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

09:54:44 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:54:47 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:54:53 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:55:05 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:55:08 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:55:14 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:58:56 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:58:59 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:59:04 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

09:59:16 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:59:19 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

09:59:26 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:06:50 Steve ERROR Scheduled update failed: WinHttpQueryDataAvailable failed with error code 12002

10:20:49 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:20:52 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:20:52 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:20:52 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:20:55 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:20:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:20:56 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:20:58 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:20:59 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:20:59 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:21:01 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:21:01 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:21:05 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:21:05 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:21:17 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:21:19 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:21:25 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:31:17 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:31:19 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:31:25 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:31:37 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:31:40 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:31:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:50:48 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:50:49 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:50:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:50:52 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:50:57 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:50:58 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

10:52:38 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:52:41 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:52:46 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

10:52:59 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:53:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:53:07 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

10:55:26 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:55:29 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:55:35 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:55:47 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:55:50 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:55:56 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:02:59 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

11:03:02 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

11:03:07 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

11:04:09 Steve ERROR Scheduled update failed: WinHttpQueryDataAvailable failed with error code 12002

11:21:09 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:21:09 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

11:21:11 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:21:12 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:21:12 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

11:21:14 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:21:18 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:21:19 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

11:21:20 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:22:25 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

11:22:28 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

11:22:34 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

11:27:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:27:03 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

11:27:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:27:06 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

11:27:10 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:27:11 Steve IP-BLOCK 68.168.212.18 (Type: outgoing)

11:27:24 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:27:26 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:27:33 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:50:51 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

11:50:51 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

11:50:54 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

11:50:54 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

11:50:57 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

11:51:00 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

11:51:01 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

11:51:06 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

11:51:09 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:51:12 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:51:18 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:56:08 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:56:11 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:56:17 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:56:29 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:56:32 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:56:38 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:59:38 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:59:41 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:59:43 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:59:43 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

11:59:46 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:59:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

11:59:52 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:00:04 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:00:04 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:00:07 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:00:13 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:06:48 Steve ERROR Scheduled update failed: WinHttpQueryDataAvailable failed with error code 12002

12:20:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:20:53 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:20:54 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:20:54 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

12:20:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:20:57 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

12:21:00 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:21:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:21:03 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

12:21:09 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:21:12 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:21:18 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:26:20 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:26:23 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:26:29 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:26:41 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:26:44 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:26:50 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:50:48 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

12:50:51 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

12:50:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:50:52 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:50:54 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:50:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:50:57 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

12:51:00 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:51:00 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:56:50 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:56:53 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:56:59 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:57:11 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:57:14 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:57:20 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:58:41 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:58:44 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:58:50 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

12:59:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:59:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

12:59:11 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:02:25 Steve ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

13:20:48 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:20:50 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:20:51 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:20:53 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:20:57 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:20:59 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:21:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:21:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:21:11 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:31:02 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:31:05 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:31:11 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:31:23 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:31:26 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:31:32 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:32:43 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

13:32:46 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

13:32:52 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

13:51:09 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

13:51:12 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:51:18 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

13:57:32 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:57:35 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:57:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:57:53 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:57:56 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:58:02 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:00:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:00:08 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:00:14 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:00:23 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:00:26 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:00:31 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:01:53 Steve ERROR Scheduled update failed: WinHttpQueryDataAvailable failed with error code 12002

14:07:40 Steve IP-BLOCK 74.81.171.153 (Type: outgoing)

14:07:43 Steve IP-BLOCK 74.81.171.153 (Type: outgoing)

14:07:49 Steve IP-BLOCK 74.81.171.153 (Type: outgoing)

14:08:01 Steve IP-BLOCK 74.81.171.154 (Type: outgoing)

14:08:04 Steve IP-BLOCK 74.81.171.154 (Type: outgoing)

14:08:10 Steve IP-BLOCK 74.81.171.154 (Type: outgoing)

14:08:23 Steve IP-BLOCK 74.81.171.155 (Type: outgoing)

14:08:26 Steve IP-BLOCK 74.81.171.155 (Type: outgoing)

14:08:32 Steve IP-BLOCK 74.81.171.155 (Type: outgoing)

14:21:15 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:21:15 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:21:16 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:21:18 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:21:18 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:21:19 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:21:23 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

14:21:24 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:21:24 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:21:24 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:21:26 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

14:21:32 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

14:21:44 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:21:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:21:53 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:31:53 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:31:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:31:55 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:31:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:31:58 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:32:02 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:32:04 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:32:16 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:32:16 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:32:19 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:32:23 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:32:25 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:32:26 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:32:32 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:32:44 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:32:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:32:53 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:50:49 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:50:49 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:50:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:50:52 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:50:52 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:50:55 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:50:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:50:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:50:57 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:50:58 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:50:59 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:51:01 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:51:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:56:04 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:56:07 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:56:13 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

14:56:25 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:56:28 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:56:34 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

14:56:46 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:56:49 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:56:55 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:57:38 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:57:41 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:57:47 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

14:58:14 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:58:17 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:58:23 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:58:35 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:58:38 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:58:44 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:05:41 Steve ERROR Scheduled update failed: WinHttpQueryDataAvailable failed with error code 12002

15:20:48 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

15:20:51 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:20:57 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:20:58 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:21:01 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:21:07 Steve IP-BLOCK 95.143.193.171 (Type: outgoing)

15:21:19 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:21:22 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:21:28 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:21:56 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:21:59 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:22:05 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

15:22:27 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

15:22:30 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

15:22:36 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

16:00:16 Steve MESSAGE Scheduled update executed successfully

16:00:19 Steve MESSAGE Scheduled scan executed successfully

16:19:32 Steve MESSAGE Protection started successfully

16:19:57 Steve MESSAGE IP Protection started successfully

16:35:14 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:35:14 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:35:14 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

16:35:14 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

16:35:17 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:35:17 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

16:35:17 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

16:35:23 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:35:23 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

16:35:23 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

16:42:53 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

16:42:56 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

16:43:02 Steve IP-BLOCK 68.168.212.20 (Type: outgoing)

16:43:14 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

16:43:17 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

16:43:23 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

16:59:17 Steve IP-BLOCK 91.200.240.30 (Type: outgoing)

16:59:20 Steve IP-BLOCK 91.200.240.30 (Type: outgoing)

16:59:26 Steve IP-BLOCK 91.200.240.30 (Type: outgoing)

17:00:30 Steve MESSAGE Scheduled update executed successfully

17:00:30 Steve MESSAGE IP Protection stopped

17:00:33 Steve MESSAGE Database updated successfully

17:00:33 Steve MESSAGE Scheduled scan executed successfully

17:00:34 Steve MESSAGE IP Protection started successfully

17:05:36 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

17:05:36 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

17:05:39 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

17:05:39 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

17:05:39 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

17:05:40 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

17:05:42 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

17:05:43 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

17:05:45 Steve IP-BLOCK 62.122.75.136 (Type: outgoing)

17:05:45 Steve IP-BLOCK 68.168.212.19 (Type: outgoing)

17:05:48 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

17:05:49 Steve IP-BLOCK 95.143.193.138 (Type: outgoing)

17:16:17 Steve MESSAGE Protection started successfully

17:17:02 Steve MESSAGE IP Protection started successfully

17:26:57 (null) MESSAGE Protection started successfully

17:27:32 Steve MESSAGE IP Protection started successfully

17:43:08 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:43:11 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:43:17 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

Link to post
Share on other sites

If you haven't rebooted since running TDSSKiller please do so.

Next:

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I disabled AVG 9.0 Resident Shield, but ComboFix will not run. I get a warning to uninstall AVG or use another tool. I am reluctant to remove AVG.

Am I missing a step in disabling Resident Shield and running ComboFix?

The instructions in your reply specify Windows 7 and Windows Vista. I am using Windows XP sp3. Will that make a difference?

Link to post
Share on other sites

Combofix will not run unless AVG is uninstalled.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=bbcc773b787a3544a35c09c75059c9d6

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-04-21 03:22:48

# local_time=2011-04-20 08:22:48 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1029 16777173 100 91 0 46862471 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=98798

# found=7

# cleaned=6

# scan_time=2867

C:\Documents and Settings\All Users\Documents\setup201.fon Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Documents\setup201.lnk LNK/Exploit.CVE-2010-2568 trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Documents\setup50045.fon Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Documents\setup50045.lnk LNK/Exploit.CVE-2010-2568 trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\CouponsBar.dll probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\Temp\srv9C4.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/AutoRun.Agent.ABK worm 00000000000000000000000000000000 I

Link to post
Share on other sites

We were intially having problems with an unsolicited web page appearing behind the active Internet Explorer window. Internet Explorer would then freeze up and we would have to reboot by manually shutting down the computer. We've been using Google Chrome or Safari since we figured out that IE might be part of the problem and haven't seen evidence of any problems aside from the IP Block warning bubbles.

This evening I've been navigating through various websites through Internet Explorer over the last half hour or so to check its operation and have not had any problems aside from our normal slow connection problems (service in this area is not all that great). I haven't seen any evidence of the unsolicited web sites, but I am still getting occasional IP Block messages from Malwarebytes.

This is a copy of the most recent Malwarebytes log.(Additional comments follow)

00:00:13 Steve MESSAGE Scheduled update executed successfully

00:00:13 Steve MESSAGE IP Protection stopped

00:00:16 Steve MESSAGE Scheduled scan executed successfully

00:00:18 Steve MESSAGE Database updated successfully

00:00:19 Steve MESSAGE IP Protection started successfully

00:55:06 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:55:09 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:55:15 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:55:27 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:55:30 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:55:36 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:00:24 Steve MESSAGE Scheduled update executed successfully

01:00:24 Steve MESSAGE IP Protection stopped

01:00:27 Steve MESSAGE Scheduled scan executed successfully

01:00:29 Steve MESSAGE Database updated successfully

01:00:31 Steve MESSAGE IP Protection started successfully

01:55:48 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:55:51 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:55:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:56:09 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:56:12 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:56:18 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:56:30 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:56:33 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:56:39 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:56:51 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:56:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:57:00 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:57:12 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:57:15 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:57:21 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:57:33 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:57:36 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:57:42 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:57:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:57:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:58:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:58:15 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:58:18 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:58:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:58:36 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:58:39 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:58:45 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:58:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:59:00 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:59:06 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:59:18 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:59:21 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:59:27 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:59:39 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:59:42 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:59:48 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:00:00 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:00:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:00:09 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:00:21 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:00:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:00:30 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:00:42 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:00:45 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:00:51 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:01:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:01:06 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:01:09 Steve MESSAGE Scheduled update executed successfully

09:01:09 Steve MESSAGE IP Protection stopped

09:01:12 Steve MESSAGE Scheduled scan executed successfully

09:01:15 Steve MESSAGE Database updated successfully

09:01:16 Steve MESSAGE IP Protection started successfully

09:01:20 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:01:31 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:01:52 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:02:33 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:01:15 Steve MESSAGE Scheduled update executed successfully

10:01:15 Steve MESSAGE IP Protection stopped

10:01:18 Steve MESSAGE Scheduled scan executed successfully

10:01:21 Steve MESSAGE Database updated successfully

10:01:22 Steve MESSAGE IP Protection started successfully

10:18:40 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:18:40 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:18:43 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:18:44 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:18:49 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:18:49 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:18:37 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:18:40 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:18:46 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:01:20 Steve MESSAGE Scheduled update executed successfully

12:01:20 Steve MESSAGE IP Protection stopped

12:01:23 Steve MESSAGE Scheduled scan executed successfully

12:01:27 Steve MESSAGE Database updated successfully

12:01:28 Steve MESSAGE IP Protection started successfully

12:18:38 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:18:39 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:18:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:18:42 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:18:47 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:18:48 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:18:37 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:18:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:18:47 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:18:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:18:44 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:18:50 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:18:40 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:18:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:18:43 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:18:44 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:18:50 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:18:50 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:01:37 Steve MESSAGE Scheduled update executed successfully

