# UDP Flood and SYN Flood causing Disconnections



## nikorasu

Hi,  

Recently, I have had internet connection troubles from my computer.  My internet connection through my router dies and I have to reset the router before I get access again.  This happens much more at night then during the day (which I find odd).  Also, the lights on my router blink more than it should suggesting quite a bit of traffic even when I am not doing anything.  

Digging deeper, I notice that in the Security Logs, I have excessive UDP Floods and SYN Floods.  I believe this is what has been causing my disconnection issues in the past few days.  

I ran Malwarebytes and seem to have found no infections.  Regardless, I was wondering if the people on this forum can help me with my problems.  

The Security Logs are like this:

09/28/2011  10:02:33 **UDP flood** 142.151.171.233, 32768->> 128.100.96.34, 53 (from WAN Outbound)
09/28/2011  10:02:33 **UDP flood** 142.151.171.233, 32768->> 128.100.56.135, 53 (from WAN Outbound)
09/28/2011  10:00:41 **UDP flood** 209.105.216.242, 64698->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  09:51:46 **SYN Flood Stop**  (from WAN Inbound)
09/28/2011  09:51:46 **SYN Flood (per Min) Stop**  (from WAN Inbound)
09/28/2011  09:51:16 **SYN Flood (per Min)** 58.218.199.227, 12200->> 142.151.171.197, 8118 (from WAN Inbound)
09/28/2011  09:51:16 **SYN Flood** 58.218.199.227, 12200->> 142.151.171.128, 6588 (from WAN Inbound)
09/28/2011  09:37:52 **SYN Flood (per Min) Stop**  (from WAN Outbound)
09/28/2011  09:37:52 **SYN Flood Stop**  (from WAN Inbound)
09/28/2011  09:37:21 **SYN Flood** 221.192.199.49, 12200->> 142.151.170.148, 2479 (from WAN Inbound)
09/28/2011  09:37:21 **SYN Flood (per Min)** 221.192.199.49, 12200->> 142.151.171.233, 9415 (from WAN Inbound)
09/28/2011  09:31:52 **SYN Flood (per Min) Stop**  (from WAN Inbound)
09/28/2011  09:31:51 **SYN Flood (per Min)** 85.226.23.68, 54103->> 142.151.171.77, 42876 (from WAN Inbound)
09/28/2011  09:31:50 **SYN Flood (per Min)** 85.226.23.68, 54101->> 142.151.171.77, 42876 (from WAN Inbound)
09/28/2011  09:31:49 **SYN Flood (per Min)** 74.198.164.35, 55999->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:31:23 **SYN Flood (per Min)** 46.19.141.243, 12200->> 142.151.171.70, 1080 (from WAN Inbound)
09/28/2011  09:22:04 **SYN Flood Stop**  (from WAN Inbound)
09/28/2011  09:22:04 **SYN Flood (per Min) Stop**  (from WAN Inbound)
09/28/2011  09:22:03 **SYN Flood (per Min)** 77.167.5.59, 54058->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:22:03 **SYN Flood** 77.167.5.59, 54058->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:22:02 **SYN Flood (per Min)** 109.255.139.90, 51668->> 142.151.171.201, 24687 (from WAN Inbound)
09/28/2011  09:22:02 **SYN Flood** 109.255.139.90, 51668->> 142.151.171.201, 24687 (from WAN Inbound)
09/28/2011  09:22:01 **SYN Flood (per Min)** 173.19.39.108, 8410->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:22:01 **SYN Flood** 173.19.39.108, 8410->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:21:34 **SYN Flood (per Min)** 46.19.141.242, 12200->> 142.151.171.193, 8085 (from WAN Inbound)
09/28/2011  09:21:34 **SYN Flood** 46.19.141.242, 12200->> 142.151.171.193, 8085 (from WAN Inbound)
09/28/2011  09:21:34 **SYN Flood (per Min)** 46.19.141.242, 12200->> 142.151.171.12, 8085 (from WAN Inbound)
09/28/2011  09:17:44 **UDP Flood Stop**  (from WAN Inbound)
09/28/2011  09:17:42 **UDP flood** 142.151.171.153, 58480->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  09:17:41 **UDP flood** 24.114.255.3, 20076->> 142.151.170.110, 42054 (from WAN Inbound)
09/28/2011  09:17:41 **UDP flood** 64.13.161.55, 37507->> 142.151.171.170, 12478 (from WAN Inbound)
09/28/2011  09:17:41 **UDP flood** 143.107.94.126, 61324->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:40 **UDP flood** 211.124.40.28, 60000->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:39 **UDP flood** 64.251.130.130, 58461->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:39 **UDP flood** 83.149.21.117, 10302->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:38 **UDP flood** 111.194.97.39, 16001->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:37 **UDP flood** 112.206.102.170, 28393->> 142.151.170.95, 19223 (from WAN Inbound)
09/28/2011  09:17:35 **UDP flood** 84.208.71.167, 10465->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:32 **UDP flood** 124.163.126.137, 58861->> 142.151.170.60, 22475 (from WAN Inbound)
09/28/2011  09:17:31 **UDP flood** 79.129.251.220, 20236->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:31 **UDP flood** 208.44.247.130, 37851->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:30 **UDP flood** 65.48.239.158, 41591->> 142.151.171.73, 31738 (from WAN Inbound)
09/28/2011  09:17:30 **UDP flood** 142.151.170.31, 58881->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  09:17:30 **UDP flood** 218.79.19.84, 16001->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:29 **UDP flood** 71.191.11.106, 33271->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:29 **UDP flood** 123.226.135.98, 50653->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:28 **UDP flood** 14.208.154.180, 25566->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:27 **UDP flood** 192.168.2.3, 57736->> 192.168.254.5, 161 (from WAN Outbound)
