Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unusual traffic from your computer network

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unusual traffic from your computer network

Unread postby szotl » June 25th, 2012, 1:22 pm

Problem surfaced on Friday, June 22, 2012 and all 3 computers in my home network seem to be affected. The problem is that when I attempt to use the Google Keyword Tool I receive a "Our systems have detected unusual traffic from your computer network." message. HOWEVER no other browser searches are affected!

The information files below are from my desktop PC only.

I have run Spy-bot and malwarebytes on all 3 computers and removed all malware found. Malwarebytes found the desktop PC had 3 'objects' of "PUP.FCTPlugin, the PS laptop had a "PUP.BundleInstaller.OI" and "RootKit.Agent". the LS laptop was clean.

I would be extremely grateful if someone could assist me in resolving this issue. The situation is pressing for me because my wife & I leave for a training conference on Wednesday that requires us to use our laptops extensively during this training
The information in this post is from my desktop computer only.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Larry at 11:11:24 on 2012-06-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.912 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Allway Sync\Bin\SyncService.exe
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\Larry\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\Downloads\HijackThis.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... uy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... uy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... uy&pf=cndt
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\users\larry\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\larry\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\larry\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\larry\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{ED3CFE63-0AC6-40F5-BB70-21A92402A651} : DhcpNameServer = 24.116.2.50 24.116.2.34
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\larry\appdata\roaming\mozilla\firefox\profiles\rzijq6sd.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\larry\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npoff.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npoff.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npwbe.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npwbe.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BotkindSyncService;Botkind Service;c:\program files\allway sync\bin\syncservice.exe service --> c:\program files\allway sync\bin\SyncService.exe service [?]
R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2012-2-21 1188624]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2012-1-12 32672]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-2-25 5554552]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-18 2337144]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-2-25 451960]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-8-1 257024]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2011-7-2 34128]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-21 2348352]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-13 113120]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-25 15:14:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 15:11:57 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 15:09:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 15:09:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 06:43:12 -------- d-----w- c:\users\larry\appdata\roaming\Malwarebytes
2012-06-25 06:43:02 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 06:43:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-23 20:34:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-23 20:31:54 -------- d-----w- c:\programdata\PC Tools
2012-06-23 05:56:06 -------- d-----w- c:\program files\Niche(89)
2012-06-23 01:16:23 -------- d-----w- c:\programdata\Trend Micro
2012-06-21 05:31:39 -------- d-----w- c:\users\larry\appdata\local\CrashDumps
2012-06-20 17:48:03 -------- d-----w- c:\programdata\blekko toolbars
2012-06-20 14:38:09 -------- d-----w- c:\users\larry\appdata\roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2012-06-20 14:37:53 -------- d-----w- c:\program files\Domain Samurai
2012-06-20 02:29:33 -------- d-----w- c:\program files\Market Samurai
2012-06-19 18:47:21 -------- d-----w- c:\users\larry\appdata\local\FXhome
2012-06-19 18:47:20 -------- d-----w- c:\users\larry\appdata\local\LocalStorage
2012-06-19 18:46:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-06-19 18:46:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-06-19 18:46:13 -------- d-----w- c:\programdata\FXhome
2012-06-19 18:46:13 -------- d-----w- c:\program files\FXhome
2012-06-19 14:54:56 -------- d-----w- c:\users\larry\appdata\roaming\TechSmith
2012-06-16 01:22:27 -------- d-----w- c:\program files\iPod
2012-06-14 03:57:21 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 03:57:20 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 03:57:20 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 03:57:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 03:57:15 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 14:03:37 -------- d-----w- c:\users\larry\appdata\local\Macromedia
2012-06-08 04:37:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-08 04:37:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-08 04:37:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-08 04:37:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-08 04:37:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-08 04:37:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-08 04:37:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-06-08 00:02:51 -------- d-----w- c:\program files\Dropbox
2012-06-07 02:02:37 -------- d-----w- c:\users\larry\appdata\local\??
2012-06-07 01:35:17 -------- d-----w- c:\program files\ContentBuzz.net
2012-06-05 04:29:43 -------- d-----w- c:\programdata\Tarma Installer
2012-05-31 03:51:17 -------- d-----w- c:\programdata\dvdfab
2012-05-28 16:29:42 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M ====================
.
2012-06-25 15:32:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 15:32:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 00:31:33 60304 ----a-w- c:\users\larry\g2mdlhlpx.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 00:53:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 10:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-19 02:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 02:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-16 17:47:44 222208 ----a-w- c:\windows\system32\tsc2_codec32.dll
2012-04-09 23:13:52 1666560 ----a-w- c:\windows\AutoKMS.exe
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-27 21:25:19 86016 ------w- c:\windows\system32\OpenAL32.dll
2012-03-27 21:25:19 262144 ------w- c:\windows\system32\wrap_oal.dll
.
============= FINISH: 11:12:03.18 ===============
szotl
Active Member
 
Posts: 2
Joined: June 25th, 2012, 12:51 pm
Advertisement
Register to Remove

Re: Unusual traffic from your computer network

Unread postby deltalima » June 25th, 2012, 3:57 pm

The situation is pressing for me because my wife & I leave for a training conference on Wednesday that requires us to use our laptops extensively during this training


The malware removal process cannot be rushed.
This site is staffed by volunteers who freely provide their time as and when they can, the average time taken to fully clean a computer is around 1 to 2 weeks,

As you have pressing needs for your computer you will need to seek professional help to resolve the issue in such a short time period.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware