Possible Rootkit Infection that Malwarebytes Doesn't Detect?

[RyanVold]

Hi all. I believe my work computer is infected with what I think is a rootkit. Every three minutes or so, Malwarebytes claims it has "successfully blocked access to a potentially malicious website" and then leaves an IP address, some of which I have included. I have run a Malwarebytes scan which came up clean, a DDS scan (which I am unable to interpret), and an OTL file as seen below. Any help would be greatly appreciated!!!

Here is a small list of what Malwarebytes comes up with.

15:28:14 Nutrition City MESSAGE Protection started successfully

15:28:21 Nutrition City MESSAGE IP Protection started successfully

15:35:06 Nutrition City IP-BLOCK 89.28.5.194 (Type: outgoing)

15:38:01 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)

15:38:11 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)

15:38:16 Nutrition City IP-BLOCK 218.10.141.206 (Type: incoming)

15:39:12 Nutrition City IP-BLOCK 89.28.5.194 (Type: incoming)

15:48:45 Nutrition City IP-BLOCK 89.28.5.194 (Type: outgoing)

15:54:27 Nutrition City IP-BLOCK 89.28.97.165 (Type: incoming)

16:04:16 Nutrition City IP-BLOCK 91.212.124.137 (Type: outgoing)

16:14:49 Nutrition City IP-BLOCK 89.28.117.99 (Type: incoming)

16:21:01 Nutrition City IP-BLOCK 83.128.67.242 (Type: outgoing)

16:39:51 Nutrition City MESSAGE Protection started successfully

16:40:21 Nutrition City MESSAGE IP Protection started successfully

16:43:45 Nutrition City IP-BLOCK 89.28.114.213 (Type: outgoing)

16:53:10 Nutrition City IP-BLOCK 83.128.116.65 (Type: incoming)

17:14:16 Nutrition City IP-BLOCK 83.128.116.65 (Type: outgoing)

17:14:29 Nutrition City IP-BLOCK 85.234.172.253 (Type: outgoing)

17:30:09 (null) MESSAGE Protection started successfully

17:30:51 Nutrition City MESSAGE IP Protection started successfully

17:35:56 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)

17:41:50 Nutrition City IP-BLOCK 83.128.116.65 (Type: incoming)

17:58:48 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)

17:59:55 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)

18:02:29 Nutrition City IP-BLOCK 220.248.164.230 (Type: outgoing)

18:03:40 Nutrition City IP-BLOCK 62.45.197.24 (Type: incoming)

18:17:17 Nutrition City IP-BLOCK 206.53.58.4 (Type: outgoing)

18:18:17 Nutrition City IP-BLOCK 219.152.137.191 (Type: outgoing)

18:21:46 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)

18:39:31 (null) MESSAGE Protection started successfully

18:40:15 Nutrition City MESSAGE IP Protection started successfully

18:41:42 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)

18:44:48 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

18:54:08 Nutrition City IP-BLOCK 58.241.13.210 (Type: incoming)

18:55:24 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)

19:00:18 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

19:11:24 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)

19:16:31 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

19:25:10 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

19:25:15 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)

19:30:11 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

19:30:38 Nutrition City IP-BLOCK 222.173.162.34 (Type: incoming)

19:31:31 Nutrition City IP-BLOCK 91.188.34.73 (Type: incoming)

19:39:11 Nutrition City IP-BLOCK 89.28.68.74 (Type: outgoing)

19:40:09 Nutrition City IP-BLOCK 89.28.15.247 (Type: outgoing)

19:45:48 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

19:55:40 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

19:55:49 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

19:55:57 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

20:00:46 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

20:10:18 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)

20:16:11 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

20:16:21 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

20:24:42 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

20:25:52 Nutrition City IP-BLOCK 89.28.16.18 (Type: incoming)

20:30:16 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

20:30:28 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)

20:40:54 Nutrition City IP-BLOCK 62.45.252.67 (Type: outgoing)

20:41:26 Nutrition City IP-BLOCK 222.65.89.230 (Type: outgoing)

20:45:59 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

20:46:07 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

20:54:34 Nutrition City IP-BLOCK 87.248.188.212 (Type: outgoing)

20:54:52 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

20:54:57 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)

21:09:39 Nutrition City IP-BLOCK 89.28.124.173 (Type: outgoing)

21:23:02 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)

21:23:10 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

21:23:22 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)

21:30:59 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

21:38:39 Nutrition City IP-BLOCK 212.117.179.53 (Type: outgoing)

21:46:33 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

21:54:14 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)

22:00:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

22:09:50 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

22:10:30 Nutrition City IP-BLOCK 58.240.147.170 (Type: outgoing)

22:14:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

22:14:52 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

22:24:27 Nutrition City IP-BLOCK 89.28.86.218 (Type: outgoing)

22:24:38 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

22:25:16 Nutrition City IP-BLOCK 188.130.176.49 (Type: outgoing)

22:29:05 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

22:39:31 Nutrition City IP-BLOCK 89.28.86.218 (Type: outgoing)

22:39:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

22:44:24 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

22:44:32 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

22:54:47 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

22:59:32 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

22:59:38 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

23:02:13 Nutrition City IP-BLOCK 58.241.13.210 (Type: incoming)

23:13:48 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

23:13:57 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

23:25:00 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

23:25:37 Nutrition City IP-BLOCK 222.69.130.90 (Type: outgoing)

23:25:47 Nutrition City IP-BLOCK 195.161.7.23 (Type: outgoing)

23:29:34 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

23:29:43 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

23:34:40 Nutrition City IP-BLOCK 89.28.16.226 (Type: incoming)

23:38:59 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)

23:39:33 Nutrition City IP-BLOCK 89.149.194.179 (Type: outgoing)

23:44:06 Nutrition City IP-BLOCK 195.24.78.75 (Type: incoming)

23:45:16 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

23:45:25 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)

23:53:03 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)

23:53:15 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)

OTL logfile created on: 5/26/2011 5:48:46 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Nutrition City\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 153.29 Mb Available Physical Memory | 15.10% Memory free

2.38 Gb Paging File | 1.73 Gb Available in Paging File | 72.46% Paging File free

Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 50.60 Gb Total Space | 22.94 Gb Free Space | 45.33% Space Free | Partition Type: NTFS

Computer Name: NUTRITIONCITY | User Name: Nutrition City | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 17:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nutrition City\My Documents\Downloads\OTL.exe

PRC - [2011/05/21 18:21:19 | 000,551,800 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/08/27 15:01:24 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2010/08/27 14:59:38 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel

[colsearle]

Try writing a new master boot record on the disk.

[ksiemb]

Try writing a new master boot record on the disk.

If you are not having a problem accessing your hard drive, Writing a new master boot record to your system partition could damage your partition tables and cause your partitions to become inaccessible.

[wildman424]

We don't work on Malware removal in the general forums.Please DO NOT POST LOGS in the "General Forums" unless requested

please follow All the instructions below and an Expert will assist you

• Please print out, read and follow the directions HERE, skipping any steps you are unable to complete.
  
• Then post a NEW topic HERE.One of the Expert helpers there will give you one-on-one assistance when one becomes available.
  

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  
• You may send a Private Message to a Moderator asking for assistance.
  

Additionally As a paying customer, you can contact the help desk at support@malwarebytes.org or via this help desk link HERE Our online experts will be able to assess your problem further

If you're a Corporate or Technician Licensed customer seeking assistance: Please send an email to Corporate Support Team <corporate-support@malwarebytes.org> with your Cleverbridge order reference number and they will assist you.

Please be patient, someone will assist you as soon as it is possible.