09/28/2011  09:17:27 **UDP flood** 76.111.97.8, 23826->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:26 **UDP flood** 67.187.254.112, 48277->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:25 **UDP flood** 113.224.23.205, 1962->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:25 **UDP flood** 167.83.99.22, 25092->> 142.151.170.170, 35279 (from WAN Inbound)
09/28/2011  09:17:24 **UDP flood** 112.201.27.26, 22324->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:24 **UDP flood** 80.202.201.192, 56997->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:23 **UDP flood** 68.149.2.181, 63384->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:23 **UDP flood** 95.169.209.40, 25107->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:23 **UDP flood** 113.197.234.180, 13195->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:23 **UDP flood** 80.213.240.137, 22656->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:22 **UDP flood** 87.253.17.118, 6881->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:21 **UDP flood** 109.59.145.177, 10780->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:21 **UDP flood** 188.232.131.241, 17265->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:21 **UDP flood** 24.84.216.8, 42783->> 142.151.171.191, 51366 (from WAN Inbound)
09/28/2011  09:17:21 **UDP flood** 98.195.107.176, 39429->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:20 **UDP flood** 142.151.171.233, 32768->> 128.100.96.34, 53 (from WAN Outbound)
09/28/2011  09:17:20 **UDP flood** 142.151.171.233, 32768->> 128.100.56.135, 53 (from WAN Outbound)
09/28/2011  09:17:20 **UDP flood** 24.83.39.244, 46322->> 142.151.170.209, 12201 (from WAN Inbound)
09/28/2011  09:17:19 **UDP flood** 142.151.170.147, 54149->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  09:17:19 **UDP flood** 124.244.15.144, 10172->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:18 **UDP flood** 2.50.152.211, 38948->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:18 **UDP flood** 61.17.32.91, 55810->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:18 **UDP flood** 95.57.16.49, 32284->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:18 **UDP flood** 142.151.170.186, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:18 **UDP flood** 212.54.218.205, 31100->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:17 **UDP flood** 192.168.2.3, 57736->> 192.168.254.5, 161 (from WAN Outbound)
09/28/2011  09:17:15 **UDP flood** 68.147.13.251, 44377->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:15 **UDP flood** 142.151.171.232, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:15 **UDP flood** 91.211.228.6, 43002->> 142.151.171.191, 51366 (from WAN Inbound)
09/28/2011  09:17:14 **UDP flood** 115.86.94.120, 61646->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:14 **UDP flood** 124.158.56.148, 20422->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:14 **UDP flood** 93.58.165.70, 13750->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:14 **UDP flood** 67.181.240.169, 55155->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:13 **UDP flood** 212.123.151.50, 26480->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:13 **UDP flood** 79.52.210.177, 13480->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:12 **UDP flood** 78.87.162.250, 51588->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:11 **UDP flood** 71.192.149.237, 38760->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:11 **UDP flood** 74.59.102.86, 33352->> 142.151.171.201, 30354 (from WAN Inbound)
09/28/2011  09:17:11 **UDP flood** 50.23.91.68, 15005->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:10 **UDP flood** 89.43.157.242, 1057->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:09 **UDP flood** 114.77.94.158, 16299->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:09 **UDP flood** 182.177.57.109, 10354->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:09 **UDP flood** 82.230.26.227, 16374->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:09 **UDP flood** 109.128.165.58, 18064->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:07 **UDP flood** 94.21.30.185, 53921->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:07 **UDP flood** 41.251.35.90, 55919->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:07 **UDP flood** 142.151.170.147, 65285->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  09:17:06 **UDP flood** 192.168.2.3, 57736->> 192.168.254.5, 161 (from WAN Outbound)
09/28/2011  09:17:06 **UDP flood** 121.54.46.10, 61403->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:06 **UDP flood** 151.40.157.1, 12189->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:06 **UDP flood** 122.172.239.116, 42471->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:05 **UDP flood** 125.60.134.231, 57429->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:05 **UDP flood** 67.187.132.220, 45145->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:05 **UDP flood** 217.132.248.72, 61553->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:04 **UDP flood** 96.38.172.164, 49879->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:04 **UDP flood** 195.148.39.51, 5198->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:17:03 **UDP flood** 94.178.248.138, 42263->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:02 **UDP flood** 121.215.60.130, 59135->> 142.151.171.191, 51366 (from WAN Inbound)