16:01:37 Steve MESSAGE IP Protection stopped

16:01:40 Steve MESSAGE Scheduled scan executed successfully

16:01:45 Steve MESSAGE Database updated successfully

16:01:46 Steve MESSAGE IP Protection started successfully

16:18:38 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:18:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:18:47 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:18:38 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:18:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:18:47 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

18:18:38 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

18:18:41 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

18:18:48 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

19:18:09 Steve MESSAGE Protection started successfully

19:18:20 Steve MESSAGE IP Protection started successfully

19:18:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

19:18:33 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

If the IP Blocks indicated here are fairly common as a result of having an internet connection and visiting websites, and the frequency of the warning messages simply means that Malwarebytes is doing its job, then perhaps my settings for Malwarebytes need to be tweaked so that I am not getting a warning message everytime it blocks access.

The first thing I noticed about this log, however, is that Malwarebytes is blocking only one DNS address. Previous logs indicated a couple of DNS addresses. Would it be okay to scan the system again using ESET to see if the fix we ran last night cleaned out the threats it found, or is there a different scan that we can try to identify and eliminate what appears to be the only remaining threat?

Link to post
Share on other sites

2011/04/22 18:19:19.0171 8012 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/22 18:19:21.0187 8012 ================================================================================

2011/04/22 18:19:21.0187 8012 SystemInfo:

2011/04/22 18:19:21.0187 8012

2011/04/22 18:19:21.0187 8012 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/22 18:19:21.0187 8012 Product type: Workstation

2011/04/22 18:19:21.0187 8012 ComputerName: OFFICE

2011/04/22 18:19:21.0187 8012 UserName: Steve

2011/04/22 18:19:21.0187 8012 Windows directory: C:\WINDOWS

2011/04/22 18:19:21.0187 8012 System windows directory: C:\WINDOWS

2011/04/22 18:19:21.0187 8012 Processor architecture: Intel x86

2011/04/22 18:19:21.0187 8012 Number of processors: 2

2011/04/22 18:19:21.0187 8012 Page size: 0x1000

2011/04/22 18:19:21.0187 8012 Boot type: Normal boot

2011/04/22 18:19:21.0187 8012 ================================================================================

2011/04/22 18:19:21.0546 8012 Initialize success

2011/04/22 18:19:25.0015 7192 ================================================================================

2011/04/22 18:19:25.0015 7192 Scan started

2011/04/22 18:19:25.0015 7192 Mode: Manual;

2011/04/22 18:19:25.0015 7192 ================================================================================

2011/04/22 18:19:26.0687 7192 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/04/22 18:19:26.0718 7192 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/22 18:19:26.0750 7192 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/22 18:19:26.0812 7192 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/04/22 18:19:26.0859 7192 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/22 18:19:26.0890 7192 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/04/22 18:19:26.0906 7192 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/04/22 18:19:26.0921 7192 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/04/22 18:19:26.0937 7192 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/04/22 18:19:26.0968 7192 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/04/22 18:19:26.0984 7192 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/04/22 18:19:27.0015 7192 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/04/22 18:19:27.0046 7192 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/04/22 18:19:27.0046 7192 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/04/22 18:19:27.0078 7192 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/04/22 18:19:27.0109 7192 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/04/22 18:19:27.0125 7192 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/04/22 18:19:27.0156 7192 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/04/22 18:19:27.0171 7192 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/22 18:19:27.0218 7192 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/22 18:19:27.0312 7192 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/04/22 18:19:27.0390 7192 AtiHdmiService (eaece4a0d90d6e1fbe068cce9efd73a0) C:\WINDOWS\system32\drivers\AtiHdmi.sys

2011/04/22 18:19:27.0421 7192 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/22 18:19:27.0453 7192 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/22 18:19:27.0500 7192 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2011/04/22 18:19:27.0546 7192 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2011/04/22 18:19:27.0562 7192 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys

2011/04/22 18:19:27.0609 7192 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys

2011/04/22 18:19:27.0640 7192 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