09/28/2011  09:17:02 **UDP flood** 186.92.146.226, 56183->> 142.151.171.85, 14637 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 200.175.44.153, 26067->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 222.127.169.117, 50983->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 151.66.187.170, 1755->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 142.151.171.233, 32768->> 128.100.96.34, 53 (from WAN Outbound)
09/28/2011  09:17:01 **UDP flood** 142.151.171.233, 32768->> 128.100.56.135, 53 (from WAN Outbound)
09/28/2011  09:17:01 **UDP flood** 142.151.170.240, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 142.151.171.203, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 142.151.170.33, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 142.151.170.232, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 142.151.171.127, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 142.151.170.176, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:01 **UDP flood** 142.151.171.225, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:00 **UDP flood** 142.151.170.23, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:00 **UDP flood** 142.151.170.224, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:17:00 **UDP flood** 142.151.170.132, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:16:59 **UDP flood** 178.177.36.251, 35691->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:58 **UDP flood** 199.126.247.197, 60615->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:58 **UDP flood** 115.133.12.197, 51985->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:16:58 **UDP flood** 79.160.159.105, 35497->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:58 **UDP flood** 24.83.14.188, 63750->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:57 **UDP flood** 78.90.245.86, 26013->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:56 **UDP flood** 46.103.41.18, 52260->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:56 **UDP flood** 87.91.66.2, 33514->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:56 **UDP flood** 186.215.247.184, 43761->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:56 **UDP flood** 79.182.13.15, 55016->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:56 **UDP flood** 91.82.241.235, 39123->> 142.151.171.191, 51366 (from WAN Inbound)
09/28/2011  09:16:55 **UDP flood** 217.191.250.224, 48178->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:54 **UDP flood** 109.175.42.242, 6112->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:52 **UDP flood** 123.243.134.103, 10796->> 142.151.171.85, 14637 (from WAN Inbound)
09/28/2011  09:16:52 **UDP flood** 76.253.188.171, 32843->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:52 **UDP flood** 91.120.65.88, 51961->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:51 **UDP flood** 222.167.231.96, 16573->> 142.151.171.85, 14637 (from WAN Inbound)
09/28/2011  09:16:49 **UDP flood** 158.37.158.215, 43214->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:49 **UDP flood** 99.192.117.76, 1093->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:48 **UDP flood** 84.215.157.181, 53155->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:48 **UDP flood** 142.151.170.77, 59896->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  09:16:48 **UDP flood** 213.106.178.154, 43197->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:48 **UDP flood** 90.216.106.2, 23493->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:46 **UDP flood** 178.117.224.158, 10471->> 142.151.170.251, 21739 (from WAN Inbound)
09/28/2011  09:16:44 **UDP flood** 1.200.52.206, 49242->> 142.151.171.85, 14637 (from WAN Inbound)
09/28/2011  09:16:44 **UDP flood** 78.53.40.226, 31026->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  09:16:43 **UDP flood** 217.150.19.130, 50625->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:43 **UDP flood** 142.151.170.106, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:16:42 **UDP flood** 90.184.214.195, 26111->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:41 **UDP flood** 89.72.65.20, 64634->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:40 **UDP flood** 123.192.34.194, 24377->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:40 **UDP flood** 142.151.170.194, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:16:40 **UDP flood** 142.151.170.69, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:16:40 **UDP flood** 142.151.171.75, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:16:40 **UDP flood** 192.168.10.103, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  09:16:40 **UDP flood** 114.182.206.239, 14049->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  09:16:40 **UDP flood** 123.240.34.243, 22293->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  09:16:40 **UDP flood** 92.82.162.45, 13701->> 142.151.170.110, 53654 (from WAN Inbound)

Below is Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7816

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/09/2011 9:57:35 AM
mbam-log-2011-09-28 (09-57-35).txt

Scan type: Quick scan
Objects scanned: 199165
Time elapsed: 30 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:41 AM, on 28/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\guest1\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\guest1\LOCALS~1\Temp\{0B7699EB-83BC-48C7-B232-63AC15AB1C18}\Update.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\guest1\Desktop\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\guest1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\guest1\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 10889 bytes


Any ideas on how to fix my problem?  My main concern is the internet going out at random times of the day.  Thanks.


----------



## johnb35

You definately have something strange going on.  Start off by doing the following.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.





We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  



In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## nikorasu

Thank you for your quick reply.  I ran combo fix and here are my new logs.  Sorry that some of the terms are in Chinese:


ComboFix 11-09-28.01 - guest1 28/09/2011  10:41:58.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.950.886.1033.18.2038.1328 [GMT -4:00]
執行位置: c:\documents and settings\guest1\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini
c:\documents and settings\guest1\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\guest1\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\guest1\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini
I:\Autorun.inf
I:\setup.exe
.
.
(((((((((((((((((((((((((  2011-08-28 至 2011-09-28 的新的檔案  )))))))))))))))))))))))))))))))
.
.
2011-09-28 13:36 . 2011-09-28 13:36	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C11C1AEC-E2F2-470D-80E4-D60D1FE30E9A}\MpKslb9894475.sys
2011-09-28 13:35 . 2011-09-28 13:35	56200	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C11C1AEC-E2F2-470D-80E4-D60D1FE30E9A}\offreg.dll
2011-09-28 13:34 . 2011-09-12 23:14	7269712	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C11C1AEC-E2F2-470D-80E4-D60D1FE30E9A}\mpengine.dll
2011-09-28 13:26 . 2011-09-28 13:26	--------	d-----w-	c:\documents and settings\guest1\Application Data\Malwarebytes
2011-09-28 13:25 . 2011-09-28 13:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-28 13:25 . 2011-09-28 13:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-28 13:25 . 2011-08-31 21:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-28 13:23 . 2011-09-28 13:23	--------	d-----w-	c:\windows\LastGood
2011-09-28 13:22 . 2011-09-12 23:14	7269712	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-09-28 13:22 . 2011-09-28 13:23	--------	d-----w-	c:\program files\Microsoft Security Client
2011-09-07 16:16 . 2011-09-07 16:16	--------	d-----w-	c:\program files\WinDjView
2011-09-03 10:17 . 2011-09-09 09:12	599040	------w-	c:\windows\system32\dllcache\crypt32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2010-08-14 21:30	7269712	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-11 22:00	599040	----a-w-	c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-11 22:00	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-11 22:00	10496	----a-w-	c:\windows\system32\drivers\ndistapi.sys
.
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\guest1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\guest1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\guest1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\guest1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-07 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-08-15 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-15 202256]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\guest1\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\guest1\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e03d0c04]
   IME file	REG_SZ         	cpime.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\guest1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\guest1\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"24044:TCP"= 24044:TCP:BitComet 24044 TCP
"24044:UDP"= 24044:UDP:BitComet 24044 UDP
"58452:TCP"= 58452:TCPando Media Booster
"58452:UDP"= 58452:UDPando Media Booster
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15/11/2010 4:01 PM 64288]