2011/04/22 18:19:27.0703 7192 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/22 18:19:27.0765 7192 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/04/22 18:19:27.0765 7192 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/22 18:19:27.0812 7192 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/22 18:19:27.0828 7192 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/04/22 18:19:27.0875 7192 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/22 18:19:27.0890 7192 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/22 18:19:27.0937 7192 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/22 18:19:28.0031 7192 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/04/22 18:19:28.0093 7192 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/04/22 18:19:28.0109 7192 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/04/22 18:19:28.0140 7192 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/04/22 18:19:28.0171 7192 Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys

2011/04/22 18:19:28.0218 7192 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/22 18:19:28.0234 7192 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

2011/04/22 18:19:28.0250 7192 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

2011/04/22 18:19:28.0265 7192 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/04/22 18:19:28.0281 7192 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

2011/04/22 18:19:28.0296 7192 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

2011/04/22 18:19:28.0328 7192 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

2011/04/22 18:19:28.0328 7192 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

2011/04/22 18:19:28.0343 7192 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/04/22 18:19:28.0359 7192 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

2011/04/22 18:19:28.0359 7192 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

2011/04/22 18:19:28.0406 7192 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/22 18:19:28.0437 7192 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/04/22 18:19:28.0437 7192 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/22 18:19:28.0531 7192 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/22 18:19:28.0593 7192 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/04/22 18:19:28.0625 7192 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/22 18:19:28.0687 7192 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/04/22 18:19:28.0718 7192 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/04/22 18:19:28.0781 7192 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/22 18:19:28.0828 7192 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/04/22 18:19:28.0875 7192 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/04/22 18:19:28.0921 7192 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/22 18:19:28.0937 7192 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/04/22 18:19:28.0953 7192 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/04/22 18:19:29.0000 7192 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/04/22 18:19:29.0015 7192 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/22 18:19:29.0062 7192 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/22 18:19:29.0109 7192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/04/22 18:19:29.0125 7192 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/22 18:19:29.0156 7192 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/04/22 18:19:29.0187 7192 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/22 18:19:29.0218 7192 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/04/22 18:19:29.0250 7192 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/22 18:19:29.0296 7192 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/04/22 18:19:29.0312 7192 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/04/22 18:19:29.0359 7192 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iaStor.sys

2011/04/22 18:19:29.0406 7192 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/22 18:19:29.0453 7192 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/04/22 18:19:29.0562 7192 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/04/22 18:19:29.0609 7192 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/04/22 18:19:29.0640 7192 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/22 18:19:29.0671 7192 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/04/22 18:19:29.0687 7192 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/22 18:19:29.0703 7192 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/22 18:19:29.0734 7192 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/22 18:19:29.0750 7192 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/22 18:19:29.0796 7192 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/22 18:19:29.0828 7192 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/22 18:19:29.0843 7192 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\WINDOWS\system32\DRIVERS\jraid.sys

2011/04/22 18:19:29.0906 7192 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/22 18:19:29.0953 7192 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/04/22 18:19:29.0984 7192 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/22 18:19:30.0031 7192 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/22 18:19:30.0078 7192 LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys

2011/04/22 18:19:30.0218 7192 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2011/04/22 18:19:30.0312 7192 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2011/04/22 18:19:30.0375 7192 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2011/04/22 18:19:30.0406 7192 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2011/04/22 18:19:30.0453 7192 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/04/22 18:19:30.0484 7192 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/04/22 18:19:30.0640 7192 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/04/22 18:19:30.0890 7192 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/04/22 18:19:30.0968 7192 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/22 18:19:30.0984 7192 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/22 18:19:31.0031 7192 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/22 18:19:31.0046 7192 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/22 18:19:31.0062 7192 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/22 18:19:31.0093 7192 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/04/22 18:19:31.0093 7192 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/22 18:19:31.0140 7192 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/22 18:19:31.0187 7192 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/22 18:19:31.0218 7192 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/22 18:19:31.0234 7192 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/22 18:19:31.0250 7192 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/22 18:19:31.0281 7192 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/22 18:19:31.0328 7192 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/22 18:19:31.0359 7192 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/22 18:19:31.0390 7192 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/22 18:19:31.0421 7192 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/22 18:19:31.0453 7192 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/22 18:19:31.0484 7192 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/22 18:19:31.0500 7192 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/22 18:19:31.0500 7192 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/22 18:19:31.0546 7192 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/22 18:19:31.0562 7192 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/22 18:19:31.0578 7192 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/22 18:19:31.0609 7192 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/22 18:19:31.0671 7192 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/22 18:19:31.0718 7192 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/22 18:19:31.0750 7192 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/22 18:19:31.0750 7192 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/22 18:19:31.0796 7192 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/04/22 18:19:31.0828 7192 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/22 18:19:31.0843 7192 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/22 18:19:31.0859 7192 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/22 18:19:31.0921 7192 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/22 18:19:31.0984 7192 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/22 18:19:32.0093 7192 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/04/22 18:19:32.0109 7192 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/04/22 18:19:32.0171 7192 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/22 18:19:32.0187 7192 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/22 18:19:32.0203 7192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/22 18:19:32.0250 7192 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/22 18:19:32.0281 7192 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/04/22 18:19:32.0296 7192 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/04/22 18:19:32.0343 7192 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/04/22 18:19:32.0359 7192 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/04/22 18:19:32.0375 7192 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/04/22 18:19:32.0390 7192 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/22 18:19:32.0437 7192 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/22 18:19:32.0453 7192 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/22 18:19:32.0468 7192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/22 18:19:32.0500 7192 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/22 18:19:32.0500 7192 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/22 18:19:32.0546 7192 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/22 18:19:32.0562 7192 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/22 18:19:32.0609 7192 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/22 18:19:32.0656 7192 RTLE8023xp (20f8e21af426bf61881981452b3c3370) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/04/22 18:19:32.0703 7192 RTLVLAN (b9ca69921379ea2931c4450fe975bce7) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS

2011/04/22 18:19:32.0765 7192 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/22 18:19:32.0796 7192 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/22 18:19:32.0812 7192 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/22 18:19:32.0843 7192 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/22 18:19:32.0890 7192 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/04/22 18:19:32.0953 7192 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/22 18:19:33.0015 7192 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/04/22 18:19:33.0078 7192 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/22 18:19:33.0125 7192 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/22 18:19:33.0171 7192 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/22 18:19:33.0218 7192 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/22 18:19:33.0250 7192 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/22 18:19:33.0296 7192 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/22 18:19:33.0343 7192 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/04/22 18:19:33.0375 7192 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/04/22 18:19:33.0390 7192 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/04/22 18:19:33.0421 7192 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/04/22 18:19:33.0500 7192 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/22 18:19:33.0562 7192 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/22 18:19:33.0593 7192 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/22 18:19:33.0609 7192 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/22 18:19:33.0656 7192 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/22 18:19:33.0687 7192 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/04/22 18:19:33.0718 7192 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/22 18:19:33.0750 7192 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/04/22 18:19:33.0781 7192 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/22 18:19:33.0828 7192 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/22 18:19:33.0875 7192 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/22 18:19:33.0906 7192 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/22 18:19:33.0953 7192 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/22 18:19:34.0015 7192 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/22 18:19:34.0046 7192 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/04/22 18:19:34.0078 7192 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/22 18:19:34.0093 7192 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/22 18:19:34.0125 7192 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/22 18:19:34.0171 7192 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/04/22 18:19:34.0203 7192 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/22 18:19:34.0234 7192 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/04/22 18:19:34.0250 7192 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/04/22 18:19:34.0281 7192 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/22 18:19:34.0343 7192 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys

2011/04/22 18:19:34.0359 7192 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/22 18:19:34.0421 7192 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/22 18:19:34.0484 7192 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/22 18:19:34.0515 7192 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/22 18:19:34.0531 7192 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/22 18:19:34.0593 7192 ================================================================================

2011/04/22 18:19:34.0593 7192 Scan finished

2011/04/22 18:19:34.0593 7192 ================================================================================

Link to post
Share on other sites

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Steve at 19:42:58.00 on Sat 04/23/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1624 [GMT -7:00]

.

AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\iGive_Toolbar\igvtt.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Fisher-Price\Music Player\MP_Middleware.exe

C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\iGive_Toolbar\igvtp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Safari\Safari.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Safari\Safari.exe

C:\Documents and Settings\Steve\My Documents\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.msn.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: iGive Toolbar: {fa73ae1b-4ba9-4e8b-832b-54a287ff1b7f} - c:\program files\igive_toolbar\igvtb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Conime] %windir%\system32\conime.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [igvtm] "c:\program files\igive_toolbar\igvtt.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Launch Kid-Touch Music Player Middleware] "c:\program files\fisher-price\music player\MP_Middleware.exe"

mRun: [FPPhotoMiddleWare] c:\program files\fisher-price\photo software\util\Fisher-Price Photo Software Middleware.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: iGive Toolbar - file://c:\documents and settings\steve\application data\igive_toolbar\igvtt\igvtC5.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: microsoft.com\www.update

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295804343375

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295804337281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-26 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-26 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-26 29584]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-26 243024]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-25 54752]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-7-10 8960]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-1-14 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-7-26 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-26 363344]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-4-14 88176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-26 20952]

S2 0130211302835273mcinstcleanup;McAfee Application Installer Cleanup (0130211302835273);c:\windows\temp\013021~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service -->

c:\windows\temp\013021~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S2 srv9C4;srv9C4;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-7-10 11264]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-7-10 16640]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-04-22 02:20:29 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\PCHealth

2011-04-22 02:08:49 -------- d-----w- c:\windows\ServicePackFiles

2011-04-21 10:03:23 -------- d-----w- C:\fc9ad48c9dd3d4a2f94840738e

2011-04-21 02:04:48 -------- d-----w- c:\program files\ESET

2011-04-20 14:31:07 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-04-20 14:31:07 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-04-20 10:03:04 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2011-04-20 10:03:04 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2011-04-20 10:03:04 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2011-04-20 10:03:04 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2011-04-20 10:03:04 -------- d-----w- C:\28852effe3076aaf4a

2011-04-17 01:44:50 -------- d--h--w- c:\windows\PIF

2011-04-15 02:57:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-04-15 02:57:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-04-15 02:41:13 -------- d-----w- c:\program files\common files\McAfee

2011-04-15 02:41:07 -------- d-----w- c:\program files\McAfee

2011-04-05 03:05:57 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

2011-04-05 03:05:56 -------- d-----w- c:\program files\Belarc

2011-03-29 03:59:32 -------- d-----w- c:\program files\CCleaner

2011-03-29 03:58:41 -------- d-----w- c:\program files\VS Revo Group

2011-03-28 15:46:17 -------- d-----w- c:\docume~1\steve\applic~1\OfferBox

2011-03-28 15:46:13 -------- d-----w- c:\program files\OfferBox

2011-03-28 15:45:36 0 ----a-w- c:\windows\Lsasobogise.bin

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-15 03:36:17 6275960 ----a-w- c:\program files\Silverlight.exe

2010-12-25 05:42:12 110914304 ----a-w- c:\program files\Fisher-Price_Digital_Camera_Photo_2.0.0.9.exe

2010-12-24 20:23:26 16553552 ----a-w- c:\program files\Fisher-Price Music Player Setup_v1.0.0.33.exe

2009-11-25 19:24:39 1146184 ----a-w- c:\program files\wlsetup-web.exe

.

============= FINISH: 19:43:42.90 ===============

Link to post
Share on other sites

Well, I rebooted the router, and that seemed to help some of the performance issues we were having, but we are still getting IP Block messages.

At one point the logs showed Malwarebytes blocking 1 DNS address. Another log showed 3 addresses, but we quarantined one threat, and now the logs are consistently showing the same two DNS addresses. This is my most recent Malewarebytes log.