R1 MpKslb9894475;MpKslb9894475;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C11C1AEC-E2F2-470D-80E4-D60D1FE30E9A}\MpKslb9894475.sys [28/09/2011 9:36 AM 28752]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [01/04/2011 1:11 AM 428640]
S1 MpKsl1284c897;MpKsl1284c897;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86635EBC-E2CC-4325-B082-CD3999CD1ABA}\MpKsl1284c897.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86635EBC-E2CC-4325-B082-CD3999CD1ABA}\MpKsl1284c897.sys [?]
S1 MpKsl3e8c9ef0;MpKsl3e8c9ef0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E6F259C-B6DB-478C-A513-6B55839BA60E}\MpKsl3e8c9ef0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E6F259C-B6DB-478C-A513-6B55839BA60E}\MpKsl3e8c9ef0.sys [?]
S1 MpKsl59e885f8;MpKsl59e885f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2F30004-4A22-4380-98FB-4C7FB4E527C9}\MpKsl59e885f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2F30004-4A22-4380-98FB-4C7FB4E527C9}\MpKsl59e885f8.sys [?]
S1 MpKsl5bfec32e;MpKsl5bfec32e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DBB911D-9E3D-400D-BC34-B60BF50B2F3B}\MpKsl5bfec32e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DBB911D-9E3D-400D-BC34-B60BF50B2F3B}\MpKsl5bfec32e.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/11/2010 3:47 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/09/2010 3:46 AM 1378040]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5:46 AM 284016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/11/2010 3:47 PM 136176]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [12/08/2010 11:25 AM 298752]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x86l.sys [22/09/2009 5:10 AM 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x86v.sys [27/08/2009 5:10 AM 20992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSLB9894475
*NewlyCreated* - MSMPSVC
*Deregistered* - Lavasoft Kernexplorer
*Deregistered* - MBAMSwissArmy
.
 ‘計劃任務’ 文件夾 裡的內容
.
2011-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 19:03]
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 19:47]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 19:47]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-709702847-2209215095-212636512-1005Core.job
- c:\documents and settings\guest1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-25 15:02]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-709702847-2209215095-212636512-1005UA.job
- c:\documents and settings\guest1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-25 15:02]
.
2010-08-12 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 00:12]
.
2011-09-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-09-28 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-09-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-709702847-2209215095-212636512-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-09-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-709702847-2209215095-212636512-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-09-28 c:\windows\Tasks\User_Feed_Synchronization-{7462AB46-076A-4DA9-9BF0-B5C828679E8F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\guest1\Application Data\Mozilla\Firefox\Profiles\zebksjg1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-28 10:48
Windows 5.1.2600 Service Pack 3 NTFS
.
掃描被隱藏的進程 ...  
.
掃描被隱藏的啟動組 ... 
.
掃描被隱藏的文件 ...  
.
掃描完成
被隱藏的檔案: 0
.
**************************************************************************
.
--------------------- 運行進程下的動態鏈接庫 ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
完成時間: 2011-09-28  10:51:26
ComboFix-quarantined-files.txt  2011-09-28 14:51
.
Pre-Run: 176,952,565,760 bytes free
Post-Run: 178,003,259,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2FE449C4D68A1791B328E4F36C1322E9

HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:01:14 AM, on 28/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\guest1\Desktop\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\guest1\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 10137 bytes


I can't tell whether the problem has gone away yet, I will need to track my System Logs for a few hours to make sure it works.  I will update when I am sure.  Thanks!


----------



## nikorasu

Update: 

I still seem to be getting a lot of UDP Flood and SYN Flood.  The internet connections seem better, but I have concerns that this behavior will cause my router to have a premature death.  

Here is a recent system log:

09/28/2011  11:15:22 **SYN Flood Stop**  (from WAN Inbound)
09/28/2011  11:15:22 **SYN Flood (per Min) Stop**  (from WAN Inbound)
09/28/2011  11:15:16 **UDP Flood Stop**  (from WAN Inbound)
09/28/2011  11:15:14 **UDP flood** 68.193.58.28, 33187->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:15:14 **UDP flood** 91.176.178.2, 47314->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  11:15:14 **UDP flood** 112.198.78.136, 40745->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:15:12 **UDP flood** 116.37.111.97, 50057->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:15:12 **UDP flood** 92.86.119.212, 11261->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:15:11 **UDP flood** 217.209.216.241, 38374->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:15:11 **UDP flood** 187.78.131.169, 26194->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:15:10 **UDP flood** 194.24.138.37, 44141->> 142.151.171.173, 32083 (from WAN Inbound)
09/28/2011  11:15:08 **UDP flood** 92.246.31.179, 4020->> 142.151.171.75, 51413 (from WAN Inbound)
09/28/2011  11:15:08 **UDP flood** 213.161.237.72, 17086->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:15:07 **UDP flood** 96.228.27.116, 37141->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:15:07 **UDP flood** 188.83.141.128, 50770->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:15:06 **UDP flood** 90.176.207.50, 10030->> 142.151.171.75, 51413 (from WAN Inbound)
09/28/2011  11:15:06 **UDP flood** 89.97.227.27, 19616->> 142.151.170.110, 42054 (from WAN Inbound)
09/28/2011  11:15:06 **UDP flood** 46.107.80.189, 43851->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:15:05 **UDP flood** 41.208.227.127, 3567->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:15:05 **UDP flood** 77.105.161.182, 63091->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:15:05 **UDP flood** 114.37.52.196, 15917->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:15:05 **UDP flood** 122.179.84.21, 24421->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:15:04 **UDP flood** 121.96.109.80, 8080->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:15:04 **UDP flood** 129.137.218.63, 37651->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:15:04 **UDP flood** 46.247.248.121, 35691->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:15:03 **UDP flood** 114.79.57.67, 13389->> 142.151.171.75, 51413 (from WAN Inbound)
09/28/2011  11:15:03 **UDP flood** 89.222.215.29, 5725->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:15:03 **UDP flood** 68.192.198.211, 44602->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:15:02 **UDP flood** 41.35.228.210, 10000->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:15:02 **UDP flood** 24.49.76.55, 48263->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:15:01 **UDP flood** 89.179.94.102, 28993->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:15:01 **UDP flood** 91.148.140.168, 12604->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:15:00 **UDP flood** 180.40.54.216, 14467->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:59 **UDP flood** 188.168.153.162, 13189->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:59 **UDP flood** 77.123.57.238, 49722->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:59 **UDP flood** 192.168.0.1, 1900->> 239.255.255.250, 1900 (from WAN Inbound)
09/28/2011  11:14:58 **UDP flood** 189.110.19.231, 56492->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:58 **UDP flood** 122.20.97.138, 41929->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:58 **UDP flood** 59.92.6.49, 27288->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:57 **UDP flood** 89.78.117.211, 16793->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:57 **UDP flood** 46.146.170.99, 34314->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  11:14:57 **UDP flood** 89.28.36.209, 62389->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:56 **UDP flood** 194.149.67.167, 38467->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:56 **UDP flood** 2.5.37.135, 1024->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:55 **UDP flood** 142.151.171.174, 63757->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:55 **UDP flood** 109.8.78.33, 24162->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:55 **UDP flood** 87.0.113.69, 44033->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:54 **UDP flood** 68.53.144.165, 42283->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:54 **UDP flood** 187.3.92.166, 11189->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:54 **UDP flood** 68.50.157.111, 31138->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:53 **UDP flood** 223.206.107.126, 12871->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:53 **UDP flood** 78.166.169.249, 55684->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:53 **UDP flood** 68.69.195.151, 45332->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:51 **SYN Flood (per Min)** 221.192.199.49, 12200->> 142.151.170.117, 9090 (from WAN Inbound)
09/28/2011  11:14:51 **SYN Flood** 221.192.199.49, 12200->> 142.151.170.117, 9090 (from WAN Inbound)
09/28/2011  11:14:51 **SYN Flood (per Min)** 221.192.199.49, 12200->> 142.151.171.252, 3246 (from WAN Inbound)