00:00:22 Steve MESSAGE Scheduled update executed successfully

00:00:22 Steve MESSAGE IP Protection stopped

00:00:25 Steve MESSAGE Scheduled scan executed successfully

00:00:31 Steve MESSAGE Database updated successfully

00:00:32 Steve MESSAGE IP Protection started successfully

00:59:08 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:59:11 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

00:59:17 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:16:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:16:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

01:17:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:00:24 Steve MESSAGE Scheduled update executed successfully

02:00:24 Steve MESSAGE IP Protection stopped

02:00:27 Steve MESSAGE Scheduled scan executed successfully

02:00:32 Steve MESSAGE Database updated successfully

02:00:34 Steve MESSAGE IP Protection started successfully

02:16:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:16:55 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:16:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:16:58 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:17:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

02:17:04 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:16:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:16:57 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

03:16:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

03:17:03 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

03:17:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:16:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:16:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

04:17:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:16:55 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:16:58 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

05:17:04 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:16:55 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:16:58 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

06:17:04 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:16:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:16:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:17:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:17:15 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:17:18 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:17:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

07:17:36 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

07:17:39 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

07:17:45 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

08:17:57 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:18:00 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:18:06 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:18:18 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:18:21 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:18:27 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

08:18:39 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

08:18:42 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

08:18:48 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

09:19:00 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:19:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:19:09 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:19:21 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:19:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:19:30 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

09:19:42 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

09:19:45 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

09:19:51 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

10:00:34 Steve MESSAGE Scheduled update executed successfully

10:00:34 Steve MESSAGE IP Protection stopped

10:00:37 Steve MESSAGE Scheduled scan executed successfully

10:00:43 Steve MESSAGE Database updated successfully

10:00:44 Steve MESSAGE IP Protection started successfully

10:20:03 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:20:06 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:20:12 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:20:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:20:27 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:20:33 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

10:20:45 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

10:20:48 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

10:20:54 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

11:21:06 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:21:09 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:21:15 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:21:27 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:21:30 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:21:36 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

11:21:48 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

11:21:51 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

11:21:57 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

12:00:28 Steve MESSAGE Scheduled update executed successfully

12:00:28 Steve MESSAGE IP Protection stopped

12:00:31 Steve MESSAGE Scheduled scan executed successfully

12:00:37 Steve MESSAGE Database updated successfully

12:00:39 Steve MESSAGE IP Protection started successfully

12:22:09 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:22:12 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:22:18 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:22:30 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:22:33 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:22:39 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

12:22:51 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

12:22:54 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

12:23:00 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

13:00:32 Steve MESSAGE Scheduled update executed successfully

13:00:32 Steve MESSAGE IP Protection stopped

13:00:35 Steve MESSAGE Scheduled scan executed successfully

13:00:40 Steve MESSAGE Database updated successfully

13:00:42 Steve MESSAGE IP Protection started successfully

13:23:12 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:23:15 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:23:21 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:23:33 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:23:36 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:23:42 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

13:23:54 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

13:23:57 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

13:24:03 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

14:24:15 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:24:18 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:24:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:24:36 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:24:39 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:24:45 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

14:24:57 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

14:25:00 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

14:25:06 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

15:25:18 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:25:21 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:25:27 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:25:39 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:25:42 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:25:48 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

15:26:00 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

15:26:03 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

15:26:09 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

16:00:35 Steve MESSAGE Scheduled update executed successfully

16:00:35 Steve MESSAGE IP Protection stopped

16:00:38 Steve MESSAGE Scheduled scan executed successfully

16:00:44 Steve MESSAGE Database updated successfully

16:00:45 Steve MESSAGE IP Protection started successfully

16:26:21 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:26:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:26:30 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:26:42 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:26:45 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:26:51 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

16:27:03 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

16:27:06 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

16:27:12 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

17:27:24 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:27:27 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:27:33 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:27:45 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:27:48 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:27:54 Steve IP-BLOCK 195.14.112.136 (Type: outgoing)

17:28:06 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

17:28:09 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

17:28:15 Steve IP-BLOCK 195.14.112.139 (Type: outgoing)

Don't know what else to try!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.