09/28/2011  11:14:51 **UDP flood** 189.24.85.111, 10164->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:51 **UDP flood** 114.108.194.53, 46007->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:50 **UDP flood** 24.246.86.213, 34063->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:50 **UDP flood** 2.92.120.5, 43977->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:49 **UDP flood** 142.151.170.133, 54581->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:48 **UDP flood** 160.79.185.227, 16550->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:48 **UDP flood** 207.134.174.242, 12936->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:48 **UDP flood** 218.204.16.198, 8895->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:48 **UDP flood** 46.48.181.236, 37092->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:46 **UDP flood** 142.151.170.133, 56096->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:46 **UDP flood** 218.204.16.198, 8961->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:46 **UDP flood** 142.151.170.155, 57035->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:46 **UDP flood** 89.76.81.232, 24298->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:45 **UDP flood** 79.25.210.71, 34910->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:44 **UDP flood** 146.6.120.77, 51053->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:44 **UDP flood** 110.205.170.121, 4288->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:44 **UDP flood** 110.253.6.82, 6881->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:44 **UDP flood** 142.151.170.133, 53393->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:43 **UDP flood** 75.27.174.116, 23107->> 142.151.171.75, 51413 (from WAN Inbound)
09/28/2011  11:14:42 **UDP flood** 59.149.92.24, 21407->> 142.151.170.177, 44510 (from WAN Inbound)
09/28/2011  11:14:41 **UDP flood** 142.151.170.133, 56392->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:40 **UDP flood** 125.25.12.212, 21748->> 142.151.170.131, 22240 (from WAN Inbound)
09/28/2011  11:14:40 **UDP flood** 83.228.19.155, 12333->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:39 **UDP flood** 137.48.219.27, 32411->> 142.151.170.117, 51182 (from WAN Inbound)
09/28/2011  11:14:39 **UDP flood** 24.61.0.168, 55091->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:39 **UDP flood** 46.119.25.4, 46238->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:39 **UDP flood** 128.218.201.175, 17875->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:39 **UDP flood** 212.118.140.28, 36635->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:39 **UDP flood** 78.100.160.28, 51801->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:38 **UDP flood** 188.80.64.103, 63346->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:37 **UDP flood** 83.20.252.203, 25434->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:36 **UDP flood** 62.220.33.20, 47546->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:36 **UDP flood** 109.198.243.176, 22661->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:35 **UDP flood** 142.151.171.8, 51192->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:35 **UDP flood** 115.161.108.223, 36479->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:35 **UDP flood** 46.119.71.112, 31336->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:34 **UDP flood** 119.193.163.200, 27295->> 142.151.170.131, 22240 (from WAN Inbound)
09/28/2011  11:14:34 **UDP flood** 94.24.222.116, 33316->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:34 **UDP flood** 78.187.110.203, 38438->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:34 **UDP flood** 221.221.175.142, 50527->> 142.151.170.131, 22240 (from WAN Inbound)
09/28/2011  11:14:33 **UDP flood** 188.129.148.200, 47989->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:32 **UDP flood** 95.56.149.217, 18498->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:31 **UDP flood** 71.104.68.47, 48538->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:30 **UDP flood** 85.202.69.226, 14465->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:29 **UDP flood** 99.237.63.228, 43429->> 142.151.170.200, 7269 (from WAN Inbound)
09/28/2011  11:14:29 **UDP flood** 212.3.128.250, 34513->> 142.151.171.75, 51413 (from WAN Inbound)
09/28/2011  11:14:29 **UDP flood** 142.151.170.97, 63646->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:29 **UDP flood** 142.151.170.187, 53964->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:29 **UDP flood** 142.151.171.8, 54458->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:29 **UDP flood** 124.67.104.6, 10580->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:28 **UDP flood** 94.159.229.4, 59855->> 142.151.171.34, 41326 (from WAN Inbound)
09/28/2011  11:14:28 **UDP flood** 109.239.166.116, 59833->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:27 **UDP flood** 69.165.233.240, 18016->> 142.151.171.219, 5913 (from WAN Inbound)
09/28/2011  11:14:27 **UDP flood** 2.89.84.84, 39219->> 142.151.171.166, 8525 (from WAN Inbound)
09/28/2011  11:14:27 **UDP flood** 95.56.141.120, 6881->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:26 **UDP flood** 31.163.9.138, 59455->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:26 **UDP flood** 142.151.171.119, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  11:14:26 **UDP flood** 66.143.208.98, 47417->> 142.151.170.131, 22240 (from WAN Inbound)
09/28/2011  11:14:26 **UDP flood** 24.168.117.56, 24187->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:26 **UDP flood** 99.225.94.60, 62474->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:25 **UDP flood** 175.105.91.86, 40421->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:25 **UDP flood** 142.151.171.175, 57081->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:24 **UDP flood** 117.211.83.3, 25768->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:24 **UDP flood** 174.54.117.210, 37747->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:24 **UDP flood** 71.217.18.192, 61566->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:23 **UDP flood** 118.124.240.25, 16001->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:23 **UDP flood** 94.98.176.88, 55787->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:22 **UDP flood** 142.151.171.119, 62984->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:22 **UDP flood** 142.151.171.84, 54330->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:22 **UDP flood** 142.151.170.97, 60681->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:22 **UDP flood** 142.151.171.8, 56370->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:22 **UDP flood** 94.96.41.226, 46654->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:21 **UDP flood** 142.151.171.74, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  11:14:21 **UDP flood** 121.54.22.249, 27330->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:20 **UDP flood** 142.151.171.8, 55667->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:20 **UDP flood** 142.151.171.215, 62804->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:20 **UDP flood** 60.240.195.18, 45682->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:20 **UDP flood** 142.151.170.225, 55464->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:19 **UDP flood** 78.72.17.252, 32736->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:19 **UDP flood** 223.205.220.80, 10697->> 142.151.170.131, 22240 (from WAN Inbound)
09/28/2011  11:14:19 **UDP flood** 89.191.147.119, 54319->> 142.151.170.220, 15183 (from WAN Inbound)
09/28/2011  11:14:18 **UDP flood** 218.204.16.198, 8919->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:17 **UDP flood** 212.36.40.194, 52041->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:17 **UDP flood** 94.112.199.41, 53832->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:17 **UDP flood** 76.64.37.72, 60493->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:17 **UDP flood** 174.112.11.248, 16938->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:17 **UDP flood** 217.113.48.60, 51913->> 142.151.171.75, 51413 (from WAN Inbound)
09/28/2011  11:14:16 **UDP flood** 173.33.198.210, 4792->> 142.151.171.34, 41326 (from WAN Inbound)
09/28/2011  11:14:16 **UDP flood** 69.24.177.161, 42062->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:16 **UDP flood** 94.45.43.50, 35691->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:15 **UDP flood** 142.151.171.203, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  11:14:15 **UDP flood** 99.224.107.79, 42087->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:14 **UDP flood** 119.247.114.67, 53732->> 142.151.170.110, 53654 (from WAN Inbound)
09/28/2011  11:14:14 **UDP flood** 190.196.66.59, 58401->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:14 **UDP flood** 169.229.118.35, 61561->> 142.151.170.31, 37048 (from WAN Inbound)
09/28/2011  11:14:14 **UDP flood** 78.26.128.149, 23549->> 142.151.171.52, 23962 (from WAN Inbound)
09/28/2011  11:14:14 **UDP flood** 142.151.171.215, 5353->> 224.0.0.251, 5353 (from WAN Inbound)
09/28/2011  11:14:13 **UDP flood** 188.222.142.3, 50339->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:13 **UDP flood** 111.255.116.195, 21000->> 142.151.170.131, 22240 (from WAN Inbound)
09/28/2011  11:14:13 **UDP flood** 142.151.170.153, 65225->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:13 **UDP flood** 41.249.5.175, 53680->> 142.151.171.109, 59947 (from WAN Inbound)
09/28/2011  11:14:12 **UDP flood** 142.151.171.8, 59408->> 224.0.0.252, 5355 (from WAN Inbound)
09/28/2011  11:14:12 **UDP flood** 188.253.166.169, 40461->> 142.151.170.246, 25766 (from WAN Inbound)
09/28/2011  11:14:12 **UDP flood** 95.60.199.71, 22614->> 142.151.171.52, 23962 (from WAN Inbound)


----------



## johnb35

You have bitcomet installed, have you been downloading illegal/pirated software?  If so you need to uninstall it as most programs like that contain malware that will cause issues like this.


----------



## nikorasu

I haven't used BitComet in ages.  I just uninstalled it.  In terms of this computer, I don't think I've downloaded/used anything illegally or pirated.


----------



## johnb35

I've checked a few of those IP addresses and they are from all over the world.. china, philippines, japan.  So something is definately going on.  Please do the following.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.






If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it.  Please open the log and copy and paste it back here.

2.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.

3.

I need you to post a log that combofix created.  Please navigate to c:\qoobox and in that folder will be a file named add-remove programs.txt.  Please open that file and copy and paste the contents back here along with the other 2 logs.


----------

